Received: by 2002:a05:7412:2a8c:b0:e2:908c:2ebd with SMTP id u12csp1410099rdh; Mon, 25 Sep 2023 11:52:14 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGDcb+M7y4CFajJ9vvw9nXt1xJZPRc5xb/pVt4V3KEb++FBhWzso1bqthSdT9KqcdM7+nTs X-Received: by 2002:a17:90a:5410:b0:269:7f88:6b13 with SMTP id z16-20020a17090a541000b002697f886b13mr5172206pjh.0.1695667934230; Mon, 25 Sep 2023 11:52:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695667934; cv=none; d=google.com; s=arc-20160816; b=0MXKZDBUBOIWHSuUj3El/ZzUO8GTjMAGxkOSFDtwidzN/CQp2k392MIb0x+kdA8HSR wzFtBaF6BbB0bMeDpQW8UmZl866tnE9uulZGjgvfgd2YWuMqk4Coi0K5M4UJV0CTJm5v gezaNWDGKOhUhUBiVvPC784Jr8Lt1js8KFHZrt1EXhNe4F5BEcIbHu20JzivjtCfwElo fY/GbohjL6w2DRldkusXc8H8yMG1fgyMOkLUkOQ9eYdCWiDqdM0P0JjCrtAjojjxxBBl 4q/UzalOH18wJAA+bph/7UqNH4Y1Ffi3aTkBqaFhKaoVOOui7SGd+doxVSnmED4zmyxd d6Zw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:feedback-id:dkim-signature; bh=D91jQq70A+URlVXyjILvwYovkk9Wp5hFZGtxcOFay7A=; fh=i+8td0jeA0x37MnAp4+fELDjZGKpzLURUmZ3wDctG90=; b=diikAaJLQwLWMEicfDb9oWXJxj40Z9wOeahbyScNHvOAjSuvqucRi+ddGx1Xfx0l0N 86iUViIWecgMPcw+e8tWjhV5T2qqAiOydoQauixuYiK79ojkCTjTfPsR8aD8kHOQkG9e KJ/tPj0yMGnLQV9qxu+bmAV8zj1t4jSO8mSQ2N6cwSh/yl1cUL8X+i1X0Zl1rjNhxmAs 2LDBlJDahfio0G08l6zwwDd8q39kKo9GRqn1LCdBIkfm11zuoO7WsPOuSOVoGq6/VHNV G6VUQ7QnZe7DKsFq9r/8zctdpicaEe9dBJuKOpkPQmCHmuIfG+bZM+/S90v6qcxb5812 kToA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=EC8fU5vk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id ob9-20020a17090b390900b002680c21ca6csi14082962pjb.95.2023.09.25.11.52.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Sep 2023 11:52:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=EC8fU5vk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 8AA4E8116B13; Mon, 25 Sep 2023 09:16:29 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232946AbjIYQQV (ORCPT + 99 others); Mon, 25 Sep 2023 12:16:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35182 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229437AbjIYQQU (ORCPT ); Mon, 25 Sep 2023 12:16:20 -0400 Received: from mail-lf1-x134.google.com (mail-lf1-x134.google.com [IPv6:2a00:1450:4864:20::134]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E6768B6; Mon, 25 Sep 2023 09:16:11 -0700 (PDT) Received: by mail-lf1-x134.google.com with SMTP id 2adb3069b0e04-503f39d3236so11014625e87.0; Mon, 25 Sep 2023 09:16:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1695658570; x=1696263370; darn=vger.kernel.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :feedback-id:from:to:cc:subject:date:message-id:reply-to; bh=D91jQq70A+URlVXyjILvwYovkk9Wp5hFZGtxcOFay7A=; b=EC8fU5vkRwxGW6Z6Uc7zN6K9D3+NrL80ZrcpUWUocAz46uuYdqjn5HBpfC2qy7eRN2 RxL0Fvrrco0B5h3Nzsm2QzFQ/U+usDxCoEKWFn98xSCQaeJqLerl3AgYUypvQYz0QXcj iGV/9sSl6qJ9dGPdSf05JkbA2KQ2k/uN9mrB3TbT6nGvSP503XcGrbqTg3wMYEHNrY3O wnUIV7UkcBLZQcIjMOXd8ukxzSzwcG+xaebhQ2nhtoBgMOj7mrhE7H98xvMx3T1HN5DO dnoCI0xuQdKbYa6P/zYMZQ6i/+pr+soMWRTZXJ2TEV31O3L0kDcdmyOfIOws9JPj6L5q 7JYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695658570; x=1696263370; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :feedback-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=D91jQq70A+URlVXyjILvwYovkk9Wp5hFZGtxcOFay7A=; b=hy0rtXgD9Iu9jzv7U2SqmmaDx8ziH1tzD8ZnHysHPjiKjdsY+8DS9GVPMb29wEcHP6 9E4IeAUDP4tMOKg+6ci/vFhnWyNDb4kCC+x23xu+ttWrA3BMx9Thdt5ICQg+k6hNB2tk vcnth8O6Ma8pxfuwbXpmtFmiYc1DupLXtSmf/RPLKjF1iygH4YGIHkc0RP7zKCldHHMB feCMsYiiu7EHIFHs0D1zj5gogLgWux+MGFQ7dF/8a8+uNcRj4WWAksmML9D44hX2UQGd 7fSGLOvPDYv0VZ4T6mb+7ey2IQdpY7Z1z0rtlRjE8n2MJOxAzxtgON4/UbSagwVh8WAN uguA== X-Gm-Message-State: AOJu0YxtaBky5vrKvWJT0LKkESWHWZDb2gTGr9JfoDc/PXTx1whdrc+Y 52jBQDoSuBd5eBbHHbwMrnM= X-Received: by 2002:ac2:5f52:0:b0:503:5d8:da33 with SMTP id 18-20020ac25f52000000b0050305d8da33mr5035699lfz.20.1695658569742; Mon, 25 Sep 2023 09:16:09 -0700 (PDT) Received: from auth2-smtp.messagingengine.com (auth2-smtp.messagingengine.com. [66.111.4.228]) by smtp.gmail.com with ESMTPSA id d7-20020aa7ce07000000b0050488d1d376sm5739920edv.0.2023.09.25.09.16.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Sep 2023 09:16:09 -0700 (PDT) Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailauth.nyi.internal (Postfix) with ESMTP id 6653727C0054; Mon, 25 Sep 2023 12:16:07 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Mon, 25 Sep 2023 12:16:07 -0400 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrudelgedgleejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvfevuffkfhggtggugfgjsehtkeortddttdejnecuhfhrohhmpeeuohhq uhhnucfhvghnghcuoegsohhquhhnrdhfvghnghesghhmrghilhdrtghomheqnecuggftrf grthhtvghrnhepffelkeefudethfekhfehkefhledvjefggedvjeejffduleektdffieev jeettedunecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh epsghoqhhunhdomhgvshhmthhprghuthhhphgvrhhsohhnrghlihhthidqieelvdeghedt ieegqddujeejkeehheehvddqsghoqhhunhdrfhgvnhhgpeepghhmrghilhdrtghomhesfh higihmvgdrnhgrmhgv X-ME-Proxy: Feedback-ID: iad51458e:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 25 Sep 2023 12:16:06 -0400 (EDT) Date: Mon, 25 Sep 2023 09:16:05 -0700 From: Boqun Feng To: Benno Lossin Cc: Alice Ryhl , Wedson Almeida Filho , rust-for-linux@vger.kernel.org, Miguel Ojeda , Alex Gaynor , Gary Guo , =?iso-8859-1?Q?Bj=F6rn?= Roy Baron , Andreas Hindborg , linux-kernel@vger.kernel.org, Wedson Almeida Filho Subject: Re: [PATCH v2 2/2] rust: arc: remove `ArcBorrow` in favour of `WithRef` Message-ID: References: <20230923144938.219517-1-wedsonaf@gmail.com> <20230923144938.219517-3-wedsonaf@gmail.com> <969eab7f-ad40-0dfb-18b9-6002fc54e12b@proton.me> <14513589-cc31-8985-8ff6-a97d2882f593@proton.me> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <14513589-cc31-8985-8ff6-a97d2882f593@proton.me> X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Mon, 25 Sep 2023 09:16:29 -0700 (PDT) On Mon, Sep 25, 2023 at 03:07:44PM +0000, Benno Lossin wrote: > On 25.09.23 16:49, Boqun Feng wrote: > > On Mon, Sep 25, 2023 at 09:14:50AM +0000, Benno Lossin wrote: > >> On 25.09.23 08:29, Alice Ryhl wrote: > >>> On Sat, Sep 23, 2023 at 4:50 PM Wedson Almeida Filho wrote: > >>>> > >>>> From: Wedson Almeida Filho > >>>> > >>>> With GATs, we don't need a separate type to represent a borrowed object > >>>> with a refcount, we can just use Rust's regular shared borrowing. In > >>>> this case, we use `&WithRef` instead of `ArcBorrow<'_, T>`. > >>>> > >>>> Co-developed-by: Boqun Feng > >>>> Signed-off-by: Boqun Feng > >>>> Signed-off-by: Wedson Almeida Filho > >>>> --- > >>>> rust/kernel/sync.rs | 2 +- > >>>> rust/kernel/sync/arc.rs | 134 ++++++++++++---------------------------- > >>>> 2 files changed, 39 insertions(+), 97 deletions(-) > >>> > >>> I'm concerned about this change, because an `&WithRef` only has > >>> immutable permissions for the allocation. No pointer derived from it > >>> may be used to modify the value in the Arc, however, the drop > >>> implementation of Arc will do exactly that. > >> > >> That is indeed a problem. We could put the value in an `UnsafeCell`, but > >> that would lose us niche optimizations and probably also other optimizations. > >> > > > > Not sure I understand the problem here, why do we allow modifying the > > value in the Arc if you only have a shared ownership? Also I fail to see > > why `ArcBorrow` doesn't have the problem. Maybe I'm missing something > > subtle here? Could you provide an example? > > Sure, here is the problem: > Thanks, Benno. > ```rust > struct MutatingDrop { > value: i32, > } > > impl Drop for MutatingDrop { > fn drop(&mut self) { > self.value = 0; > } > } > > let arc = Arc::new(MutatingDrop { value: 42 }); > let wr = arc.as_with_ref(); // this creates a shared `&` reference to the MutatingDrop > let arc2: Arc = wr.into(); // increments the reference count to 2 More precisely, here we did a &WithRef<_> -> NonNull> conversion, and later on, we may use the `NonNull>` in `drop` to get a `Box>`. > drop(arc); // this decrements the reference count to 1 > drop(arc2); // this decrements the reference count to 0, so it will drop it > ``` > When dropping `arc2` it will run the destructor for `MutatingDrop`, > which mutates `value`. This is a problem, because the mutable reference > supplied was derived from a `&`, that is not allowed in Rust. > Is this an UB? I kinda wonder what's the real damage we can get, because in this case, we just use a reference to carry a value of a pointer, i.e. ptr -> reference -> ptr I cannot think of any real damage compiler can make, but I'm happy to be surprised ;-) Regards, Boqun > -- > Cheers, > Benno > >