From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3F62BC4345F for ; Fri, 19 Apr 2024 08:36:26 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7A6416B0082; Fri, 19 Apr 2024 04:36:25 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 755566B0085; Fri, 19 Apr 2024 04:36:25 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 61C886B0087; Fri, 19 Apr 2024 04:36:25 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 43DE16B0082 for ; Fri, 19 Apr 2024 04:36:25 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id A2E9A40A75 for ; Fri, 19 Apr 2024 08:36:24 +0000 (UTC) X-FDA: 82025624688.22.F439DB5 Received: from mail-4316.protonmail.ch (mail-4316.protonmail.ch [185.70.43.16]) by imf19.hostedemail.com (Postfix) with ESMTP id CB1DE1A0009 for ; Fri, 19 Apr 2024 08:36:21 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=proton.me header.s=protonmail header.b=b+hIFPUz; spf=pass (imf19.hostedemail.com: domain of benno.lossin@proton.me designates 185.70.43.16 as permitted sender) smtp.mailfrom=benno.lossin@proton.me; dmarc=pass (policy=quarantine) header.from=proton.me ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1713515782; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=GNZayvSmS5HRg6gaz/dtwX1+NRrHmVzmTZGPE4Ro8Bk=; b=PB1uFOk0BiSBU854VOZdBeshuF0iGRPFo8oqwN2Tht5e8k5YGV4c6ZDaF+1bc0ALp46OJf eQaETlqfVUzoeAARi8MtCe8gD3Efbp+AY4P4SQfSERHoCvVDW9q7WV2FxBTawUJSSgveAV EEStQKvbJcFim8Urq7IEkgqkN8kmgbo= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=pass header.d=proton.me header.s=protonmail header.b=b+hIFPUz; spf=pass (imf19.hostedemail.com: domain of benno.lossin@proton.me designates 185.70.43.16 as permitted sender) smtp.mailfrom=benno.lossin@proton.me; dmarc=pass (policy=quarantine) header.from=proton.me ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1713515782; a=rsa-sha256; cv=none; b=k/oKssApfFQEiOtoCoDfH7XYxLAOVvKbAn6UlFSteuHJblPaHQP+LhFShUZE2kxmpWmYnm 48jUBifIHm19ZXFBAfC8/ibti4lzN+Bqek5CUByusnBVGL4fgtyp72i7+Ek7v6Vzp4NBE+ 9ub3sTOvl0nmBel9SGCnrOaBTO7tyAg= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proton.me; s=protonmail; t=1713515779; x=1713774979; bh=GNZayvSmS5HRg6gaz/dtwX1+NRrHmVzmTZGPE4Ro8Bk=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=b+hIFPUz3QO4BSP9l86BymyS8jeeT04gztsZSJOjK+Mn1kc8SR+n7jWsZ/faaBHGS I5YqzIgHAoRZxNNFmLiPMmXzy4z2vSH8V6aHuol9+m29n9SFvJDUdCN+G1hVR5XMPA 2Hw7XBupHcL5hDPTGqv9B/o7rO1NyF6kX/3MbRt4IMsrKdqxan4Q6yDTURIkppSBfa r2t8rPUEuaoJNmN3MZZLmrdXZNthFXpD1A06i3k0R5G0rIxn1DiWXMcCxx+BU+babv bKNTwmWqpEnYlCQm4LFRLAIBUOlmL89HV8nnkpgVvxftNqQx9Os63DmbxGGGttriml 2/QqAv3dP8dgw== Date: Fri, 19 Apr 2024 08:36:11 +0000 To: Boqun Feng From: Benno Lossin Cc: Alice Ryhl , Miguel Ojeda , Matthew Wilcox , Al Viro , Andrew Morton , Kees Cook , Alex Gaynor , Wedson Almeida Filho , Gary Guo , =?utf-8?Q?Bj=C3=B6rn_Roy_Baron?= , Andreas Hindborg , Greg Kroah-Hartman , =?utf-8?Q?Arve_Hj=C3=B8nnev=C3=A5g?= , Todd Kjos , Martijn Coenen , Joel Fernandes , Carlos Llamas , Suren Baghdasaryan , Arnd Bergmann , Trevor Gross , linux-mm@kvack.org, linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org, Christian Brauner Subject: Re: [PATCH v6 4/4] rust: add abstraction for `struct page` Message-ID: <079c88af-2e6d-45fe-bf58-afebbf7583b4@proton.me> In-Reply-To: References: <20240418-alice-mm-v6-0-cb8f3e5d688f@google.com> <20240418-alice-mm-v6-4-cb8f3e5d688f@google.com> <87dc4cdf-ccf6-4b08-8915-313aad313f93@proton.me> Feedback-ID: 71780778:user:proton X-Pm-Message-ID: ad15b522de4b58dd3101eb7a34f97ddc12b90f13 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Stat-Signature: qprtuqqfehimacis4ab6mpo6w9c1977e X-Rspamd-Queue-Id: CB1DE1A0009 X-Rspamd-Server: rspam10 X-Rspam-User: X-HE-Tag: 1713515781-671020 X-HE-Meta: U2FsdGVkX18CXd2sRYExHax8qKqr54on9/7Whhgnx7BhCRb0fE0aOMEO+WMJoSu3fpYORtSu+ob4mx91HoavGR5RM6/x7TvKutc7dAAD8V4W2B7r/4Pujlt990pX/uLqTSJBFM3lQX6exR0ZG5alhQ3RTl1n+lIXsZe3MLlXCRhfrNS2jjGpnKvclKl3oO9paALGtYEXCRtBAStZ5KC9ylYR6VcEYZm5a0Mu6+PL30/BXWUyN8b2D3afW5U6PWBPHpRn7eTSd15uMvMCTg3KzibjhKqPwR8n/EsEK8ryMNOdv6bndP5+QC9p4MYrXLMPlAPuoMZ3Yukjml6i6JHCWluF6NLGw1DKrExouKOgtYXyeqSilerauQ1OvD+911ph2v25SLlTXGpPL3es1BCdR04fszNarIt/9BPrj30TWV6BBiXmKw8mOKl2oenPPDjKDS9OWyMSR6ZOk4qewS3iLyNVpYkjiBxzfGEx1ExRFsT3y4Q3nK0urNw9dYMDK9AMItWCiCAk6RRfjI39nHPvsCLEIHx+hNYhF2q8Xu1jgExVlA9rPZDF5T7SZ3w5VUc3KBY5P58ck2YJdfb0NS7/kyYOrkqmQeTnBFSCgeFGAd51emYyGj9+Q/PADuh0fLBHos2+YnhGLRDMwgnPreWL1OnZvK3YN4O7kY1MJpmJRxEeyvpOQhJgAvq9FDESeVvhePWATYfq9n+V4wcOuWxLXLCRN8wxO2XSm8xLl8ocaXE1KnneX415kHGxAktbF9u4WgOYbmM1HLuC+Wsrubi5rl0YcW5DfwVlFYyQSX/Cbi4perX84wYVdT9FpgXJQOdi0SELofl1dgon3/6mdH3ytqXF8NECU7GrJRJ8xPPoHZ/4aKPF69GAM10nU5OwjwK+nxuqh+iaN42dR3XsGzuPXyntNgN0hagQqBSEz4wnuill2212XxBEq1ej4Py9cNKARRfDsad6Cajx2cxOnnn cz03C2m6 L5xqdA+VDgRP7h9xR6TflKQfZ406UnDW//MfmbsejyIEMl0QICkiqOsuas/j0sMdEZc6cOoSigq1Rws1lDyKgP515thLwDWqPovB7gb3eIVwP9L+3m425bKzo8rw1BaBeXWyiXl6CmTOLro3ZoBazHO41VSQ6+XqgmgNE099qGW/m3SoROnGaANdZ0CqjoY4ffrnVde6yNonT9EWWeAEe1JvONU1Y5+7J8sGeGTME9APkc/fznlJJEZlhBlRO1jUir+g4N1McPGs/0NYrfL4i5BzcTWX9rv2WSWrmcqBOAMJpMcAF3NyV9xBWJefLTUXdaapQoDie+QZqGNM1YfaJd+kBaPgJjdHzzsnvPIvHRdpev8oOX7SqqKk//K2jiN0KivkOXw794UDNuDNBE0AkwOjb1I/tTQbHZjGYowWFvXuJVkjxjobya7RjceaFr/knO7/kWQobnXsUlYg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 19.04.24 01:04, Boqun Feng wrote: > On Thu, Apr 18, 2024 at 03:56:11PM -0700, Boqun Feng wrote: >> On Thu, Apr 18, 2024 at 10:08:40PM +0000, Benno Lossin wrote: >>> On 18.04.24 20:52, Boqun Feng wrote: >>>> On Thu, Apr 18, 2024 at 08:59:20AM +0000, Alice Ryhl wrote: >>>>> + /// Runs a piece of code with a raw pointer to a slice of this p= age, with bounds checking. >>>>> + /// >>>>> + /// If `f` is called, then it will be called with a pointer that= points at `off` bytes into the >>>>> + /// page, and the pointer will be valid for at least `len` bytes= . The pointer is only valid on >>>>> + /// this task, as this method uses a local mapping. >>>>> + /// >>>>> + /// If `off` and `len` refers to a region outside of this page, = then this method returns >>>>> + /// `EINVAL` and does not call `f`. >>>>> + /// >>>>> + /// # Using the raw pointer >>>>> + /// >>>>> + /// It is up to the caller to use the provided raw pointer corre= ctly. The pointer is valid for >>>>> + /// `len` bytes and for the duration in which the closure is cal= led. The pointer might only be >>>>> + /// mapped on the current thread, and when that is the case, der= eferencing it on other threads >>>>> + /// is UB. Other than that, the usual rules for dereferencing a = raw pointer apply: don't cause >>>>> + /// data races, the memory may be uninitialized, and so on. >>>>> + /// >>>>> + /// If multiple threads map the same page at the same time, then= they may reference with >>>>> + /// different addresses. However, even if the addresses are diff= erent, the underlying memory is >>>>> + /// still the same for these purposes (e.g., it's still a data r= ace if they both write to the >>>>> + /// same underlying byte at the same time). >>>>> + fn with_pointer_into_page( >>>>> + &self, >>>>> + off: usize, >>>>> + len: usize, >>>>> + f: impl FnOnce(*mut u8) -> Result, >>>> >>>> I wonder whether the way to go here is making this function signature: >>>> >>>> fn with_slice_in_page ( >>>> &self, >>>> =09 off: usize, >>>> =09 len: usize, >>>> =09 f: iml FnOnce(&UnsafeCell<[u8]>) -> Result >>>> ) -> Result >>>> >>>> , because in this way, it makes a bit more clear that what memory that >>>> `f` can access, in other words, the users are less likely to use the >>>> pointer in a wrong way. >>>> >>>> But that depends on whether `&UnsafeCell<[u8]>` is the correct >>>> abstraction and the ecosystem around it: for example, I feel like thes= e >>>> two functions: >>>> >>>> =09 fn len(slice: &UnsafeCell<[u8]>) -> usize >>>> =09 fn as_ptr(slice: &UnsafeCell<[u8]>) -> *mut u8 >>>> >>>> should be trivially safe, but I might be wrong. Again this is just for >>>> future discussion. >>> >>> I think the "better" type would be `&[UnsafeCell]`. Since there you >>> can always access the length. >>> >> >> Hmm.. here is the thing, having `&UnsafeCell<[u8]>` means having a `*mut >> [u8]>`, and it should always be safe to get a "length" of `*mut [u8]`, >> right? I haven't found any method doing that, but the length should be >> just a part of fat pointer, so I think getting that is a defined >> behavior. But maybe I'm missing something. There is `to_raw_parts` [1], but that is unstable. (Note that `<[T] as Pointee>::Metadata =3D usize`, see [2]) >> >=20 > Hmm... but I guess one of the problems of this approach, is how to > construct a `&UnsafeCell<[u8]>` from a pointer and length... We could use `from_raw_parts` [3]. But when making the slice the outer type, we can use a stable function to convert a pointer and a length to a slice [4]. >=20 > Regards, > Boqun >=20 >>> Another question would be if page allows for uninitialized bits, in tha= t >>> case, we would need `&[Opaque]`. >>> >> >> Yes, or `&Opaque<[u8>]`. I don't think that putting the slice on the inside is what we want. Also note that `Opaque` requires that `T: Sized` and that is not the case for `[u8]`. [1]: https://doc.rust-lang.org/nightly/core/primitive.pointer.html#method.t= o_raw_parts [2]: https://doc.rust-lang.org/nightly/core/ptr/trait.Pointee.html#pointer-= metadata [3]: https://doc.rust-lang.org/nightly/core/ptr/fn.from_raw_parts.html [4]: https://doc.rust-lang.org/nightly/core/slice/fn.from_raw_parts.html --=20 Cheers, Benno