From: "Benno Lossin" <lossin@kernel.org>
To: "Oliver Mangold" <oliver.mangold@pm.me>
Cc: "Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Asahi Lina" <lina+kernel@asahilina.net>,
rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v11 2/4] rust: Split `AlwaysRefCounted` into two traits
Date: Mon, 07 Jul 2025 11:27:21 +0200 [thread overview]
Message-ID: <DB5PSCBJA3YW.29RU3J2CT4ZPM@kernel.org> (raw)
In-Reply-To: <aGt6U2jCDnU7dzRA@mango>
On Mon Jul 7, 2025 at 9:42 AM CEST, Oliver Mangold wrote:
> On 250702 1323, Benno Lossin wrote:
>> On Wed Jun 18, 2025 at 2:27 PM CEST, Oliver Mangold wrote:
>> > diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
>> > index c12ff4d2a3f2d79b760c34c0b84a51b507d0cfb1..40c0138bd336057e7d3a835a9e81391baa2fd2b1 100644
>> > --- a/rust/kernel/types.rs
>> > +++ b/rust/kernel/types.rs
>> > @@ -418,11 +418,9 @@ pub const fn raw_get(this: *const Self) -> *mut T {
>> > }
>> > }
>> >
>> > -/// Types that are _always_ reference counted.
>> > +/// Types that are internally reference counted.
>> > ///
>> > /// It allows such types to define their own custom ref increment and decrement functions.
>> > -/// Additionally, it allows users to convert from a shared reference `&T` to an owned reference
>> > -/// [`ARef<T>`].
>> > ///
>> > /// This is usually implemented by wrappers to existing structures on the C side of the code. For
>> > /// Rust code, the recommendation is to use [`Arc`](crate::sync::Arc) to create reference-counted
>> > @@ -438,9 +436,8 @@ pub const fn raw_get(this: *const Self) -> *mut T {
>> > /// at least until matching decrements are performed.
>> > ///
>> > /// Implementers must also ensure that all instances are reference-counted. (Otherwise they
>> > -/// won't be able to honour the requirement that [`AlwaysRefCounted::inc_ref`] keep the object
>> > -/// alive.)
>> > -pub unsafe trait AlwaysRefCounted {
>> > +/// won't be able to honour the requirement that [`RefCounted::inc_ref`] keep the object alive.)
>> > +pub unsafe trait RefCounted {
>> > /// Increments the reference count on the object.
>> > fn inc_ref(&self);
>>
>> This seems a bit problematic for `Owned`, since now I can do:
>>
>> fn bad<T: Ownable + RefCounted>(t: &Owned<T>) {
>> t.inc_ref();
>> }
>>
>> And now the `Owned<T>` is no longer "unique" in the sense that the
>> refcount is 1...
>
> Yes, that is clear. But that isn't a soundness issue or is it? It just
> means the `T` can be leaked, but that cannot be prevented anyway.
Yeah that is true.
>> Similarly, we should probably make this an associated function, such
>> that people don't accidentally call `.inc_ref()` on `ARef<T>`.
Filed https://github.com/Rust-for-Linux/linux/issues/1177
---
Cheers,
Benno
next prev parent reply other threads:[~2025-07-07 9:27 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <OYpTDi4YYXiWvLG3nO_8_WKsgOl9KOpun9l3a34m0jza6nmEWDCLTldSwCfZ2PRRprjXqGmrgSL2JN8rPOQH8Q==@protonmail.internalid>
2025-06-18 12:27 ` [PATCH v11 0/4] New trait OwnableRefCounted for ARef<->Owned conversion Oliver Mangold
2025-06-18 12:27 ` [PATCH v11 1/4] rust: types: Add Ownable/Owned types Oliver Mangold
2025-07-02 11:03 ` Benno Lossin
2025-07-07 6:58 ` Oliver Mangold
2025-07-07 9:23 ` Benno Lossin
2025-07-08 9:56 ` Oliver Mangold
2025-07-08 10:16 ` Miguel Ojeda
2025-07-08 13:06 ` Benno Lossin
2025-07-08 18:30 ` Andreas Hindborg
2025-07-08 19:18 ` Benno Lossin
2025-07-09 8:53 ` Andreas Hindborg
2025-07-09 9:11 ` Benno Lossin
2025-07-08 13:22 ` Andreas Hindborg
2025-07-08 14:53 ` Benno Lossin
2025-07-08 15:00 ` Benno Lossin
2025-07-07 12:26 ` Miguel Ojeda
2025-08-18 12:46 ` Andreas Hindborg
2025-08-18 13:04 ` Oliver Mangold
2025-08-18 22:27 ` Benno Lossin
2025-08-19 6:04 ` Oliver Mangold
2025-08-19 8:26 ` Benno Lossin
2025-08-19 8:45 ` Oliver Mangold
2025-08-19 9:00 ` Andreas Hindborg
2025-08-19 17:15 ` Benno Lossin
2025-08-20 10:48 ` Andreas Hindborg
2025-08-19 8:53 ` Andreas Hindborg
2025-08-19 17:13 ` Benno Lossin
2025-08-19 18:28 ` Andreas Hindborg
2025-08-20 6:02 ` Oliver Mangold
2025-08-20 7:41 ` Benno Lossin
2025-08-20 7:43 ` Oliver Mangold
2025-08-20 10:51 ` Andreas Hindborg
2025-06-18 12:27 ` [PATCH v11 2/4] rust: Split `AlwaysRefCounted` into two traits Oliver Mangold
2025-06-19 3:15 ` kernel test robot
2025-07-02 11:23 ` Benno Lossin
2025-07-07 7:42 ` Oliver Mangold
2025-07-07 9:27 ` Benno Lossin [this message]
2025-06-18 12:27 ` [PATCH v11 3/4] rust: Add missing SAFETY documentation for `ARef` example Oliver Mangold
2025-06-18 12:27 ` [PATCH v11 4/4] rust: Add `OwnableRefCounted` Oliver Mangold
2025-07-02 13:24 ` Benno Lossin
2025-07-07 8:07 ` Oliver Mangold
2025-07-07 9:33 ` Benno Lossin
2025-07-07 11:12 ` Andreas Hindborg
2025-07-07 11:47 ` Benno Lossin
2025-07-07 13:21 ` Andreas Hindborg
2025-07-07 15:39 ` Benno Lossin
2025-07-08 13:15 ` Andreas Hindborg
2025-07-08 14:50 ` Benno Lossin
2025-07-08 15:35 ` Andreas Hindborg
2025-07-08 9:36 ` Oliver Mangold
2025-07-08 13:42 ` Benno Lossin
2025-08-05 17:23 ` [PATCH v11 0/4] New trait OwnableRefCounted for ARef<->Owned conversion Danilo Krummrich
2025-08-06 5:56 ` Oliver Mangold
2025-08-15 10:12 ` Andreas Hindborg
2025-08-18 5:59 ` Oliver Mangold
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DB5PSCBJA3YW.29RU3J2CT4ZPM@kernel.org \
--to=lossin@kernel.org \
--cc=a.hindborg@kernel.org \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=gary@garyguo.net \
--cc=lina+kernel@asahilina.net \
--cc=linux-kernel@vger.kernel.org \
--cc=ojeda@kernel.org \
--cc=oliver.mangold@pm.me \
--cc=rust-for-linux@vger.kernel.org \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).