From: Al Viro <viro@zeniv.linux.org.uk>
To: Alice Ryhl <aliceryhl@google.com>
Cc: brauner@kernel.org, a.hindborg@samsung.com,
alex.gaynor@gmail.com, arve@android.com, benno.lossin@proton.me,
bjorn3_gh@protonmail.com, boqun.feng@gmail.com,
cmllamas@google.com, dan.j.williams@intel.com, dxu@dxuuu.xyz,
gary@garyguo.net, gregkh@linuxfoundation.org,
joel@joelfernandes.org, keescook@chromium.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
maco@android.com, ojeda@kernel.org, peterz@infradead.org,
rust-for-linux@vger.kernel.org, surenb@google.com,
tglx@linutronix.de, tkjos@android.com, tmgross@umich.edu,
wedsonaf@gmail.com, willy@infradead.org, yakoyoku@gmail.com
Subject: Re: [PATCH v6 3/8] rust: file: add Rust abstraction for `struct file`
Date: Fri, 24 May 2024 23:56:40 +0100 [thread overview]
Message-ID: <20240524225640.GU2118490@ZenIV> (raw)
In-Reply-To: <20240524191714.2950286-1-aliceryhl@google.com>
On Fri, May 24, 2024 at 07:17:13PM +0000, Alice Ryhl wrote:
> > And then those both implement a get_file() method so the caller can take
> > an explicit long-term reference to the file.
>
> Even if you call `get_file` to get a long-term reference from something
> you have an fdget_pos reference to, that doesn't necessarily mean that
> you can share that long-term reference with other threads. You would
> need to release the fdget_pos reference first. For that reason, the
> long-term reference returned by `get_file` would still need to have the
> `File<MaybeFdgetPos>` type.
Why would you want such a bizarre requirement?
> Note that since it forgets which fd and fd table it came from, calls to
> `fdget` are actually not a problem for sending our long-term references
> across threads. The `fdget` requirements only care about things that
> touch the entry in the file descriptor table, such as closing the fd.
> The `ARef<File>` type does not provide any methods that could lead to
> that happening, so sharing it across threads is okay *even if* there is
> an light reference. That's why I have an `MaybeFdgetPos` but no
> `MaybeFdget`.
Huh?
What is "the entry in the file descriptor table"? Which one and in which one?
> let file = File::fget(my_fd)?;
> // SAFETY: We know that there are no active `fdget_pos` calls on
> // the current thread, since this is an ioctl and we have not
> // called `fdget_pos` inside the Binder driver.
> let thread_safe_file = unsafe { file.assume_no_fdget_pos() };
>
> (search for File::from_fd in the RFC to find where this would go)
>
> The `assume_no_fdget_pos` call has no effect at runtime - it is purely a
> compile-time thing to force the user to use unsafe to "promise" that
> there aren't any `fdget_pos` calls on the same fd.
Why does fdget_pos() even matter? The above makes no sense...
Again, cloning a reference and sending it to another thread is perfectly
fine. And what's so special about fdget_pos()/fdput_pos() compared to
fdget()/fdput()?
_What_ memory safety issues are you talking about?
next prev parent reply other threads:[~2024-05-24 22:57 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-17 9:30 [PATCH v6 0/8] File abstractions needed by Rust Binder Alice Ryhl
2024-05-17 9:30 ` [PATCH v6 1/8] rust: types: add `NotThreadSafe` Alice Ryhl
2024-05-17 9:30 ` [PATCH v6 2/8] rust: task: add `Task::current_raw` Alice Ryhl
2024-05-17 9:30 ` [PATCH v6 3/8] rust: file: add Rust abstraction for `struct file` Alice Ryhl
2024-05-24 16:12 ` Christian Brauner
2024-05-24 19:17 ` Alice Ryhl
2024-05-24 21:32 ` Al Viro
2024-05-27 16:03 ` Alice Ryhl
2024-05-28 19:36 ` Al Viro
2024-05-28 20:29 ` Alice Ryhl
2024-05-28 20:59 ` Al Viro
2024-05-24 22:56 ` Al Viro [this message]
2024-05-25 0:33 ` Al Viro
2024-05-25 15:40 ` Al Viro
2024-05-25 11:53 ` Christian Brauner
2024-05-27 16:05 ` Alice Ryhl
2024-05-29 8:17 ` Christian Brauner
2024-05-29 12:58 ` Alice Ryhl
2024-05-17 9:30 ` [PATCH v6 4/8] rust: cred: add Rust abstraction for `struct cred` Alice Ryhl
2024-05-17 9:30 ` [PATCH v6 5/8] rust: security: add abstraction for secctx Alice Ryhl
2024-05-17 9:30 ` [PATCH v6 6/8] rust: file: add `FileDescriptorReservation` Alice Ryhl
2024-05-17 9:30 ` [PATCH v6 7/8] rust: file: add `Kuid` wrapper Alice Ryhl
2024-05-17 9:30 ` [PATCH v6 8/8] rust: file: add abstraction for `poll_table` Alice Ryhl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240524225640.GU2118490@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=a.hindborg@samsung.com \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=arve@android.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=brauner@kernel.org \
--cc=cmllamas@google.com \
--cc=dan.j.williams@intel.com \
--cc=dxu@dxuuu.xyz \
--cc=gary@garyguo.net \
--cc=gregkh@linuxfoundation.org \
--cc=joel@joelfernandes.org \
--cc=keescook@chromium.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maco@android.com \
--cc=ojeda@kernel.org \
--cc=peterz@infradead.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=surenb@google.com \
--cc=tglx@linutronix.de \
--cc=tkjos@android.com \
--cc=tmgross@umich.edu \
--cc=wedsonaf@gmail.com \
--cc=willy@infradead.org \
--cc=yakoyoku@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.