lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <dc644e0a-516b-40cb-8c33-cf98ef0111c9@proton.me>
Date: Sun, 18 Aug 2024 10:42:32 +0000
From: Benno Lossin <benno.lossin@...ton.me>
To: FUJITA Tomonori <fujita.tomonori@...il.com>
Cc: netdev@...r.kernel.org, rust-for-linux@...r.kernel.org, andrew@...n.ch, tmgross@...ch.edu, miguel.ojeda.sandonis@...il.com, aliceryhl@...gle.com
Subject: Re: [PATCH net-next v4 3/6] rust: net::phy implement AsRef<kernel::device::Device> trait

On 18.08.24 11:15, FUJITA Tomonori wrote:
> On Sun, 18 Aug 2024 09:03:01 +0000
> Benno Lossin <benno.lossin@...ton.me> wrote:
> 
>>>  /// PHY state machine states.
>>>  ///
>>> @@ -60,6 +59,7 @@ pub enum DuplexMode {
>>>  ///
>>>  /// Referencing a `phy_device` using this struct asserts that you are in
>>>  /// a context where all methods defined on this struct are safe to call.
>>> +/// This struct always has a valid `mdio.dev`.
>>
>> Please turn this into a bullet point list.
> 
> /// - Referencing a `phy_device` using this struct asserts that you are in
> ///   a context where all methods defined on this struct are safe to call.
> /// - This struct always has a valid `mdio.dev`.

Hmm, I think `self.0.mdio.dev` would be clearer.

> 
> Looks fine?
> 
>>>  ///
>>>  /// [`struct phy_device`]: srctree/include/linux/phy.h
>>>  // During the calls to most functions in [`Driver`], the C side (`PHYLIB`) holds a lock that is
>>> @@ -76,9 +76,9 @@ impl Device {
>>>      ///
>>>      /// # Safety
>>>      ///
>>> -    /// For the duration of 'a, the pointer must point at a valid `phy_device`,
>>> -    /// and the caller must be in a context where all methods defined on this struct
>>> -    /// are safe to call.
>>> +    /// For the duration of 'a, the pointer must point at a valid `phy_device` with
>>> +    /// a valid `mdio.dev`, and the caller must be in a context where all methods
>>> +    /// defined on this struct are safe to call.
>>
>> Also here.
> 
> /// # Safety
> ///
> /// For the duration of 'a,
> /// - the pointer must point at a valid `phy_device`, and the caller
> ///   must be in a context where all methods defined on this struct
> ///   are safe to call.
> /// - 'mdio.dev' must be a valid.

Also here: `(*ptr).mdio.dev`.

---
Cheers,
Benno

> 
> Better?
> 
>>> +impl AsRef<kernel::device::Device> for Device {
>>> +    fn as_ref(&self) -> &kernel::device::Device {
>>> +        let phydev = self.0.get();
>>> +        // SAFETY: The struct invariant ensures that `mdio.dev` is valid.
>>> +        unsafe { kernel::device::Device::as_ref(addr_of_mut!((*phydev).mdio.dev)) }
>>> +    }
>>
>> Just to be sure: the `phydev.mdio.dev` struct is refcounted and
>> incrementing the refcount is fine, right?
> 
> phydev.mdio.dev is valid after phydev is initialized.
> 
> struct phy_device {
> 	struct mdio_device mdio;
> 	...
> 
> struct mdio_device {
> 	struct device dev;
> 	...
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ