From: Andreas Hindborg <a.hindborg@kernel.org>
To: Tamir Duberstein <tamird@kernel.org>
Cc: ojeda@kernel.org, sashiko-reviews@lists.linux.dev,
rust-for-linux@vger.kernel.org
Subject: Re: [PATCH v4 01/11] rust: xarray: minor formatting fixes
Date: Tue, 09 Jun 2026 12:57:35 +0200 [thread overview]
Message-ID: <87fr2wgew0.fsf@kernel.org> (raw)
In-Reply-To: <20260604201631.450B51F00893@smtp.kernel.org>
<sashiko-bot@kernel.org> writes:
> Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
>
> Pre-existing issues:
> - [High] `Guard::store` temporarily drops the exclusive lock, violating `Guard` mutual exclusion semantics.
> --
>
> commit dd1e562319819f32e9d1d6de7db886673c5422d7
> Author: Andreas Hindborg <a.hindborg@kernel.org>
>
> rust: xarray: minor formatting fixes
>
> Fix formatting in xarray module to comply with kernel coding guidelines.
>
>> diff --git a/rust/kernel/xarray.rs b/rust/kernel/xarray.rs
>> index 46e5f43223fe8..b80fb7a262d0c 100644
>> --- a/rust/kernel/xarray.rs
>> +++ b/rust/kernel/xarray.rs
>
> [ ... ]
>
>> @@ -44,7 +63,10 @@
>> /// *guard.get_mut(0).unwrap() = 0xffff;
>> /// assert_eq!(guard.get(0).copied(), Some(0xffff));
>> ///
>> -/// assert_eq!(guard.store(0, beef, GFP_KERNEL)?.as_deref().copied(), Some(0xffff));
>> +/// assert_eq!(
>> +/// guard.store(0, beef, GFP_KERNEL)?.as_deref().copied(),
>> +/// Some(0xffff)
>> +/// );
>
> [Severity: High]
> This isn't a bug introduced by this patch, but since Guard::store calls
> __xa_store which explicitly drops the xa_lock to allocate memory if called
> with blocking flags (like GFP_KERNEL here), doesn't this violate the expected
> mutual exclusion guarantee of the Guard?
>
> In Rust, a lock guard is fundamentally expected to provide strict, continuous
> mutual exclusion for its entire lifetime. Temporarily releasing the lock while
> a Guard is held breaks this invariant. Any caller relying on the Guard to
> ensure atomicity (such as check-and-update patterns) will be exposed to silent
> Time-Of-Check to Time-Of-Use (TOCTOU) race conditions, as other threads can
> mutate the array while the lock is dropped.
Should we rename `Guard` to something else to clarify this, or do you
think it is enough with added documentation on `Guard`?
Best regards,
Andreas Hindborg
next prev parent reply other threads:[~2026-06-09 12:25 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-04 19:58 [PATCH v4 00/11] rust: xarray: add entry API with preloading Andreas Hindborg
2026-06-04 19:58 ` [PATCH v4 01/11] rust: xarray: minor formatting fixes Andreas Hindborg
[not found] ` <Yb-tTMBfsrAuBw9NXgUPl-MY1hGnE7OrQD5JOEwzYuL2Af2BZYrfDg5FzWfVfmulrnBeioLiEacxVMKrswog9g==@protonmail.internalid>
[not found] ` <20260604201631.450B51F00893@smtp.kernel.org>
2026-06-09 10:57 ` Andreas Hindborg [this message]
2026-06-09 12:36 ` Gary Guo
2026-06-04 19:58 ` [PATCH v4 02/11] rust: xarray: add debug format for `StoreError` Andreas Hindborg
2026-06-05 15:15 ` Tamir Duberstein
2026-06-09 8:06 ` Andreas Hindborg
2026-06-04 19:58 ` [PATCH v4 03/11] rust: xarray: add `XArrayState` Andreas Hindborg
2026-06-05 15:15 ` Tamir Duberstein
2026-06-09 8:38 ` Andreas Hindborg
2026-06-04 19:58 ` [PATCH v4 04/11] rust: xarray: use `xas_load` instead of `xa_load` in `Guard::load` Andreas Hindborg
2026-06-04 19:58 ` [PATCH v4 05/11] rust: xarray: simplify `Guard::load` Andreas Hindborg
2026-06-05 15:15 ` Tamir Duberstein
2026-06-09 8:39 ` Andreas Hindborg
2026-06-04 19:58 ` [PATCH v4 06/11] rust: xarray: add `find_next` and `find_next_mut` Andreas Hindborg
2026-06-05 15:15 ` Tamir Duberstein
2026-06-04 19:58 ` [PATCH v4 07/11] rust: xarray: add entry API Andreas Hindborg
2026-06-05 15:15 ` Tamir Duberstein
2026-06-04 19:58 ` [PATCH v4 08/11] rust: mm: add abstractions for allocating from a `sheaf` Andreas Hindborg
2026-06-04 19:58 ` [PATCH v4 09/11] rust: mm: sheaf: allow use of C initialized static caches Andreas Hindborg
2026-06-04 19:58 ` [PATCH v4 10/11] xarray, radix-tree: enable sheaf support for kmem_cache Andreas Hindborg
2026-06-04 19:58 ` [PATCH v4 11/11] rust: xarray: add preload API Andreas Hindborg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fr2wgew0.fsf@kernel.org \
--to=a.hindborg@kernel.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
--cc=tamird@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.