lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aW81DrI7LT1fnLLS@google.com>
Date: Tue, 20 Jan 2026 07:55:58 +0000
From: Alice Ryhl <aliceryhl@...gle.com>
To: Jason Hall <jason.kei.hall@...il.com>
Cc: rust-for-linux@...r.kernel.org, linux-kernel@...r.kernel.org, 
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>, 
	"Arve Hjønnevåg" <arve@...roid.com>, Todd Kjos <tkjos@...gle.com>, Carlos Llamas <cmllamas@...gle.com>
Subject: Re: [PATCH v3] rust_binder: refactor context management to use KVVec

On Mon, Jan 19, 2026 at 06:31:01AM -0700, Jason Hall wrote:
> Replace the linked list management in context.rs with KVVec.
> This simplifies the ownership model by using standard
> Arc-based tracking and moves away from manual unsafe list removals.
> 
> The refactor improves memory safety by leveraging Rust's contiguous
> collection types while maintaining proper error propagation for
> allocation failures during process registration.
> 
> Suggested-by: Alice Ryhl <aliceryhl@...gle.com>
> Link: https://github.com/rust-for-linux/linux/issues/1215
> Signed-off-by: Jason Hall <jason.kei.hall@...il.com>

Thanks!

Please send the next version as a separate thread rather than a reply.

>      pub(crate) fn deregister(&self) {
> -        // SAFETY: We never add the context to any other linked list than this one, so it is either
> -        // in this list, or not in any list.
> -        unsafe { CONTEXTS.lock().list.remove(self) };
> +        // Safe removal using retain
> +        CONTEXTS.lock().contexts.retain(|c| {
> +            let p1 = Arc::as_ptr(c);
> +            let p2 = self as *const Context;
> +            p1 != p2
> +        });

Please use Arc::ptr_eq here too.

> -    pub(crate) fn deregister_process(self: &Arc<Self>, proc: &Process) {
> +    pub(crate) fn deregister_process(self: &Arc<Self>, proc: &Arc<Process>) {
>          if !Arc::ptr_eq(self, &proc.ctx) {
>              pr_err!("Context::deregister_process called on the wrong context.");
>              return;
>          }
> -        // SAFETY: We just checked that this is the right list.
> -        unsafe { self.manager.lock().all_procs.remove(proc) };
> +        let mut manager = self.manager.lock();
> +        manager.all_procs.retain(|p| !Arc::ptr_eq(p, proc));
> +        let len = manager.all_procs.len();
> +        let cap = manager.all_procs.capacity();
> +        if len < cap / 2 && cap > 128 {
> +            let _ = manager.all_procs.reserve(0, GFP_KERNEL);

Calling reserve(0) has no effect. It will not shrink the vector.

Perhaps we should add a method to `Vec` for moving elements from one
vector to another?

Alice

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ