From: "Onur Özkan" <work@onurozkan.dev>
To: Georgios Androutsopoulos <georgeandrout13@gmail.com>
Cc: "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Carlos Llamas" <cmllamas@google.com>,
"Alice Ryhl" <aliceryhl@google.com>,
"Arve Hjønnevåg" <arve@android.com>,
"Todd Kjos" <tkjos@android.com>,
"Christian Brauner" <brauner@kernel.org>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Boqun Feng" <boqun@kernel.org>, "Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <lossin@kernel.org>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Trevor Gross" <tmgross@umich.edu>,
"Danilo Krummrich" <dakr@kernel.org>,
"Paul Moore" <paul@paul-moore.com>,
linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org
Subject: Re: [PATCH] rust_binder: add ownership assertion to Node::add_death
Date: Wed, 10 Jun 2026 08:45:01 +0300 [thread overview]
Message-ID: <20260610054503.27046-1-work@onurozkan.dev> (raw)
In-Reply-To: <20260610035544.3333022-1-georgeandrout13@gmail.com>
On Tue, 09 Jun 2026 23:55:44 -0400
Georgios Androutsopoulos <georgeandrout13@gmail.com> wrote:
> The `// SAFETY:` comment in NodeDeath::set_cleared assumes that a
> NodeDeath is never inserted into the death list of any Node other than
> its owner. However, this invariant is not enforced by the safe function
> Node::add_death, which inserts NodeDeath into the death list without
> checking that death.node == self, leaving a risk for future code that
> may miss this implicit invariant and cause undefined behavior.
>
> Add an assertion to make this precondition explicit and catch potential
> violations early.
>
> Link: https://github.com/Rust-for-Linux/linux/issues/1237
>
> Signed-off-by: Georgios Androutsopoulos <georgeandrout13@gmail.com>
> ---
> drivers/android/binder/node.rs | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/drivers/android/binder/node.rs b/drivers/android/binder/node.rs
> index 69f757ff7461..20eaaefbd4cc 100644
> --- a/drivers/android/binder/node.rs
> +++ b/drivers/android/binder/node.rs
> @@ -333,6 +333,10 @@ pub(crate) fn add_death(
> death: ListArc<DTRWrap<NodeDeath>, 1>,
> guard: &mut Guard<'_, ProcessInner, SpinLockBackend>,
> ) {
> + assert!(
> + core::ptr::eq(self, &**death.node),
> + "attempt to add NodeDeath to the wrong death list"
> + );
I think having a `debug_assert!` should be fine. That's also your suggestion in
the GH issue link above.
Thanks,
Onur
> self.inner.access_mut(guard).death_list.push_back(death);
> }
>
>
> base-commit: 287afdc7671a03081f48f3407bc59862c202bd4b
> --
> 2.47.3
>
next prev parent reply other threads:[~2026-06-10 5:45 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-10 3:55 [PATCH] rust_binder: add ownership assertion to Node::add_death Georgios Androutsopoulos
2026-06-10 5:45 ` Onur Özkan [this message]
2026-06-10 6:07 ` Miguel Ojeda
2026-06-10 13:39 ` Gary Guo
2026-06-11 8:15 ` Miguel Ojeda
2026-06-11 10:31 ` Gary Guo
2026-06-11 13:22 ` Miguel Ojeda
2026-06-10 13:32 ` [PATCH v2] " Georgios Androutsopoulos
2026-06-10 14:21 ` Miguel Ojeda
2026-06-11 7:42 ` Alice Ryhl
2026-06-11 22:26 ` George Androutsopoulos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260610054503.27046-1-work@onurozkan.dev \
--to=work@onurozkan.dev \
--cc=a.hindborg@kernel.org \
--cc=aliceryhl@google.com \
--cc=arve@android.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun@kernel.org \
--cc=brauner@kernel.org \
--cc=cmllamas@google.com \
--cc=dakr@kernel.org \
--cc=gary@garyguo.net \
--cc=georgeandrout13@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lossin@kernel.org \
--cc=ojeda@kernel.org \
--cc=paul@paul-moore.com \
--cc=rust-for-linux@vger.kernel.org \
--cc=tkjos@android.com \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.