All of lore.kernel.org
 help / color / mirror / Atom feed
From: Andreas Hindborg <a.hindborg@kernel.org>
To: "Alice Ryhl" <aliceryhl@google.com>
Cc: "Danilo Krummrich" <dakr@kernel.org>,
	"Miguel Ojeda" <ojeda@kernel.org>,
	"Alex Gaynor" <alex.gaynor@gmail.com>,
	"Boqun Feng" <boqun.feng@gmail.com>,
	"Gary Guo" <gary@garyguo.net>,
	"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
	"Benno Lossin" <lossin@kernel.org>,
	"Trevor Gross" <tmgross@umich.edu>,
	"Bjorn Helgaas" <bhelgaas@google.com>,
	"Krzysztof Wilczyński" <kwilczynski@kernel.org>,
	"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
	"Rafael J. Wysocki" <rafael@kernel.org>,
	"Tamir Duberstein" <tamird@gmail.com>,
	"Viresh Kumar" <viresh.kumar@linaro.org>,
	rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-pci@vger.kernel.org, "Maíra Canal" <mcanal@igalia.com>
Subject: Re: [PATCH] rust: types: add FOREIGN_ALIGN to ForeignOwnable
Date: Wed, 11 Jun 2025 14:15:46 +0200	[thread overview]
Message-ID: <8734c6zd71.fsf@kernel.org> (raw)
In-Reply-To: <CAH5fLgjRd5S4owRrZS7ONeb=-Tzq+xQDtWtqii1tCgEoqzr+bw@mail.gmail.com> (Alice Ryhl's message of "Wed, 11 Jun 2025 13:08:11 +0200")

"Alice Ryhl" <aliceryhl@google.com> writes:

> On Wed, Jun 11, 2025 at 12:46 PM Andreas Hindborg <a.hindborg@kernel.org> wrote:
>>
>> "Alice Ryhl" <aliceryhl@google.com> writes:
>>
>> > On Thu, Jun 5, 2025 at 10:00 PM Andreas Hindborg <a.hindborg@kernel.org> wrote:
>> >>
>> >> The current implementation of `ForeignOwnable` is leaking the type of the
>> >> opaque pointer to consumers of the API. This allows consumers of the opaque
>> >> pointer to rely on the information that can be extracted from the pointer
>> >> type.
>> >>
>> >> To prevent this, change the API to the version suggested by Maira
>> >> Canal (link below): Remove `ForeignOwnable::PointedTo` in favor of a
>> >> constant, which specifies the alignment of the pointers returned by
>> >> `into_foreign`.
>> >>
>> >> Suggested-by: Alice Ryhl <aliceryhl@google.com>
>> >> Suggested-by: Maíra Canal <mcanal@igalia.com>
>> >> Link: https://lore.kernel.org/r/20240309235927.168915-3-mcanal@igaliacom
>> >> Signed-off-by: Andreas Hindborg <a.hindborg@kernel.org>
>> >
>> > One nit below. With that and things other folks mentioned fixed, you may add:
>> >
>> > Reviewed-by: Alice Ryhl <aliceryhl@google.com>
>> >
>> >> diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
>> >> index 22985b6f6982..025c619a2195 100644
>> >> --- a/rust/kernel/types.rs
>> >> +++ b/rust/kernel/types.rs
>> >> @@ -21,15 +21,11 @@
>> >>  ///
>> >>  /// # Safety
>> >>  ///
>> >> -/// Implementers must ensure that [`into_foreign`] returns a pointer which meets the alignment
>> >> -/// requirements of [`PointedTo`].
>> >> -///
>> >> -/// [`into_foreign`]: Self::into_foreign
>> >> -/// [`PointedTo`]: Self::PointedTo
>> >> +/// Implementers must ensure that [`Self::into_foreign`] return pointers with alignment that is an
>> >> +/// integer multiple of [`Self::FOREIGN_ALIGN`].
>> >
>> > We should require non-null:
>>
>> What is your rationale for this?
>
> The rationale is that the implementation of XArray assumes that the
> pointers are non-null. If we allow null pointers, we will need to fix
> the XArray.

OK, thanks. Also, `try_from_foreign` as Benno highlighted.


Best regards,
Andreas Hindborg




      reply	other threads:[~2025-06-11 12:15 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-06-05 19:55 [PATCH] rust: types: add FOREIGN_ALIGN to ForeignOwnable Andreas Hindborg
2025-06-05 20:33 ` Danilo Krummrich
2025-06-06  8:23 ` Benno Lossin
2025-06-10  9:27   ` Andreas Hindborg
2025-06-10  9:58     ` Benno Lossin
2025-06-10 10:25       ` Andreas Hindborg
2025-06-10 15:19 ` Alice Ryhl
2025-06-11 10:45   ` Andreas Hindborg
2025-06-11 11:08     ` Alice Ryhl
2025-06-11 12:15       ` Andreas Hindborg [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=8734c6zd71.fsf@kernel.org \
    --to=a.hindborg@kernel.org \
    --cc=alex.gaynor@gmail.com \
    --cc=aliceryhl@google.com \
    --cc=bhelgaas@google.com \
    --cc=bjorn3_gh@protonmail.com \
    --cc=boqun.feng@gmail.com \
    --cc=dakr@kernel.org \
    --cc=gary@garyguo.net \
    --cc=gregkh@linuxfoundation.org \
    --cc=kwilczynski@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-pci@vger.kernel.org \
    --cc=lossin@kernel.org \
    --cc=mcanal@igalia.com \
    --cc=ojeda@kernel.org \
    --cc=rafael@kernel.org \
    --cc=rust-for-linux@vger.kernel.org \
    --cc=tamird@gmail.com \
    --cc=tmgross@umich.edu \
    --cc=viresh.kumar@linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.