Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp182351rwl; Thu, 30 Mar 2023 14:12:34 -0700 (PDT) X-Google-Smtp-Source: AKy350bxwb/vbN7pOTd8/17aCI38SGHXOucc1nmDUwYvRhqeVMZ+AQLHXYXalpmTOT+S2JFKXQO7 X-Received: by 2002:a17:90a:b305:b0:23d:1bef:8594 with SMTP id d5-20020a17090ab30500b0023d1bef8594mr3388345pjr.1.1680210754612; Thu, 30 Mar 2023 14:12:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680210754; cv=none; d=google.com; s=arc-20160816; b=nj8PUww8jpGeH2/BTXGR2OMbzwpKadCM4REmgqFYBa4R8Y87soXow9r2W5QPzalpwk waCqaUBhnZaw1hJ4YzbKC0hNtIr73lEbHz6dTR4kmyizFnbTgkvm7fredF9VySRzs8KX X+u7LudeoWUwSTECA1mDViLl42yZrLOtT5fett6cld3XuU0DN57MwxVGezWufjDGxEcy juAsV2sZhwzrLWIUyW4rSZXty+gg4QcgKTnFLiFOX9LfHc+fZvP2snH5LxaTpDdBz703 gjDoY6dTGHEp02yBL6AWs6ur8MOdA1d7pzBC2np7iJCKFyc3ETrK0xNkx9PD8onjgwuN ORVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :feedback-id:references:in-reply-to:message-id:subject:cc:from:to :dkim-signature:date; bh=CLgO8As5bEevfVZ/jlQ4M8lt0TNqWZbzE5S1UXMu7FY=; b=xfi1YUGd6mxfTQYcF/mIvI1Utcu5yxSVqCoH/LQ612zZtLkP6a+oIfkQpkF7XKb7eu LZ9DhiAbrGTB+soh1yD0VxvTm6twIaj7srNgHq9MP3iGVb0H1dgb2QsR3+vPw+dFX+DS Ay1V3rmB8MJZ5Ol93NZms8lWLmhkY4JW5AUc2MVq4agQCk4lLWXs5RbBxpDjdHGqtLty ZgGJ7tHzGlylO/a6vvgIkEHXrCWQcDuLWNg1/FPen0pSqcC00P4ms0/FPaTfd61UOG17 KfSKmEAdkdENoR4r20jfGM/D7VEPtjjMrmgsdfYoBTAD+Kq7riI/6AiWz+btCS6zcOZf FWxQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=pFBML9Xx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id lk10-20020a17090b33ca00b00233b40ad95dsi260985pjb.177.2023.03.30.14.12.21; Thu, 30 Mar 2023 14:12:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=pFBML9Xx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229816AbjC3VKo (ORCPT + 99 others); Thu, 30 Mar 2023 17:10:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36680 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229739AbjC3VK3 (ORCPT ); Thu, 30 Mar 2023 17:10:29 -0400 Received: from mail-4316.protonmail.ch (mail-4316.protonmail.ch [185.70.43.16]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AB50CE068 for ; Thu, 30 Mar 2023 14:10:28 -0700 (PDT) Date: Thu, 30 Mar 2023 21:10:18 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1680210626; x=1680469826; bh=CLgO8As5bEevfVZ/jlQ4M8lt0TNqWZbzE5S1UXMu7FY=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=pFBML9XxmyoxWjuk6ywiVWrCOW6OE8kh4TAkzA7CucR8s8/0Eh6POncencqSHcx6D Ki+nVIErkEYsQYZ681qxbbtQO6PzfVebBXTBbuvS5AkjhRbNvCSf9jRpQCKkvP7Te4 uvLEsH3EAX3QHuWEY2sH9w17fMiIcDJoEKTtshc60IYLOS5uyth0b9fs0dLa5Cjssi QhnPt6IPSKtPQ5batHvYhRFlJCJ3im/SgawP2QGBJ0w7dsR01GLMUZ+4WLnVYxwKcZ O0xFishbiN03E5LaAJFe4v0zfTjYDG/C2HKp6q5Z2+LaJbdePRO69pysLhF5c9tEQO r3mreGAdPb/gw== To: Wedson Almeida Filho From: Benno Lossin Cc: rust-for-linux@vger.kernel.org, Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?Q?Bj=C3=B6rn_Roy_Baron?= , linux-kernel@vger.kernel.org, Wedson Almeida Filho Subject: Re: [PATCH 13/13] rust: sync: introduce `LockedBy` Message-ID: <8a5d6cf1-17eb-6cb9-fb45-0a4d454d385e@protonmail.com> In-Reply-To: References: <20230330043954.562237-1-wedsonaf@gmail.com> <20230330043954.562237-13-wedsonaf@gmail.com> <04034640-2d89-dd63-07e5-29fa612aa458@protonmail.com> <06a7c5e7-fc5f-3860-7f17-7f3609de669a@protonmail.com> Feedback-ID: 40624463:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_MSPIKE_H2, SPF_HELO_PASS,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 30.03.23 23:04, Wedson Almeida Filho wrote: > On Thu, 30 Mar 2023 at 08:45, Benno Lossin wrote= : >> >> On 30.03.23 13:28, Benno Lossin wrote: >> struct Outer { >> mtx1: Mutex<()>, >> mtx2: Mutex<()>, >> inners: Vec, >> } >> >> struct Inner { >> count: LockedBy, >> } >> >> fn new_inner(outer: &Outer) -> Inner { >> Inner { count: LockedBy::new(&outer.mtx1, 0) } >> } >> >> fn evil(outer: &Outer) { >> let inner =3D outer.inners.get(0).unwrap(); >> let mut guard1 =3D outer.mtx1.lock(); >> let mut guard2 =3D outer.mtx2.lock(); >> // The pointee of `guard1` and `guard2` have the same address. >> let ref1 =3D inner.count.access_mut(&mut *guard1); >> let ref2 =3D inner.count.access_mut(&mut *guard2); >> mem::swap(ref1, ref2); >> } > > This doesn't reproduce the issue because `mtx2` itself is not a ZST > (it contains a `struct mutex` before the data it protects). > > Something like the following should reproduce it though: > > struct Outer { > mtx1: Mutex<()>, > zst: (), > } > > fn evil(outer: &Outer) { > let lb =3D LockedBy::new(&outer.mtx1, 0u8); > let value =3D lb.access(&outer.zst); > // Accessing "value" without holding `mtx1`. > pr_info!("{}", *value); > } You are correct, but in your example you also cannot be sure that it works, since the layout of the `Mutex` and `Outer` is `repr(Rust)`. And so you cannot be sure that `zst` has the same address as `value` inside of the `Mutex` (since the `struct mutex` could be in between). But regardless, lets just deny ZSTs in `LockedBy` since the fix is easy and it would be weird to put a ZST in a lock in the first place. (Not that you have argued against it) -- Cheers, Benno