From: Alice Ryhl <aliceryhl@google.com>
To: Gary Guo <gary@garyguo.net>
Cc: Christian Benton <t1bur0n.kernel.org@protonmail.ch>,
ojeda@kernel.org, rust-for-linux@vger.kernel.org,
linux-kernel@vger.kernel.org, lossin@kernel.org,
Philipp Stanner <phasta@kernel.org>
Subject: Re: [PATCH 1/2] rust: list: fix SAFETY comment in List::remove
Date: Tue, 28 Apr 2026 07:27:30 +0000 [thread overview]
Message-ID: <afBhYqOOG0H3AZkp@google.com> (raw)
In-Reply-To: <DHMWK36LPD3S.2V9DV6BT60YJ4@garyguo.net>
On Tue, Apr 07, 2026 at 12:56:52PM +0100, Gary Guo wrote:
> On Tue Apr 7, 2026 at 9:15 AM BST, Alice Ryhl wrote:
> > On Fri, Apr 03, 2026 at 10:08:15PM +0000, Christian Benton wrote:
> >> The SAFETY comment for the call to ListLinks::fields in List::remove
> >> was left as TODO. Fill it in: the call is safe because T::view_links
> >> returns a reference to the ListLinks field of item, and references are
> >> always valid and non-dangling.
> >>
> >> Signed-off-by: Christian Benton <t1bur0n.kernel.org@protonmail.ch>
> >
> > Thanks. I agree that `item` being a reference is the only thing needed
> > for this to be sound, as reference implies that the pointer is not
> > dangling.
>
> (cc Philipp)
>
> FWIW, I want to change `item` from a reference to a raw pointer. In Philipp's
> WIP DRM job scheduler implementation, there is a case where the list is
> conceptually a list of `UniqueArc`s; each job only needs to handle that is
> sufficient to locate the item in the list and remove it.
>
> I suggested to him that keeping a pointer and do a list iter with ptr
> comparison is sufficient to achieve that without needing to do additional
> reference counting. Of course I don't want to iterate the list when I could just
> call `remove` function on the list itself; for that use case I want to change
> the `remove` function to only require a pointer (with additional safety
> requirement that it is valid).
>
> It's orthogonal to this change as I'll probably be more careful about pointer
> provenance too when making that change, so just a heads up.
Could you explain why? Is there any scenario where the caller couldn't
just create a reference to the value from their raw pointer?
Alice
next prev parent reply other threads:[~2026-04-28 7:27 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-03 22:08 [PATCH 0/2] rust: list: fix incomplete SAFETY comments in list implementation Christian Benton
2026-04-03 22:08 ` [PATCH 1/2] rust: list: fix SAFETY comment in List::remove Christian Benton
2026-04-07 8:15 ` Alice Ryhl
2026-04-07 11:56 ` Gary Guo
2026-04-24 11:29 ` Philipp Stanner
2026-04-27 16:53 ` Christian Benton
2026-04-27 23:08 ` Gary Guo
2026-04-28 7:27 ` Alice Ryhl [this message]
2026-04-28 10:39 ` Gary Guo
2026-04-03 22:08 ` [PATCH 2/2] rust: list: fix SAFETY comments in impl_list_item_mod Christian Benton
2026-04-07 8:18 ` Alice Ryhl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=afBhYqOOG0H3AZkp@google.com \
--to=aliceryhl@google.com \
--cc=gary@garyguo.net \
--cc=linux-kernel@vger.kernel.org \
--cc=lossin@kernel.org \
--cc=ojeda@kernel.org \
--cc=phasta@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=t1bur0n.kernel.org@protonmail.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.