Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp4775959rdb; Tue, 12 Dec 2023 09:01:53 -0800 (PST) X-Google-Smtp-Source: AGHT+IGnODlMEPz2eXye1ZSF05AR3fDhIoVTeCkWPYNKdfVfBHhmMB5hj8jBO7Pqj4PWirmzQrom X-Received: by 2002:a17:902:e804:b0:1cf:7c3d:df68 with SMTP id u4-20020a170902e80400b001cf7c3ddf68mr4272271plg.39.1702400512589; Tue, 12 Dec 2023 09:01:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702400512; cv=none; d=google.com; s=arc-20160816; b=BW8+WOVzujmlF7Z5C3lmNolXeGF4qVYPVawk90Ir9HAkA5/1tg0E9Obr8ZA2eacW29 4MLT1OkE4ML6M+DnEtcVbp40fHghJuMkmX3VY5OQ7udTSwxt9NRGN6U7fFR0JvzfiJaz MTNsGBL9LPxievqObsK5jv8sPc5j2WL8ux+hKcdwNhTxpB38/6gP+5jceVI67ZM30W/H hLrU9WUQbaPm1bR8ibeVXfuR1DeUznEQJIQXZ50GiZKOuJB1xFFnC9+ymfJ/Z1Um7NnU dkEXXYRxnPPhQOavbb6ltk5wji3u01NZm+r3OUE0vFPbdrKmupu+UpkgN4/hIFBMaVTo IUkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :feedback-id:references:in-reply-to:message-id:subject:cc:from:to :date:dkim-signature; bh=pW12o+ZtGJVXWSlbOsdjNFmo7Oz7+eWgJSUXDe0lDR4=; fh=yGC6hLtEKxG/qAMK6tCmLY72Pr3WjPw6U6qgCoktHOQ=; b=tF4uVUgHcBWdNs84jPV2oxDzi61KzZpk69Ri1+fZTQTz4uRMR04/evVVEyDdsH9Xu8 O3NDOcjGJRrL1g6RDlHBhTiWHDVDtQy/pd5SWxHeMnzXztWaMuyzW1NGZYXHLT4lmK7y AJZc4NaAroQ57X78fNKxWA2WbG+PLSjeit4MUWO5piO19GmZ9IiBDLHDMwBo1GueMmJe EPkQ4ZVDE7l2DbPfs6agYv3V4aiBHXWiD/g1Yg5p15Mp45cGJJGNlEa3CadYJ2eZWhCQ ItIQLxhdBqbjhMycy3q7NbigBUHgW6c6yzGrGKgXJz38epE2/GYCETGKL8uDazVQaAoh LVFw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@proton.me header.s=protonmail header.b=EtZK1xOy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=proton.me Return-Path: Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id 80-20020a630153000000b005c6814a42c0si8076140pgb.491.2023.12.12.09.01.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Dec 2023 09:01:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; dkim=pass header.i=@proton.me header.s=protonmail header.b=EtZK1xOy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=proton.me Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 366F480A9A9A; Tue, 12 Dec 2023 09:01:50 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232896AbjLLRBh (ORCPT + 99 others); Tue, 12 Dec 2023 12:01:37 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38388 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232924AbjLLRBe (ORCPT ); Tue, 12 Dec 2023 12:01:34 -0500 Received: from mail-4316.protonmail.ch (mail-4316.protonmail.ch [185.70.43.16]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7271B10E for ; Tue, 12 Dec 2023 09:01:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proton.me; s=protonmail; t=1702400497; x=1702659697; bh=pW12o+ZtGJVXWSlbOsdjNFmo7Oz7+eWgJSUXDe0lDR4=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=EtZK1xOybz/DnTE1jmDyCKyrg45e7E5ujPmJ/I6Gq8/sgkfF+YPGE2vRrFs8ZtoJ2 vZIdmwNmDM6gGwaMLd6LRq6UkGPaq3Oqc0hX28EH19ciI8Udz7Hy4Gf+Y+TAjl8EbB VNb4IFHRmeG4MEqUiV8tLE0dMK44YGQdFpCBomz4K/PpU7wDXsk2eyv2teS/PQvzzq fMXViXI+vORmX+KlggGQWLgDa/jBQjGFulSMDx/cjiCPyzS10LSA3FJJGA6cJgTEZU XK5ZHtzLGLGXarhIdlcEJ0A6QvaUFwKlZ3nxRc5gK8S5LWbYjPZ2WVDaxg7X5mIAiA FIQNROXGUG1ew== Date: Tue, 12 Dec 2023 17:01:28 +0000 To: Alice Ryhl From: Benno Lossin Cc: Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , =?utf-8?Q?Bj=C3=B6rn_Roy_Baron?= , Andreas Hindborg , Peter Zijlstra , Alexander Viro , Christian Brauner , Greg Kroah-Hartman , =?utf-8?Q?Arve_Hj=C3=B8nnev=C3=A5g?= , Todd Kjos , Martijn Coenen , Joel Fernandes , Carlos Llamas , Suren Baghdasaryan , Dan Williams , Kees Cook , Matthew Wilcox , Thomas Gleixner , Daniel Xu , linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org, linux-fsdevel@vger.kernel.org Subject: Re: [PATCH v2 7/7] rust: file: add abstraction for `poll_table` Message-ID: In-Reply-To: References: <20231206-alice-file-v2-0-af617c0d9d94@google.com> <20231206-alice-file-v2-7-af617c0d9d94@google.com> Feedback-ID: 71780778:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Tue, 12 Dec 2023 09:01:50 -0800 (PST) On 12/12/23 10:59, Alice Ryhl wrote: > On Fri, Dec 8, 2023 at 6:53=E2=80=AFPM Benno Lossin wrote: >> On 12/6/23 12:59, Alice Ryhl wrote: >>> + fn get_qproc(&self) -> bindings::poll_queue_proc { >>> + let ptr =3D self.0.get(); >>> + // SAFETY: The `ptr` is valid because it originates from a ref= erence, and the `_qproc` >>> + // field is not modified concurrently with this call since we = have an immutable reference. >> >> This needs an invariant on `PollTable` (i.e. `self.0` is valid). >=20 > How would you phrase it? - `self.0` contains a valid `bindings::poll_table`. - `self.0` is only modified via references to `Self`. >>> + unsafe { (*ptr)._qproc } >>> + } >>> + >>> + /// Register this [`PollTable`] with the provided [`PollCondVar`],= so that it can be notified >>> + /// using the condition variable. >>> + pub fn register_wait(&mut self, file: &File, cv: &PollCondVar) { >>> + if let Some(qproc) =3D self.get_qproc() { >>> + // SAFETY: The pointers to `self` and `file` are valid bec= ause they are references. >> >> What about cv.wait_list... >=20 > I can add it to the list of things that are valid due to references. Yes this is getting a bit tedious. What if we create a newtype wrapping `Opaque` with the invariant that it contains a valid value? Then we could have a specially named getter for which we would always assume that the returned pointer is valid. And thus permit you to not mention it in the SAFETY comment? [...] >>> +#[pinned_drop] >>> +impl PinnedDrop for PollCondVar { >>> + fn drop(self: Pin<&mut Self>) { >>> + // Clear anything registered using `register_wait`. >>> + // >>> + // SAFETY: The pointer points at a valid wait list. >> >> I was a bit confused by "wait list", since the C type is named >> `wait_queue_head`, maybe just use the type name? >=20 > I will update all instances of "wait list" to "wait_queue_head". It's > because I incorrectly remembered the C type name to be "wait_list". Maybe we should also change the name of the field on `CondVar`? If you guys agree, I can open a good-first-issue, since it is a very simple change. --=20 Cheers, Benno