Received: by 2002:a05:7412:b10a:b0:f3:1519:9f41 with SMTP id az10csp166620rdb; Thu, 30 Nov 2023 01:09:36 -0800 (PST) X-Google-Smtp-Source: AGHT+IE0pjFnzjJNd2BZ7G0oUxBH7dgUzeey2o6whqhet37ikzmpuBB+80WFpBT2ZR5gtIKKWU6a X-Received: by 2002:a17:903:40cb:b0:1cc:6597:f421 with SMTP id t11-20020a17090340cb00b001cc6597f421mr26375065pld.48.1701335375754; Thu, 30 Nov 2023 01:09:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701335375; cv=none; d=google.com; s=arc-20160816; b=cYOvHnPf3tVH/833bxwaK2X3Oe9RcVQb0alkUZhgbJUQoEdnfjcidYrwuIG6y5BOi4 Ie9T6OI14fQr2BWQ0nvxjonITBGM7E/7uf3Vjvk/tsPjUOqFuI4OYeeZZOzBEIMGYqWz ONO364EdqZ5ZaTswvBivIWTNjjRAyFq/DlXfL/tvRu93refaPDTbHOgng/WvLdFB0DqV hMYgp+snY1KaHeBN8V3/miWqe7TJgk2Ft3Tt8STcIOBsYJ5kleAyHZJ13G1QCqZ4mEDd kOAfrNOeiLa1Pcrdfz9E9xYliNQNKY7w5ZeIc7DHu/P/UqGa4IFblF8IhVBDmtfsgUi/ Zc7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=akey4bL6nLAyD80QJ4nsh3jgPBMiYd1gq7liqOerqec=; fh=RSd+TZy+/ERHgQwZJxQcFDN6ZwblMaCj09CeqL1TqaM=; b=q13aw3hMv2XjZ0yE6pBuQvhFQAnaZFAWzDhxIdscQ88I/hJ3UFu97Y1YLDhv9Nsfj6 E3zzviLLlZzgay0oololoz+UxEABvW28IFPqqz6iTwVi2b0goqnlXHVIcf4GaK62ylfi DjproVQ1V1C9/pWgoC1DlTl7QhA50RYvZUIL1wLa8YTTmEk0Deh2wvIGHha7ezTx1OMO AXmDKskinIsaBR1KX2jIPuuDRiGCmcoFNJDlRZruBkSIsDAfjDiaa66xjVvMkrgBRGMO Yr/Jx9VUeMWcGdqcZg4019ra8+r/xqD1UUtmUyRA8DVLjsKGEkld1DtctFOgAtmZkGg+ jRZA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=YYOeoaJf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6]) by mx.google.com with ESMTPS id l16-20020a170903121000b001cfb32056besi848303plh.416.2023.11.30.01.09.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Nov 2023 01:09:35 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=YYOeoaJf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 2CC2182069DC; Thu, 30 Nov 2023 01:09:33 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231772AbjK3JJN (ORCPT + 99 others); Thu, 30 Nov 2023 04:09:13 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60500 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229462AbjK3JJM (ORCPT ); Thu, 30 Nov 2023 04:09:12 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5FF96CF for ; Thu, 30 Nov 2023 01:09:18 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2B788C433C7; Thu, 30 Nov 2023 09:09:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1701335358; bh=xb51lgH3hhmGdIHdSPjYm+sLbGYQfwWqFrsqt0dVLWs=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=YYOeoaJfkiDkKn0akU65fRx50iLnBadwLtcjp4awkfUOdAXFhvd65HUyXPoA7965H 2649TBwBK5gBj3p0xM7DQ04pZdL4bfYWQWP0rDZrUY05CRFfxpkUXX/OBpxCfKFP51 RZ11qlMzruEcZC7e+wyJNFv7LmSO3ePrdwIVHZRjK+/qYJ1PphncIVkAwha6ZU57cF fjanawuEejTGuho1/h/lw5rnmV/Rv0Dq7EaTMIfHB99TCLD+medEHQvcRlKNI8PFeq A2GaALvjHsyxl8mjMgUYI2n7vYXGHlL2YhjQQKSbFbnRSsLe1pZSpNms/MzraXuoQa /A9EkP7Chvu1g== Date: Thu, 30 Nov 2023 10:09:09 +0100 From: Christian Brauner To: Alice Ryhl Cc: a.hindborg@samsung.com, alex.gaynor@gmail.com, arve@android.com, benno.lossin@proton.me, bjorn3_gh@protonmail.com, boqun.feng@gmail.com, cmllamas@google.com, dan.j.williams@intel.com, dxu@dxuuu.xyz, gary@garyguo.net, gregkh@linuxfoundation.org, joel@joelfernandes.org, keescook@chromium.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, maco@android.com, ojeda@kernel.org, peterz@infradead.org, rust-for-linux@vger.kernel.org, surenb@google.com, tglx@linutronix.de, tkjos@android.com, viro@zeniv.linux.org.uk, wedsonaf@gmail.com, willy@infradead.org Subject: Re: [PATCH 4/7] rust: file: add `FileDescriptorReservation` Message-ID: <20231130-lernziel-rennen-0a5450188276@brauner> References: <20231129-zwiespalt-exakt-f1446d88a62a@brauner> <20231129165551.3476910-1-aliceryhl@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20231129165551.3476910-1-aliceryhl@google.com> X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Thu, 30 Nov 2023 01:09:33 -0800 (PST) On Wed, Nov 29, 2023 at 04:55:51PM +0000, Alice Ryhl wrote: > Christian Brauner writes: > > Can we follow the traditional file terminology, i.e., > > get_unused_fd_flags() and fd_install()? At least at the beginning this > > might be quite helpful instead of having to mentally map new() and > > commit() onto the C functions. > > Sure, I'll do that in the next version. > > >> + /// Prevent values of this type from being moved to a different task. > >> + /// > >> + /// This is necessary because the C FFI calls assume that `current` is set to the task that > >> + /// owns the fd in question. > >> + _not_send_sync: PhantomData<*mut ()>, > > > > I don't fully understand this. Can you explain in a little more detail > > what you mean by this and how this works? > > Yeah, so, this has to do with the Rust trait `Send` that controls > whether it's okay for a value to get moved from one thread to another. > In this case, we don't want it to be `Send` so that it can't be moved to > another thread, since current might be different there. > > The `Send` trait is automatically applied to structs whenever *all* > fields of the struct are `Send`. So to ensure that a struct is not > `Send`, you add a field that is not `Send`. > > The `PhantomData` type used here is a special zero-sized type. > Basically, it says "pretend this struct has a field of type `*mut ()`, > but don't actually add the field". So for the purposes of `Send`, it has > a non-Send field, but since its wrapped in `PhantomData`, the field is > not there at runtime. This probably a stupid suggestion, question. But while PhantomData gives the right hint of what is happening I wouldn't mind if that was very explicitly called NoSendTrait or just add the explanatory comment. Yes, that's a lot of verbiage but you'd help us a lot. > > >> + Ok(Self { > >> + fd: fd as _, > > > > This is a cast to a u32? > > Yes. > > > Can you please draft a quick example how that return value would be > > expected to be used by a caller? It's really not clear > > The most basic usage would look like this: > > // First, reserve the fd. > let reservation = FileDescriptorReservation::new(O_CLOEXEC)?; > > // Then, somehow get a file to put in it. > let file = get_file_using_fallible_operation()?; > > // Finally, commit it to the fd. > reservation.commit(file); Ok, the reason I asked was that I was confused about the PhantomData and how that would figure into using the return value as I hadn't seen that Ok(Self { }) syntax before. Thanks. > > In Rust Binder, reservations are used here: > https://github.com/Darksonn/linux/blob/dca45e6c7848e024709b165a306cdbe88e5b086a/drivers/android/allocation.rs#L199-L210 > https://github.com/Darksonn/linux/blob/dca45e6c7848e024709b165a306cdbe88e5b086a/drivers/android/allocation.rs#L512-L541 > > >> + pub fn commit(self, file: ARef) { > >> + // SAFETY: `self.fd` was previously returned by `get_unused_fd_flags`, and `file.ptr` is > >> + // guaranteed to have an owned ref count by its type invariants. > >> + unsafe { bindings::fd_install(self.fd, file.0.get()) }; > > > > Why file.0.get()? Where did that come from? > > This gets a raw pointer to the C type. > > The `.0` part is a field access. `ARef` struct is a tuple struct, so its Ah, there we go. It's a bit ugly tbh. > fields are unnamed. However, the fields can still be accessed by index.