From: Alice Ryhl <alice@ryhl.io>
To: Benno Lossin <benno.lossin@proton.me>,
Wedson Almeida Filho <wedsonaf@gmail.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>,
Christian Brauner <brauner@kernel.org>,
Matthew Wilcox <willy@infradead.org>,
Kent Overstreet <kent.overstreet@gmail.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-fsdevel@vger.kernel.org, rust-for-linux@vger.kernel.org,
Wedson Almeida Filho <walmeida@microsoft.com>
Subject: Re: [RFC PATCH 04/19] rust: fs: introduce `FileSystem::super_params`
Date: Sat, 28 Oct 2023 18:39:04 +0200 [thread overview]
Message-ID: <4b19dd7d-b946-4a5c-8746-f7e9c2f55d25@ryhl.io> (raw)
In-Reply-To: <E5dn4WQzlLvA0snHR_r_i2h1IPRjiiTIwssBSR403Rda6JA2Fgd-7lOonQQ6Oz1DMqp45cvtDfyW0JwRFgSZurzvtXIk3KGNhtSBqvvBnF0=@proton.me>
On 10/18/23 18:34, Benno Lossin wrote:>> + from_result(|| {
>> + // SAFETY: The C callback API guarantees that `fc_ptr` is valid.
>> + let fc = unsafe { &mut *fc_ptr };
>
> This safety comment is not enough, the pointer needs to be unique and
> pointing to a valid value for this to be ok. I would recommend to do
> this instead:
>
> unsafe { addr_of_mut!((*fc_ptr).ops).write(&Tables::<T>::CONTEXT) };
It doesn't really need to be unique. Or at least, that wording gives the
wrong intuition even if it's technically correct when you use the right
definition of "unique".
To clarify what I mean: Using `ptr::write` on a raw pointer is valid if
and only if creating a mutable reference and using that to write is
valid. (Assuming the type has no destructor.)
Of course, in this case you *also* have the difference of whether you
create a mutable to the entire struct or just the field.
>> + // SAFETY: This is a newly-created inode. No other references to it exist, so it is
>> + // safe to mutably dereference it.
>> + let inode = unsafe { &mut *inode };
>
> The inode also needs to be initialized and have valid values as its fields.
> Not sure if this is kept and it would probably be better to keep using raw
> pointers here.
My understanding is that this is just a safety invariant, and not a
validity invariant, so as long as the uninitialized memory is not read,
it's fine.
See e.g.:
https://github.com/rust-lang/unsafe-code-guidelines/issues/346
Alice
next prev parent reply other threads:[~2023-10-28 16:37 UTC|newest]
Thread overview: 125+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-18 12:24 [RFC PATCH 00/19] Rust abstractions for VFS Wedson Almeida Filho
2023-10-18 12:25 ` [RFC PATCH 01/19] rust: fs: add registration/unregistration of file systems Wedson Almeida Filho
2023-10-18 15:38 ` Benno Lossin
2024-01-10 18:32 ` Wedson Almeida Filho
2024-01-25 9:15 ` Benno Lossin
2023-10-18 12:25 ` [RFC PATCH 02/19] rust: fs: introduce the `module_fs` macro Wedson Almeida Filho
2023-10-18 12:25 ` [RFC PATCH 03/19] samples: rust: add initial ro file system sample Wedson Almeida Filho
2023-10-28 16:18 ` Alice Ryhl
2024-01-10 18:25 ` Wedson Almeida Filho
2023-10-18 12:25 ` [RFC PATCH 04/19] rust: fs: introduce `FileSystem::super_params` Wedson Almeida Filho
2023-10-18 16:34 ` Benno Lossin
2023-10-28 16:39 ` Alice Ryhl [this message]
2023-10-30 8:21 ` Benno Lossin
2023-10-30 21:36 ` Alice Ryhl
2023-10-20 15:04 ` Ariel Miculas (amiculas)
2024-01-03 12:25 ` Andreas Hindborg (Samsung)
2023-10-18 12:25 ` [RFC PATCH 05/19] rust: fs: introduce `INode<T>` Wedson Almeida Filho
2023-10-28 18:00 ` Alice Ryhl
2024-01-03 12:45 ` Andreas Hindborg (Samsung)
2024-01-03 12:54 ` Andreas Hindborg (Samsung)
2024-01-04 5:20 ` Darrick J. Wong
2024-01-04 9:57 ` Andreas Hindborg (Samsung)
2024-01-10 9:45 ` Benno Lossin
2024-01-04 5:14 ` Darrick J. Wong
2024-01-24 18:17 ` Wedson Almeida Filho
2023-10-18 12:25 ` [RFC PATCH 06/19] rust: fs: introduce `FileSystem::init_root` Wedson Almeida Filho
2023-10-19 14:30 ` Benno Lossin
2023-10-20 0:52 ` Boqun Feng
2023-10-21 13:48 ` Benno Lossin
2023-10-21 15:57 ` Boqun Feng
2023-10-21 17:01 ` Matthew Wilcox
2023-10-21 19:33 ` Boqun Feng
2023-10-23 5:29 ` Dave Chinner
2023-10-23 12:55 ` Wedson Almeida Filho
2023-10-30 2:29 ` Dave Chinner
2023-10-31 20:49 ` Wedson Almeida Filho
2023-11-08 4:54 ` Dave Chinner
2023-11-08 6:15 ` Wedson Almeida Filho
2023-10-20 0:30 ` Boqun Feng
2023-10-23 12:36 ` Wedson Almeida Filho
2024-01-03 13:29 ` Andreas Hindborg (Samsung)
2024-01-24 4:07 ` Wedson Almeida Filho
2023-10-18 12:25 ` [RFC PATCH 07/19] rust: fs: introduce `FileSystem::read_dir` Wedson Almeida Filho
2023-10-21 8:33 ` Benno Lossin
2024-01-03 14:09 ` Andreas Hindborg (Samsung)
2024-01-21 21:00 ` Askar Safin
2024-01-21 21:51 ` Dave Chinner
2023-10-18 12:25 ` [RFC PATCH 08/19] rust: fs: introduce `FileSystem::lookup` Wedson Almeida Filho
2023-10-18 12:25 ` [RFC PATCH 09/19] rust: folio: introduce basic support for folios Wedson Almeida Filho
2023-10-18 17:17 ` Matthew Wilcox
2023-10-18 18:32 ` Wedson Almeida Filho
2023-10-18 19:21 ` Matthew Wilcox
2023-10-19 13:25 ` Wedson Almeida Filho
2023-10-20 4:11 ` Matthew Wilcox
2023-10-20 15:17 ` Matthew Wilcox
2023-10-23 12:32 ` Wedson Almeida Filho
2023-10-23 10:48 ` Andreas Hindborg (Samsung)
2023-10-23 14:28 ` Matthew Wilcox
2023-10-24 15:04 ` Ariel Miculas (amiculas)
2023-10-23 12:29 ` Wedson Almeida Filho
2023-10-21 9:21 ` Benno Lossin
2023-10-18 12:25 ` [RFC PATCH 10/19] rust: fs: introduce `FileSystem::read_folio` Wedson Almeida Filho
2023-11-07 22:18 ` Matthew Wilcox
2023-11-07 22:22 ` Al Viro
2023-11-08 0:35 ` Wedson Almeida Filho
2023-11-08 0:56 ` Al Viro
2023-11-08 2:39 ` Wedson Almeida Filho
2023-10-18 12:25 ` [RFC PATCH 11/19] rust: fs: introduce `FileSystem::read_xattr` Wedson Almeida Filho
2023-10-18 13:06 ` Ariel Miculas (amiculas)
2023-10-19 13:35 ` Wedson Almeida Filho
2023-10-18 12:25 ` [RFC PATCH 12/19] rust: fs: introduce `FileSystem::statfs` Wedson Almeida Filho
2024-01-03 14:13 ` Andreas Hindborg (Samsung)
2024-01-04 5:33 ` Darrick J. Wong
2024-01-24 4:24 ` Wedson Almeida Filho
2023-10-18 12:25 ` [RFC PATCH 13/19] rust: fs: introduce more inode types Wedson Almeida Filho
2023-10-18 12:25 ` [RFC PATCH 14/19] rust: fs: add per-superblock data Wedson Almeida Filho
2023-10-25 15:51 ` Ariel Miculas (amiculas)
2023-10-26 13:46 ` Ariel Miculas (amiculas)
2024-01-03 14:16 ` Andreas Hindborg (Samsung)
2023-10-18 12:25 ` [RFC PATCH 15/19] rust: fs: add basic support for fs buffer heads Wedson Almeida Filho
2024-01-03 14:17 ` Andreas Hindborg (Samsung)
2023-10-18 12:25 ` [RFC PATCH 16/19] rust: fs: allow file systems backed by a block device Wedson Almeida Filho
2023-10-21 13:39 ` Benno Lossin
2024-01-24 4:14 ` Wedson Almeida Filho
2024-01-03 14:38 ` Andreas Hindborg (Samsung)
2023-10-18 12:25 ` [RFC PATCH 17/19] rust: fs: allow per-inode data Wedson Almeida Filho
2023-10-21 13:57 ` Benno Lossin
2024-01-03 14:39 ` Andreas Hindborg (Samsung)
2023-10-18 12:25 ` [RFC PATCH 18/19] rust: fs: export file type from mode constants Wedson Almeida Filho
2023-10-18 12:25 ` [RFC PATCH 19/19] tarfs: introduce tar fs Wedson Almeida Filho
2023-10-18 16:57 ` Matthew Wilcox
2023-10-18 17:05 ` Wedson Almeida Filho
2023-10-18 17:20 ` Matthew Wilcox
2023-10-18 18:07 ` Wedson Almeida Filho
2024-01-24 5:05 ` Matthew Wilcox
2024-01-24 5:23 ` Matthew Wilcox
2024-01-24 18:26 ` Wedson Almeida Filho
2024-01-24 21:05 ` Dave Chinner
2024-01-24 21:28 ` Matthew Wilcox
2024-01-24 5:34 ` Gao Xiang
2023-10-18 13:40 ` [RFC PATCH 00/19] Rust abstractions for VFS Ariel Miculas (amiculas)
2023-10-18 17:12 ` Wedson Almeida Filho
2023-10-29 20:31 ` Matthew Wilcox
2023-10-31 20:14 ` Wedson Almeida Filho
2024-01-03 18:02 ` Matthew Wilcox
2024-01-03 19:04 ` Wedson Almeida Filho
2024-01-03 19:53 ` Al Viro
2024-01-03 20:38 ` Kent Overstreet
2024-01-04 1:49 ` Matthew Wilcox
2024-01-09 18:25 ` Wedson Almeida Filho
2024-01-09 19:30 ` Matthew Wilcox
2024-01-03 19:14 ` Kent Overstreet
2024-01-03 20:41 ` Al Viro
2024-01-09 19:13 ` Wedson Almeida Filho
2024-01-09 19:25 ` Matthew Wilcox
2024-01-09 19:32 ` Greg Kroah-Hartman
2024-01-10 7:49 ` Wedson Almeida Filho
2024-01-10 7:57 ` Greg Kroah-Hartman
2024-01-10 12:56 ` Matthew Wilcox
2024-01-09 22:19 ` Dave Chinner
2024-01-10 19:19 ` Kent Overstreet
2024-01-24 13:08 ` FUJITA Tomonori
2024-01-24 19:49 ` Kent Overstreet
2024-01-05 0:04 ` David Howells
2024-01-05 15:54 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4b19dd7d-b946-4a5c-8746-f7e9c2f55d25@ryhl.io \
--to=alice@ryhl.io \
--cc=benno.lossin@proton.me \
--cc=brauner@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=kent.overstreet@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=walmeida@microsoft.com \
--cc=wedsonaf@gmail.com \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).