Received: by 2002:a05:7412:b10a:b0:f3:1519:9f41 with SMTP id az10csp894681rdb; Fri, 1 Dec 2023 01:06:56 -0800 (PST) X-Google-Smtp-Source: AGHT+IEohfRl3cNIlWFpPTZEPwC7pkxM0JS/1IkVUBnLpXNRPHlLVwsBKFsU1lr3xUx2LQ/Sb8Cn X-Received: by 2002:a17:90b:1e02:b0:285:ade1:10cb with SMTP id pg2-20020a17090b1e0200b00285ade110cbmr19153403pjb.10.1701421616549; Fri, 01 Dec 2023 01:06:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701421616; cv=none; d=google.com; s=arc-20160816; b=l/+schkPLDIljtFJcm3iDU3zlwxx+RKhYv3ju6MhtgZc/1DQuf59N//bdf1NxsNiYA 5xoa3uBrsBncMNlWaZNpPAlBqZQbd+t54huvkAg7TWNWue5HIXQYpyZnlivmS2dYOUox pVymT6fd5vtRejsXDRkRKzMUx0Vz0F29r67hW/vdaiipsoE3WCs7PklUfc7PiGnqSzbW gAM/U2jGojoH6TQZguYuB07K+JEuEzXPM1r+0XdDtjz1TBJIwo1QXZ9YSv2NUdijK/d5 h5ycBhGbbLrGZTsf4wkUj1I9kO0ibNeW+5mtoyIaPAOuI4K2PDm/WhClzAOMRZuid/Cf KQ+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=1JTU9CaHiSbs+o3JtKXRUkQIh0ncmcY1dLiLoH2GmSc=; fh=z2hXiH4VMMPn9Mc3pxRZXd1lTgXK2V9Ex1Ve4oi4WSc=; b=Aka6kNl+TSz7DptJ0GN5xp2v99TDg2ErsV0ml8MEZV0rSORYLv+pH9VyySpYCCcRoI nEsFJjqA8Sc9yaS7L4iRIY4FERS0TN62XtxZo/9ysE/wUIuBmUsNOQHeyPAs2phn7NFi jY0+Kus02xCh8aJ+PsXlyIcNyr+dKdboIYams7KZkT0qpTLBFMz2jGNJ7VJ1divTbnfj qkjVIxQKlN8ImZ3XRr/xDVeGycc4LHuGL47mESgaiMp7b78ggF+5cHi5YH38obmBXCvB jc6//HTQaT7z0SxIdrCo6RAiDCUdQWI0jJfnm5TXb+vfijl04ksZXrtNvR/I03gnlFie QEVg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b="eRDiVXl/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id nv15-20020a17090b1b4f00b002841a9ca614si3255677pjb.187.2023.12.01.01.06.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 Dec 2023 01:06:56 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b="eRDiVXl/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 21C028108356; Fri, 1 Dec 2023 01:06:54 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1377996AbjLAJGg (ORCPT + 99 others); Fri, 1 Dec 2023 04:06:36 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55218 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1377991AbjLAJGe (ORCPT ); Fri, 1 Dec 2023 04:06:34 -0500 Received: from mail-lf1-x149.google.com (mail-lf1-x149.google.com [IPv6:2a00:1450:4864:20::149]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 884791713 for ; Fri, 1 Dec 2023 01:06:40 -0800 (PST) Received: by mail-lf1-x149.google.com with SMTP id 2adb3069b0e04-50bcd1578c8so1945741e87.2 for ; Fri, 01 Dec 2023 01:06:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1701421599; x=1702026399; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=1JTU9CaHiSbs+o3JtKXRUkQIh0ncmcY1dLiLoH2GmSc=; b=eRDiVXl/J1Agej0Ydb4tN2X57AnRHeJUzyHAhbzAm1VWss/THydLxgLa0hQdGZN8dw 5pEH1Tys+h+JWpqEmUDzLS+jB9fR8AhUGSjO/2KrqKOH5R4Tw3h6QeGxa+hxFjYFdkgJ dcXgR4C7Cqy9PcvY5RVP7yDmEtcqAoQNOl4eL3Xc0/ym1QruDVjN3sAq2VtCwtZ6dh64 sqkH4mM51y9XsWFRtNawvuDHB36V3dWG8ClVyHMvuszrjpEMU+nWQzoOaBXcwlE+bwiw QYG8i/depsz5/nDVozJaNkZLVsNB0wwkg1MVUttrLEoWWFpg8j4XHlT4QZgpURCzFQwK Kwtw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701421599; x=1702026399; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=1JTU9CaHiSbs+o3JtKXRUkQIh0ncmcY1dLiLoH2GmSc=; b=pHfrwymj6oa/zBwJOttJ7W233fQbtYX0A7IXkQsKpeYjbddpiaat6j/a0Lr886DE39 KsNBsUFfLs4k7sM8CesOfdgkfRZEc29ldIu5SUBsrviEg1NQdHfKutu3jUYBaWIPtYDc njN6b2Vjn723RpxrMzJj724FRiber9lZxs5ACl84joKZ59Roq4FCrqLMkHkJrKSij3c1 9BRl3oIJeJxz4JYd+/2wFZOTwTE1IzmiI0YsrlHzoldtFPkzJ7uDF2g1zLilK7XUraiP Kw2b3riJQ9Pim+1PCbjIg31EKCzCNruiTJmlfusv/Ts/q3ba8HxhM+993ekdxLfq3U2s L8KA== X-Gm-Message-State: AOJu0YxngYREKxt2ondpkQ4sMnFOCnSsMRgVNAUX+8NjJ3ABEUAZuO8W LihCXJps7DHo5pOnb/hZcMWP3AYl0SHisXU= X-Received: from aliceryhl2.c.googlers.com ([fda3:e722:ac3:cc00:68:949d:c0a8:572]) (user=aliceryhl job=sendgmr) by 2002:a05:6512:203:b0:50a:bbf5:6697 with SMTP id a3-20020a056512020300b0050abbf56697mr34127lfo.4.1701421598775; Fri, 01 Dec 2023 01:06:38 -0800 (PST) Date: Fri, 1 Dec 2023 09:06:35 +0000 In-Reply-To: Mime-Version: 1.0 References: X-Mailer: git-send-email 2.43.0.rc2.451.g8631bc7472-goog Message-ID: <20231201090636.2179663-1-aliceryhl@google.com> Subject: Re: [PATCH 2/7] rust: cred: add Rust abstraction for `struct cred` From: Alice Ryhl To: benno.lossin@proton.me, brauner@kernel.org Cc: a.hindborg@samsung.com, alex.gaynor@gmail.com, aliceryhl@google.com, arve@android.com, bjorn3_gh@protonmail.com, boqun.feng@gmail.com, cmllamas@google.com, dan.j.williams@intel.com, dxu@dxuuu.xyz, gary@garyguo.net, gregkh@linuxfoundation.org, joel@joelfernandes.org, keescook@chromium.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, maco@android.com, ojeda@kernel.org, peterz@infradead.org, rust-for-linux@vger.kernel.org, surenb@google.com, tglx@linutronix.de, tkjos@android.com, viro@zeniv.linux.org.uk, wedsonaf@gmail.com, willy@infradead.org Content-Type: text/plain; charset="utf-8" X-Spam-Status: No, score=-8.4 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Fri, 01 Dec 2023 01:06:54 -0800 (PST) Benno Lossin writes: > On 11/29/23 13:51, Alice Ryhl wrote: >> + /// Returns the credentials of the task that originally opened the file. >> + pub fn cred(&self) -> &Credential { >> + // This `read_volatile` is intended to correspond to a READ_ONCE call. >> + // >> + // SAFETY: The file is valid because the shared reference guarantees a nonzero refcount. >> + // >> + // TODO: Replace with `read_once` when available on the Rust side. >> + let ptr = unsafe { core::ptr::addr_of!((*self.0.get()).f_cred).read_volatile() }; >> + >> + // SAFETY: The signature of this function ensures that the caller will only access the >> + // returned credential while the file is still valid, and the credential must stay valid >> + // while the file is valid. > > About the last part of this safety comment, is this a guarantee from the > C side? If yes, then I would phrase it that way: > > ... while the file is still valid, and the C side ensures that the > credentials stay valid while the file is valid. Yes, that's my intention with this code. But I guess this is a good question for Christian Brauner to confirm: If I read the credential from the `f_cred` field, is it guaranteed that the pointer remains valid for at least as long as the file? Or should I do some dance along the lines of "lock file, increment refcount on credential, unlock file"? Alice