From: Al Viro <viro@zeniv.linux.org.uk>
To: Alice Ryhl <aliceryhl@google.com>
Cc: brauner@kernel.org, a.hindborg@samsung.com,
alex.gaynor@gmail.com, arve@android.com, benno.lossin@proton.me,
bjorn3_gh@protonmail.com, boqun.feng@gmail.com,
cmllamas@google.com, dan.j.williams@intel.com, dxu@dxuuu.xyz,
gary@garyguo.net, gregkh@linuxfoundation.org,
joel@joelfernandes.org, keescook@chromium.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
maco@android.com, ojeda@kernel.org, peterz@infradead.org,
rust-for-linux@vger.kernel.org, surenb@google.com,
tglx@linutronix.de, tkjos@android.com, tmgross@umich.edu,
wedsonaf@gmail.com, willy@infradead.org, yakoyoku@gmail.com
Subject: Re: [PATCH v6 3/8] rust: file: add Rust abstraction for `struct file`
Date: Fri, 24 May 2024 23:56:40 +0100 [thread overview]
Message-ID: <20240524225640.GU2118490@ZenIV> (raw)
In-Reply-To: <20240524191714.2950286-1-aliceryhl@google.com>
On Fri, May 24, 2024 at 07:17:13PM +0000, Alice Ryhl wrote:
> > And then those both implement a get_file() method so the caller can take
> > an explicit long-term reference to the file.
>
> Even if you call `get_file` to get a long-term reference from something
> you have an fdget_pos reference to, that doesn't necessarily mean that
> you can share that long-term reference with other threads. You would
> need to release the fdget_pos reference first. For that reason, the
> long-term reference returned by `get_file` would still need to have the
> `File<MaybeFdgetPos>` type.
Why would you want such a bizarre requirement?
> Note that since it forgets which fd and fd table it came from, calls to
> `fdget` are actually not a problem for sending our long-term references
> across threads. The `fdget` requirements only care about things that
> touch the entry in the file descriptor table, such as closing the fd.
> The `ARef<File>` type does not provide any methods that could lead to
> that happening, so sharing it across threads is okay *even if* there is
> an light reference. That's why I have an `MaybeFdgetPos` but no
> `MaybeFdget`.
Huh?
What is "the entry in the file descriptor table"? Which one and in which one?
> let file = File::fget(my_fd)?;
> // SAFETY: We know that there are no active `fdget_pos` calls on
> // the current thread, since this is an ioctl and we have not
> // called `fdget_pos` inside the Binder driver.
> let thread_safe_file = unsafe { file.assume_no_fdget_pos() };
>
> (search for File::from_fd in the RFC to find where this would go)
>
> The `assume_no_fdget_pos` call has no effect at runtime - it is purely a
> compile-time thing to force the user to use unsafe to "promise" that
> there aren't any `fdget_pos` calls on the same fd.
Why does fdget_pos() even matter? The above makes no sense...
Again, cloning a reference and sending it to another thread is perfectly
fine. And what's so special about fdget_pos()/fdput_pos() compared to
fdget()/fdput()?
_What_ memory safety issues are you talking about?
next prev parent reply other threads:[~2024-05-24 22:57 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-17 9:30 [PATCH v6 0/8] File abstractions needed by Rust Binder Alice Ryhl
2024-05-17 9:30 ` [PATCH v6 1/8] rust: types: add `NotThreadSafe` Alice Ryhl
2024-05-17 9:30 ` [PATCH v6 2/8] rust: task: add `Task::current_raw` Alice Ryhl
2024-05-17 9:30 ` [PATCH v6 3/8] rust: file: add Rust abstraction for `struct file` Alice Ryhl
2024-05-24 16:12 ` Christian Brauner
2024-05-24 19:17 ` Alice Ryhl
2024-05-24 21:32 ` Al Viro
2024-05-27 16:03 ` Alice Ryhl
2024-05-28 19:36 ` Al Viro
2024-05-28 20:29 ` Alice Ryhl
2024-05-28 20:59 ` Al Viro
2024-05-24 22:56 ` Al Viro [this message]
2024-05-25 0:33 ` Al Viro
2024-05-25 15:40 ` Al Viro
2024-05-25 11:53 ` Christian Brauner
2024-05-27 16:05 ` Alice Ryhl
2024-05-29 8:17 ` Christian Brauner
2024-05-29 12:58 ` Alice Ryhl
2024-05-17 9:30 ` [PATCH v6 4/8] rust: cred: add Rust abstraction for `struct cred` Alice Ryhl
2024-05-17 9:30 ` [PATCH v6 5/8] rust: security: add abstraction for secctx Alice Ryhl
2024-05-17 9:30 ` [PATCH v6 6/8] rust: file: add `FileDescriptorReservation` Alice Ryhl
2024-05-17 9:30 ` [PATCH v6 7/8] rust: file: add `Kuid` wrapper Alice Ryhl
2024-05-17 9:30 ` [PATCH v6 8/8] rust: file: add abstraction for `poll_table` Alice Ryhl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240524225640.GU2118490@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=a.hindborg@samsung.com \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=arve@android.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=brauner@kernel.org \
--cc=cmllamas@google.com \
--cc=dan.j.williams@intel.com \
--cc=dxu@dxuuu.xyz \
--cc=gary@garyguo.net \
--cc=gregkh@linuxfoundation.org \
--cc=joel@joelfernandes.org \
--cc=keescook@chromium.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maco@android.com \
--cc=ojeda@kernel.org \
--cc=peterz@infradead.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=surenb@google.com \
--cc=tglx@linutronix.de \
--cc=tkjos@android.com \
--cc=tmgross@umich.edu \
--cc=wedsonaf@gmail.com \
--cc=willy@infradead.org \
--cc=yakoyoku@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).