lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20240818.091533.348920797210419357.fujita.tomonori@gmail.com>
Date: Sun, 18 Aug 2024 09:15:33 +0000 (UTC)
From: FUJITA Tomonori <fujita.tomonori@...il.com>
To: benno.lossin@...ton.me
Cc: fujita.tomonori@...il.com, netdev@...r.kernel.org,
 rust-for-linux@...r.kernel.org, andrew@...n.ch, tmgross@...ch.edu,
 miguel.ojeda.sandonis@...il.com, aliceryhl@...gle.com
Subject: Re: [PATCH net-next v4 3/6] rust: net::phy implement
 AsRef<kernel::device::Device> trait

On Sun, 18 Aug 2024 09:03:01 +0000
Benno Lossin <benno.lossin@...ton.me> wrote:

>>  /// PHY state machine states.
>>  ///
>> @@ -60,6 +59,7 @@ pub enum DuplexMode {
>>  ///
>>  /// Referencing a `phy_device` using this struct asserts that you are in
>>  /// a context where all methods defined on this struct are safe to call.
>> +/// This struct always has a valid `mdio.dev`.
> 
> Please turn this into a bullet point list.

/// - Referencing a `phy_device` using this struct asserts that you are in
///   a context where all methods defined on this struct are safe to call.
/// - This struct always has a valid `mdio.dev`.

Looks fine?

>>  ///
>>  /// [`struct phy_device`]: srctree/include/linux/phy.h
>>  // During the calls to most functions in [`Driver`], the C side (`PHYLIB`) holds a lock that is
>> @@ -76,9 +76,9 @@ impl Device {
>>      ///
>>      /// # Safety
>>      ///
>> -    /// For the duration of 'a, the pointer must point at a valid `phy_device`,
>> -    /// and the caller must be in a context where all methods defined on this struct
>> -    /// are safe to call.
>> +    /// For the duration of 'a, the pointer must point at a valid `phy_device` with
>> +    /// a valid `mdio.dev`, and the caller must be in a context where all methods
>> +    /// defined on this struct are safe to call.
> 
> Also here.

/// # Safety
///
/// For the duration of 'a,
/// - the pointer must point at a valid `phy_device`, and the caller
///   must be in a context where all methods defined on this struct
///   are safe to call.
/// - 'mdio.dev' must be a valid.

Better?

>> +impl AsRef<kernel::device::Device> for Device {
>> +    fn as_ref(&self) -> &kernel::device::Device {
>> +        let phydev = self.0.get();
>> +        // SAFETY: The struct invariant ensures that `mdio.dev` is valid.
>> +        unsafe { kernel::device::Device::as_ref(addr_of_mut!((*phydev).mdio.dev)) }
>> +    }
> 
> Just to be sure: the `phydev.mdio.dev` struct is refcounted and
> incrementing the refcount is fine, right?

phydev.mdio.dev is valid after phydev is initialized.

struct phy_device {
	struct mdio_device mdio;
	...

struct mdio_device {
	struct device dev;
	...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ