From: Andreas Hindborg <a.hindborg@kernel.org>
To: Tamir Duberstein <tamird@kernel.org>
Cc: ojeda@kernel.org, sashiko-reviews@lists.linux.dev,
rust-for-linux@vger.kernel.org
Subject: Re: [PATCH v4 01/11] rust: xarray: minor formatting fixes
Date: Tue, 09 Jun 2026 12:57:35 +0200 [thread overview]
Message-ID: <87fr2wgew0.fsf@kernel.org> (raw)
In-Reply-To: <20260604201631.450B51F00893@smtp.kernel.org>
<sashiko-bot@kernel.org> writes:
> Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
>
> Pre-existing issues:
> - [High] `Guard::store` temporarily drops the exclusive lock, violating `Guard` mutual exclusion semantics.
> --
>
> commit dd1e562319819f32e9d1d6de7db886673c5422d7
> Author: Andreas Hindborg <a.hindborg@kernel.org>
>
> rust: xarray: minor formatting fixes
>
> Fix formatting in xarray module to comply with kernel coding guidelines.
>
>> diff --git a/rust/kernel/xarray.rs b/rust/kernel/xarray.rs
>> index 46e5f43223fe8..b80fb7a262d0c 100644
>> --- a/rust/kernel/xarray.rs
>> +++ b/rust/kernel/xarray.rs
>
> [ ... ]
>
>> @@ -44,7 +63,10 @@
>> /// *guard.get_mut(0).unwrap() = 0xffff;
>> /// assert_eq!(guard.get(0).copied(), Some(0xffff));
>> ///
>> -/// assert_eq!(guard.store(0, beef, GFP_KERNEL)?.as_deref().copied(), Some(0xffff));
>> +/// assert_eq!(
>> +/// guard.store(0, beef, GFP_KERNEL)?.as_deref().copied(),
>> +/// Some(0xffff)
>> +/// );
>
> [Severity: High]
> This isn't a bug introduced by this patch, but since Guard::store calls
> __xa_store which explicitly drops the xa_lock to allocate memory if called
> with blocking flags (like GFP_KERNEL here), doesn't this violate the expected
> mutual exclusion guarantee of the Guard?
>
> In Rust, a lock guard is fundamentally expected to provide strict, continuous
> mutual exclusion for its entire lifetime. Temporarily releasing the lock while
> a Guard is held breaks this invariant. Any caller relying on the Guard to
> ensure atomicity (such as check-and-update patterns) will be exposed to silent
> Time-Of-Check to Time-Of-Use (TOCTOU) race conditions, as other threads can
> mutate the array while the lock is dropped.
Should we rename `Guard` to something else to clarify this, or do you
think it is enough with added documentation on `Guard`?
Best regards,
Andreas Hindborg
next prev parent reply other threads:[~2026-06-09 12:25 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-04 19:58 [PATCH v4 00/11] rust: xarray: add entry API with preloading Andreas Hindborg
2026-06-04 19:58 ` [PATCH v4 01/11] rust: xarray: minor formatting fixes Andreas Hindborg
[not found] ` <Yb-tTMBfsrAuBw9NXgUPl-MY1hGnE7OrQD5JOEwzYuL2Af2BZYrfDg5FzWfVfmulrnBeioLiEacxVMKrswog9g==@protonmail.internalid>
[not found] ` <20260604201631.450B51F00893@smtp.kernel.org>
2026-06-09 10:57 ` Andreas Hindborg [this message]
2026-06-09 12:36 ` Gary Guo
2026-06-04 19:58 ` [PATCH v4 02/11] rust: xarray: add debug format for `StoreError` Andreas Hindborg
2026-06-05 15:15 ` Tamir Duberstein
2026-06-09 8:06 ` Andreas Hindborg
2026-06-04 19:58 ` [PATCH v4 03/11] rust: xarray: add `XArrayState` Andreas Hindborg
2026-06-05 15:15 ` Tamir Duberstein
2026-06-09 8:38 ` Andreas Hindborg
2026-06-04 19:58 ` [PATCH v4 04/11] rust: xarray: use `xas_load` instead of `xa_load` in `Guard::load` Andreas Hindborg
2026-06-04 19:58 ` [PATCH v4 05/11] rust: xarray: simplify `Guard::load` Andreas Hindborg
2026-06-05 15:15 ` Tamir Duberstein
2026-06-09 8:39 ` Andreas Hindborg
2026-06-04 19:58 ` [PATCH v4 06/11] rust: xarray: add `find_next` and `find_next_mut` Andreas Hindborg
2026-06-05 15:15 ` Tamir Duberstein
2026-06-04 19:58 ` [PATCH v4 07/11] rust: xarray: add entry API Andreas Hindborg
2026-06-05 15:15 ` Tamir Duberstein
2026-06-04 19:58 ` [PATCH v4 08/11] rust: mm: add abstractions for allocating from a `sheaf` Andreas Hindborg
2026-06-04 19:58 ` [PATCH v4 09/11] rust: mm: sheaf: allow use of C initialized static caches Andreas Hindborg
2026-06-04 19:58 ` [PATCH v4 10/11] xarray, radix-tree: enable sheaf support for kmem_cache Andreas Hindborg
2026-06-04 19:58 ` [PATCH v4 11/11] rust: xarray: add preload API Andreas Hindborg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fr2wgew0.fsf@kernel.org \
--to=a.hindborg@kernel.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
--cc=tamird@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox