| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2023101756-procedure-uninvited-f6c9@gregkh>
Date: Tue, 17 Oct 2023 16:21:47 +0200
From: Greg KH <gregkh@...uxfoundation.org>
To: Benno Lossin <benno.lossin@...ton.me>
Cc: Andrew Lunn <andrew@...n.ch>,
FUJITA Tomonori <fujita.tomonori@...il.com>, netdev@...r.kernel.org,
rust-for-linux@...r.kernel.org, miguel.ojeda.sandonis@...il.com,
tmgross@...ch.edu, boqun.feng@...il.com, wedsonaf@...il.com
Subject: Re: [PATCH net-next v4 1/4] rust: core abstractions for network PHY
drivers
On Tue, Oct 17, 2023 at 02:04:33PM +0000, Benno Lossin wrote:
> On 17.10.23 14:38, Andrew Lunn wrote:
> >>> Because set_speed() updates the member in phy_device and read()
> >>> updates the object that phy_device points to?
> >>
> >> `set_speed` is entirely implemented on the Rust side and is not protected
> >> by a lock.
> >
> > With the current driver, all entry points into the driver are called
> > from the phylib core, and the core guarantees that the lock is
> > taken. So it should not matter if its entirely implemented in the Rust
> > side, somewhere up the call stack, the lock was taken.
>
> Sure that might be the case, I am trying to guard against this future
> problem:
>
> fn soft_reset(driver: &mut Driver) -> Result {
> let driver = driver
> thread::scope(|s| {
> let thread_a = s.spawn(|| {
> for _ in 0..100_000_000 {
> driver.set_speed(10);
> }
> });
> let thread_b = s.spawn(|| {
> for _ in 0..100_000_000 {
> driver.set_speed(10);
> }
> });
> thread_a.join();
> thread_b.join();
> });
> Ok(())
> }
>
> This code spawns two new threads both of which can call `set_speed`,
> since it takes `&self`. But this leads to a data race, since those
> accesses are not serialized. I know that this is a very contrived
> example, but you never when this will become reality, so we should
> do the right thing now and just use `&mut self`, since that is exactly
> what it is for.
Kernel code is written for the use cases today, don't worry about
tomorrow, you can fix the issue tomorrow if you change something that
requires it.
And what "race" are you getting here? You don't have threads in the
kernel :)
Also, if two things are setting the speed, wonderful, you get some sort
of value eventually, you have much bigger problems in your code as you
shouldn't have been doing that in the first place.
> Not that we do not even have a way to create threads on the Rust side
> at the moment.
Which is a good thing :)
> But we should already be thinking about any possible code pattern.
Again, no, deal with what we have today, kernel code is NOT
future-proof, that's not how we write this stuff.
If you really worry about a "split write" then us a lock, that's what
they are there for. But that's not the issue here, so don't worry about
it.
thanks,
greg k-h
Powered by blists - more mailing lists