Received: by 2002:a05:6358:53a8:b0:117:f937:c515 with SMTP id z40csp421732rwe; Fri, 14 Apr 2023 05:06:47 -0700 (PDT) X-Google-Smtp-Source: AKy350bO8+SM/SYWzNJf9bEFxX9D+Q3Bi7vF7tpDCk5u0yNHUMqsFfnbjO9y22VpZwzPZBnTDrWu X-Received: by 2002:a17:902:db0e:b0:19e:29bd:8411 with SMTP id m14-20020a170902db0e00b0019e29bd8411mr3080972plx.30.1681474006816; Fri, 14 Apr 2023 05:06:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681474006; cv=none; d=google.com; s=arc-20160816; b=Ph7qPNMKepOeKHZS7btPWv8w0YNiACv/K5rjO9FNCFGqrKDXpRWHCOFvS4KPIKajzK lGTbZrQMX+hRm6NLp3b+wdzkCO8V+sih4o1Msdwdik/hHJ3g4jfSvR1Dc8mneerbzCVR yqDOEeYjhPtJG03O5rREYHlgiyPJHFnNtUlH9RieHkj2o7zgsPMrhD4MFNnavReVbSlJ 5/KWjZjMVxX5JYNR/MKHXM/1V0D8Y6jKz8wlwWpzBoO/eo7BJ+rcT4NLGNHkU+zyM8gk qoccklY3hMqoVg/JBxspWCdYCv348l0GIqPeIKtl4gkJNUW5za4bbKMlIX76d/AgYlGy ubHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:feedback-id:dkim-signature:dkim-signature; bh=jmg3WDJnOye7aJxA4k2ecYkrHqICWicLafdh+i740ss=; b=Y9fXMl47Q5RVKqkDQB/unQnbdihCdYuwFc7AS0PC9nA2CHUa7jxWeGbEo0IPRDwqPj 4TadvLeyiQT56y8fEda/c8EoAsyd8xBCZfINOUsleBOjeWGkTf7xxZBgvAAYyoPTWgSY eY99mA0viii/DG9a9fdKc+qajYaistIxBpX31U2K1/YKPHvoJ/UQDGIyhqb1hPE9uJF/ Z9n415Q0K3IBuED23RreOLlC32ysexFTW991ZMJPeqrsFII6u4GVKDN6AHvNxcyttUvi sHEGfBKNPmXehy9Na3hUPW+fSzOu+FkPF6YCU3Nsl8+9XrUKI01UZhfs7Wm9dSLjTrMY 7iDA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ryhl.io header.s=fm3 header.b=JA6lhI2U; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=FjpZJ3v5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ryhl.io Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h125-20020a636c83000000b0051b7f451cc6si271584pgc.539.2023.04.14.05.06.34; Fri, 14 Apr 2023 05:06:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ryhl.io header.s=fm3 header.b=JA6lhI2U; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=FjpZJ3v5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ryhl.io Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229546AbjDNMCp (ORCPT + 99 others); Fri, 14 Apr 2023 08:02:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55736 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229941AbjDNMCa (ORCPT ); Fri, 14 Apr 2023 08:02:30 -0400 Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EE66F4230; Fri, 14 Apr 2023 05:02:28 -0700 (PDT) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 620365C0056; Fri, 14 Apr 2023 08:02:28 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Fri, 14 Apr 2023 08:02:28 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ryhl.io; h=cc:cc :content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to; s=fm3; t= 1681473748; x=1681560148; bh=jmg3WDJnOye7aJxA4k2ecYkrHqICWicLafd h+i740ss=; b=JA6lhI2UPYHwIx1gZKnZCxV62cD0efkjJ5sq1CxM0MP2SVcVOD1 bGGz/7UKX22jDpKakRQzmn4YlYaizNWRK76Uilw2yytd05FGveEb6SuV8onYTLuT xRwWnK5ApYZxhZy7uO0dvQhJ31Exqb87E4oxCAfR1mM8ikHbaJ87R+s0bC17jKxP XG0JLu11cLbXIUSSKrgQnSC1wWLkFXN7r6SWvAE97U7nS8KRIBlisWCBsEou6K+/ ZuDWjVk1lxc2ARbgDc++dt1DM7l8/iDzdNcj0oxRb1bJWIBViL7Wr0CMBYHLpAVC EeqnfXD2/JFCh4GKF8JrxR2HdgPhSWIFHww== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t= 1681473748; x=1681560148; bh=jmg3WDJnOye7aJxA4k2ecYkrHqICWicLafd h+i740ss=; b=FjpZJ3v5V1wLMCnCXEwV4kPNJT+v3YN5//KeTHlX7Nbvq34CyMS kl8brX1IUsmOlQa3ACyEYBTAr/ZmT9uAJAMOgyg2zRBFC+M9/D/M5OpN9heVinKA G6mejKXatUIMuau+rAynpqQsRvn2B/Va5zz4smxHSgaGy1Uv5e2RIk6CXw4ZC9YZ rqds8m7dcM5KGAMiyo9LNnyTn4A1JuHmhbCJZRAgMbJVTk2rJ4fBcqn0OBcYhKj9 NAFPHnfGuCef+WqZQ08qvJ4ME1cPjBwJBfKHekLvZ9/Vz5RB6jYRUI1liZfl+ISw lnCM2QIkBB+2L8C09XUSaBpPhQO5PenNl3g== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrvdeltddggeejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepkfffgggfuffvvehfhfgjtgfgsehtjeertddtfeejnecuhfhrohhmpeetlhhi tggvucfthihhlhcuoegrlhhitggvsehrhihhlhdrihhoqeenucggtffrrghtthgvrhhnpe efvddvgeelgfdtjeegteelgffffeeljeetiedtveeghfeihefhteekgedvfefhheenucff ohhmrghinhepghhithhhuhgsrdgtohhmnecuvehluhhsthgvrhfuihiivgeptdenucfrrg hrrghmpehmrghilhhfrhhomheprghlihgtvgesrhihhhhlrdhioh X-ME-Proxy: Feedback-ID: i56684263:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 14 Apr 2023 08:02:26 -0400 (EDT) Message-ID: <5628890a-a975-9283-7ce7-969d1501de1f@ryhl.io> Date: Fri, 14 Apr 2023 14:02:49 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.1 Subject: Re: [PATCH v4 02/13] rust: sync: introduce `Lock` and `Guard` Content-Language: en-US To: Wedson Almeida Filho , Gary Guo , rust-for-linux@vger.kernel.org Cc: Miguel Ojeda , Alex Gaynor , Boqun Feng , =?UTF-8?Q?Bj=c3=b6rn_Roy_Baron?= , linux-kernel@vger.kernel.org, Wedson Almeida Filho , Martin Rodriguez Reboredo References: <20230411054543.21278-1-wedsonaf@gmail.com> <20230411054543.21278-2-wedsonaf@gmail.com> <20230411214205.5753343f.gary@garyguo.net> From: Alice Ryhl In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-5.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 4/12/23 13:38, Wedson Almeida Filho wrote: > On Tue, 11 Apr 2023 at 17:42, Gary Guo wrote: >> >> On Tue, 11 Apr 2023 02:45:32 -0300 >> Wedson Almeida Filho wrote: >> >>> From: Wedson Almeida Filho >>> >>> They are generic Rust implementations of a lock and a lock guard that >>> contain code that is common to all locks. Different backends will be >>> introduced in subsequent commits. >>> >>> Reviewed-by: Martin Rodriguez Reboredo >>> Suggested-by: Gary Guo >>> Signed-off-by: Wedson Almeida Filho >>> --- >> >> There is not drop implementation on `Lock`, which implies all locks can >> be just forgotten? > > Yes, all locks can be forgotten. Are the locks not pinned? Pinning comes with the guarantee that the value remains valid until the destructor runs, so the only kind of forgetting you can do to a lock is the one where the memory containing it is leaked, meaning that its not a UAF to use it after forgetting it. My understanding is that the issue had to do with forgetting the guard types, since those were not pinned. >> I believe we discussed a case where this is can lead to UAF when a lock >> is dropped while it is locked (e.g. because the guard is forgotten). > > Yes, this is the issue brought up by Boqun: > https://github.com/Rust-for-Linux/linux/issues/862 > > The issue arises when a mutex guard is forgotten and the task that > owns it exits. Then another task trying to acquire the mutex will lead > to a UAF. A drop implementation on the lock doesn't solve this. > > One solution is to increment the refcount on the current task when we > acquire the mutex and decrement it when we release, but if we do that, > the cost of acquiring/releasing a mutex gets much worse in Rust than > it is in C. > > Another solution might be to force disable CONFIG_MUTEX_SPIN_ON_OWNER > when Rust is enabled, which is undesirable because it affects the > performance of C code as well. > > Even a closure-based lock (which I believe you suggested at the time) > doesn't solve this completely because the thread may exit during the > closure execution and leave a dangling pointer in the mutex. > > So we don't have a good solution for this yet.