From: "Benno Lossin" <lossin@kernel.org>
To: "Sidong Yang" <sidong.yang@furiosa.ai>,
"Caleb Sander Mateos" <csander@purestorage.com>
Cc: "Miguel Ojeda" <ojeda@kernel.org>,
"Arnd Bergmann" <arnd@arndb.de>, "Jens Axboe" <axboe@kernel.dk>,
<rust-for-linux@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<io-uring@vger.kernel.org>
Subject: Re: [PATCH 2/4] rust: io_uring: introduce rust abstraction for io-uring cmd
Date: Mon, 21 Jul 2025 18:28:09 +0200 [thread overview]
Message-ID: <DBHVI5WDLCY3.33K0F1UAJSHPK@kernel.org> (raw)
In-Reply-To: <aH5g-Q_hu6neI5em@sidongui-MacBookPro.local>
On Mon Jul 21, 2025 at 5:47 PM CEST, Sidong Yang wrote:
> On Mon, Jul 21, 2025 at 11:04:31AM -0400, Caleb Sander Mateos wrote:
>> On Mon, Jul 21, 2025 at 1:23 AM Sidong Yang <sidong.yang@furiosa.ai> wrote:
>> > On Sun, Jul 20, 2025 at 03:10:28PM -0400, Caleb Sander Mateos wrote:
>> > > On Sat, Jul 19, 2025 at 10:34 AM Sidong Yang <sidong.yang@furiosa.ai> wrote:
>> > > > + }
>> > > > +
>> > > > + // Called by consumers of io_uring_cmd, if they originally returned -EIOCBQUEUED upon receiving the command
>> > > > + #[inline]
>> > > > + pub fn done(self, ret: isize, res2: u64, issue_flags: u32) {
>> > >
>> > > I don't think it's safe to move io_uring_cmd. io_uring_cmd_done(), for
>> > > example, calls cmd_to_io_kiocb() to turn struct io_uring_cmd *ioucmd
>> > > into struct io_kiocb *req via a pointer cast. And struct io_kiocb's
>> > > definitely need to be pinned in memory. For example,
>> > > io_req_normal_work_add() inserts the struct io_kiocb into a linked
>> > > list. Probably some sort of pinning is necessary for IoUringCmd.
>> >
>> > Understood, Normally the users wouldn't create IoUringCmd than use borrowed cmd
>> > in uring_cmd() callback. How about change to &mut self and also uring_cmd provides
>> > &mut IoUringCmd for arg.
>>
>> I'm still a little worried about exposing &mut IoUringCmd without
>> pinning. It would allow swapping the fields of two IoUringCmd's (and
>> therefore struct io_uring_cmd's), for example. If a struct
>> io_uring_cmd belongs to a struct io_kiocb linked into task_list,
>> swapping it with another struct io_uring_cmd would result in
>> io_uring_cmd_work() being invoked on the wrong struct io_uring_cmd.
>> Maybe it would be okay if IoUringCmd had an invariant that the struct
>> io_uring_cmd is not on the task work list. But I would feel safer with
>> using Pin<&mut IoUringCmd>. I don't have much experience with Rust in
>> the kernel, though, so I would welcome other opinions.
>
> I've thought about this deeply. You're right. exposing &mut without
> pinning make it unsafe.
> User also can make *mut and memmove to anywhere without unsafe block.
How so? Using `*mut T` always needs unsafe.
> It's safest to get NonNull from from_raw and it returns
> Pin<&mut IoUringCmd>.
I don't think you need `NonNull<T>`.
> from_raw() name is weird. it should be from_nonnnull()? Also, done()
> would get Pin<&mut Self>.
That sounds reasonable.
Are you certain that it's an exclusive reference?
---
Cheers,
Benno
next prev parent reply other threads:[~2025-07-21 16:28 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-19 14:33 [RFC PATCH 0/4] rust: miscdevice: abstraction for uring-cmd Sidong Yang
2025-07-19 14:33 ` [PATCH 1/4] rust: bindings: add io_uring headers in bindings_helper.h Sidong Yang
2025-07-20 12:29 ` kernel test robot
2025-07-19 14:33 ` [PATCH 2/4] rust: io_uring: introduce rust abstraction for io-uring cmd Sidong Yang
2025-07-20 19:10 ` Caleb Sander Mateos
2025-07-21 5:22 ` Sidong Yang
2025-07-21 15:04 ` Caleb Sander Mateos
2025-07-21 15:47 ` Sidong Yang
2025-07-21 16:28 ` Benno Lossin [this message]
2025-07-22 14:30 ` Sidong Yang
2025-07-22 18:52 ` Benno Lossin
2025-07-24 16:05 ` Sidong Yang
2025-07-21 15:52 ` Benno Lossin
2025-07-22 14:33 ` Sidong Yang
2025-07-19 14:33 ` [PATCH 3/4] rust: miscdevice: add uring_cmd() for MiscDevice trait Sidong Yang
2025-07-20 19:38 ` kernel test robot
2025-07-20 20:08 ` Caleb Sander Mateos
2025-07-21 5:42 ` Sidong Yang
2025-07-19 14:33 ` [PATCH 4/4] samples: rust: rust_misc_device: add uring_cmd example Sidong Yang
2025-07-20 20:21 ` Caleb Sander Mateos
2025-07-21 5:45 ` Sidong Yang
2025-07-19 15:00 ` [RFC PATCH 0/4] rust: miscdevice: abstraction for uring-cmd Nikita Krasnov
2025-07-19 16:33 ` Nikita Krasnov
2025-07-19 16:34 ` Miguel Ojeda
2025-07-20 16:07 ` Sidong Yang
2025-07-20 16:41 ` Miguel Ojeda
2025-07-20 16:52 ` Sidong Yang
2025-07-20 17:00 ` Miguel Ojeda
2025-07-19 17:03 ` Danilo Krummrich
2025-07-20 16:11 ` Sidong Yang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DBHVI5WDLCY3.33K0F1UAJSHPK@kernel.org \
--to=lossin@kernel.org \
--cc=arnd@arndb.de \
--cc=axboe@kernel.dk \
--cc=csander@purestorage.com \
--cc=io-uring@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=sidong.yang@furiosa.ai \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.