Received: by 2002:a05:7412:b10a:b0:f3:1519:9f41 with SMTP id az10csp427979rdb; Thu, 30 Nov 2023 08:17:31 -0800 (PST) X-Google-Smtp-Source: AGHT+IHsD/Bjq34zxoLa/vqHQzaE1oSsryDjnlAjKd18NaZyKN4Sj5VTjzNh3ZSaiLO8tvXxasu6 X-Received: by 2002:a17:903:41d1:b0:1cf:a718:3ac with SMTP id u17-20020a17090341d100b001cfa71803acmr23083858ple.13.1701361050795; Thu, 30 Nov 2023 08:17:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701361050; cv=none; d=google.com; s=arc-20160816; b=bYQK39vbXnPfJbRuESe4lti3ZCQIFdXOnj+UiT7YkYDC3u1brjBfnmD+XIB6KW1HL8 58m8AXO9RxAUknOeGY3Zq4+2emuQaq/P2Ws8apzYIZPR5jNnEPNRXWczgP9ChbDe552R mn9MJA6z14k9fA1xrv405UJqbGoM39NZzIgP2zo7URsh3EGRp7LkP9F4WffgTGf2oSId +xDagRLxtvjaWHw7z1vMAUbLFeknjnRm7AsXSe5gS1W+bVghUoCOeuwh8UIs/oPMOlvp cUosK1h5viSOUprJLR3n7j6wH67Apw5uTVpfucJMZ0DIWxNvZdd2AVqWyv3PHk6VJnul sBVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :feedback-id:references:in-reply-to:message-id:subject:cc:from:to :date:dkim-signature; bh=mRFq5LKYHvE44IpjbLDOnURptajquKGU1HNJazPPf9o=; fh=yGC6hLtEKxG/qAMK6tCmLY72Pr3WjPw6U6qgCoktHOQ=; b=nkTR42Xu2AWBMr6O8XfmUGlZLRK4O5/0oJ1QVexVpqYrz0aZJ9kOxiaWcjEoPacKB4 PdjRnoMegnn2GDgoY9T3GYQH6iQ70PdfFR0hvlyoH9kt3sat63M14Pmrb9W46oGZ6bro dHkOPQBxk1HyJEAVNNSocZnO+je4k8FtCWnK3BPlNeY/P6esPvK9bdkcN9pzP7pjXvz/ emWbVoLmnIjJhrkeJmOL2SFyYYVlEQspnWYnzHzdfiWR1cuqO0d9fk+ByDC0aOyIBpge ZRHm2neJa9jxLigNp9/DjGj7qukA2kYuwlXBE/jHgbHfLq2uExuUYuItkvCNyfaL5o27 88aQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@proton.me header.s=protonmail header.b=MP7805Ff; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=proton.me Return-Path: Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id a2-20020a170902ecc200b001cfee4c128asi1533534plh.356.2023.11.30.08.17.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Nov 2023 08:17:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@proton.me header.s=protonmail header.b=MP7805Ff; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=proton.me Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 48EA380267F9; Thu, 30 Nov 2023 08:17:29 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232008AbjK3QRT (ORCPT + 99 others); Thu, 30 Nov 2023 11:17:19 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55732 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231796AbjK3QRR (ORCPT ); Thu, 30 Nov 2023 11:17:17 -0500 Received: from mail-40133.protonmail.ch (mail-40133.protonmail.ch [185.70.40.133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B9C74197; Thu, 30 Nov 2023 08:17:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proton.me; s=protonmail; t=1701361042; x=1701620242; bh=mRFq5LKYHvE44IpjbLDOnURptajquKGU1HNJazPPf9o=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=MP7805FfoSY6qKMdB3HRW99VFJ5WcaPwsXR+VYTX5bibjTIn/r+D+DLMg469O5PMM JZO7Sv0a1oiqk0JEHJx7pZ1PMw9e61rM/HDujeJlKTNrr56n31fC4AdssIRKuMtL3M 0CafqvFLKKZODXZ071RjfCz2QUGcvYHUEIwN+WCBhke3L+mPNLLoctQISw5Jn/dcJb SE5L8+LokHeV1z8EmulRJgjUBlDgml5mng2mAgAzzzU8vjdwTS6bxrvdl/urIziLI3 LkwjlMXG6xpSXlJhXWO6lWkcYS7oA3ZsRfcxS8IBOhhZotPUmLY4jx4fooGXuxCX0+ rQzJn+72hPvEA== Date: Thu, 30 Nov 2023 16:17:03 +0000 To: Alice Ryhl From: Benno Lossin Cc: Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , =?utf-8?Q?Bj=C3=B6rn_Roy_Baron?= , Andreas Hindborg , Peter Zijlstra , Alexander Viro , Christian Brauner , Greg Kroah-Hartman , =?utf-8?Q?Arve_Hj=C3=B8nnev=C3=A5g?= , Todd Kjos , Martijn Coenen , Joel Fernandes , Carlos Llamas , Suren Baghdasaryan , Dan Williams , Kees Cook , Matthew Wilcox , Thomas Gleixner , Daniel Xu , linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org, linux-fsdevel@vger.kernel.org Subject: Re: [PATCH 2/7] rust: cred: add Rust abstraction for `struct cred` Message-ID: In-Reply-To: <20231129-alice-file-v1-2-f81afe8c7261@google.com> References: <20231129-alice-file-v1-0-f81afe8c7261@google.com> <20231129-alice-file-v1-2-f81afe8c7261@google.com> Feedback-ID: 71780778:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 30 Nov 2023 08:17:29 -0800 (PST) On 11/29/23 13:51, Alice Ryhl wrote: > + /// Returns the credentials of the task that originally opened the f= ile. > + pub fn cred(&self) -> &Credential { > + // This `read_volatile` is intended to correspond to a READ_ONCE= call. > + // > + // SAFETY: The file is valid because the shared reference guaran= tees a nonzero refcount. > + // > + // TODO: Replace with `read_once` when available on the Rust sid= e. > + let ptr =3D unsafe { core::ptr::addr_of!((*self.0.get()).f_cred)= .read_volatile() }; > + > + // SAFETY: The signature of this function ensures that the calle= r will only access the > + // returned credential while the file is still valid, and the cr= edential must stay valid > + // while the file is valid. About the last part of this safety comment, is this a guarantee from the C side? If yes, then I would phrase it that way: ... while the file is still valid, and the C side ensures that the credentials stay valid while the file is valid. --=20 Cheers, Benno > + unsafe { Credential::from_ptr(ptr) } > + } > +