From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 231F6D743ED
	for <linux-mm@archiver.kernel.org>; Wed, 20 Nov 2024 22:56:24 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id A85166B0088; Wed, 20 Nov 2024 17:56:23 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id A0E9A6B008A; Wed, 20 Nov 2024 17:56:23 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 8AEBE6B008C; Wed, 20 Nov 2024 17:56:23 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16])
	by kanga.kvack.org (Postfix) with ESMTP id 643F96B0088
	for <linux-mm@kvack.org>; Wed, 20 Nov 2024 17:56:23 -0500 (EST)
Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay06.hostedemail.com (Postfix) with ESMTP id E6F18AE597
	for <linux-mm@kvack.org>; Wed, 20 Nov 2024 22:56:22 +0000 (UTC)
X-FDA: 82807982250.30.B35CDF5
Received: from mail-lf1-f44.google.com (mail-lf1-f44.google.com [209.85.167.44])
	by imf28.hostedemail.com (Postfix) with ESMTP id 7B6D1C0007
	for <linux-mm@kvack.org>; Wed, 20 Nov 2024 22:55:25 +0000 (UTC)
Authentication-Results: imf28.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=fao22sRE;
	spf=pass (imf28.hostedemail.com: domain of abdiel.janulgue@gmail.com designates 209.85.167.44 as permitted sender) smtp.mailfrom=abdiel.janulgue@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1732143319;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=EDe+ut7FU4NjsmyCYmZbNnNl7UOa9iCRRrQvfMKje+E=;
	b=0MNk1HzHaQ8+02u/GdYFbBXFtp/qUUcVIbWImjam4Fzw0KHEV/z/uMi8kydRLUrEVb76XK
	5QctKiTbaxQgmSVJdnUCe975K4pRDzXPttmmRvrppv4VCzWOey0xh1kyjz42PvD3BkY4qx
	OEd7l9PmU0VdALFREn1u/AQkAnvckoI=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1732143319; a=rsa-sha256;
	cv=none;
	b=jfY8CJeQ2D0jCVTSXr8X10zgjf5HmfjajhKXf2LBLkJgnmxWjkKhWzZE0iycF0s61yiw/U
	pNqN99mZXdcn1Z9mp5SOm54eFlPr98s8kazms7S++1wlf21B3XRVM+y5oprWMr0Y0oslyw
	DCaxWUfMKY50P3tr78UweqeAowLvqoc=
ARC-Authentication-Results: i=1;
	imf28.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=fao22sRE;
	spf=pass (imf28.hostedemail.com: domain of abdiel.janulgue@gmail.com designates 209.85.167.44 as permitted sender) smtp.mailfrom=abdiel.janulgue@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
Received: by mail-lf1-f44.google.com with SMTP id 2adb3069b0e04-53da6801c6dso196946e87.0
        for <linux-mm@kvack.org>; Wed, 20 Nov 2024 14:56:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1732143379; x=1732748179; darn=kvack.org;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:cc:to:subject:user-agent:mime-version:date:message-id
         :from:to:cc:subject:date:message-id:reply-to;
        bh=EDe+ut7FU4NjsmyCYmZbNnNl7UOa9iCRRrQvfMKje+E=;
        b=fao22sRELFP+rrTIox5m4hw4gcBst/QBX0MPm6I4KVNzxrvnJddQTjasX7Dn4O8Nui
         oKzF9ZFJvL4p9ezt3dIWdv/1XX73r8fVHaSVcjrsNjONoZ6YJLzfmDGEe5KxiQC+nu6B
         Ooq+4YgGXAPQ6+7fuf/ZWccis+enn5KKlSBAnfGlsg0yKkbEzqIz0g0Jw2YQ13Y04mSf
         qc49lNhvWY5lnu4fQ4bnHDWCasK1Kmy5x/tvhlCS4OyDRjNcETBbqQOar+pzGfgyQnSy
         0GtBYISktFXxAm4xixCNNs8KewA1TARujfDxdNhohgfAiBIA/3m55DtkgYP15x/ZqgsC
         D4fA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1732143379; x=1732748179;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:cc:to:subject:user-agent:mime-version:date:message-id
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=EDe+ut7FU4NjsmyCYmZbNnNl7UOa9iCRRrQvfMKje+E=;
        b=tiuXZs8opIek8VfUkt97g1DkstB532T7kX+CtK0RbaI7J2bbnib+jkWu08bG4LLyyg
         4ufw6E9Bh0aYBU1NhH9YiBq1cMf/nn88oWz2MqFfOmGi3+CK18yMENN7WRMWrEgAS+X5
         q04X7mNct+xOmUKAz9kwQ3+yBiWX98ovQbUohTt2RGUQNXzj1cc9T1SEobrx7WeWXbg3
         QHp9PjxTKkI3QiPNfCqvPLFPT/zJV0CP6gP3xNkHkIVo9AOiO7G8AlNiSAWNyVr2YxUJ
         8EL1HMukmcO5+FPQmS8qOhAKvDr35INPr5hP0/pTDfIlAZby9lsrGrImquHI8GX3eU5C
         LS1A==
X-Forwarded-Encrypted: i=1; AJvYcCVOLxbERIt5TISuT9aKWPbxivP1Sd6K5/lblrU6uSIjgc2Zkmzd8zcuyp6ug8xsrv51L2J5/Goi3w==@kvack.org
X-Gm-Message-State: AOJu0YzP8lMKyNNkJHP/7vo6Ur5Fa5W4PxpMH/MB7BcGzwJ6YStfbuvx
	XjNtfzfiz4uV30LEd7q74AEGf4W2W5IgNs5edjm7/fwlotRh01ZS
X-Google-Smtp-Source: AGHT+IEPWWHE/H8MR95ODYZ/MAqZO2vFJWEoMmaT8xgsBQiNCOjdaFjg85Aupur+Yw0QashfxHHKHg==
X-Received: by 2002:a19:8c1b:0:b0:539:f953:2da7 with SMTP id 2adb3069b0e04-53dc136df2amr1696512e87.50.1732143378777;
        Wed, 20 Nov 2024 14:56:18 -0800 (PST)
Received: from [192.168.1.146] (87-94-132-183.rev.dnainternet.fi. [87.94.132.183])
        by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-53dbd4723ffsm777283e87.193.2024.11.20.14.56.16
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 20 Nov 2024 14:56:17 -0800 (PST)
Message-ID: <43a07c04-2985-4999-b6d6-732794906a36@gmail.com>
Date: Thu, 21 Nov 2024 00:56:15 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH v3 2/2] rust: page: Extend support to existing struct page
 mappings
To: Jann Horn <jannh@google.com>
Cc: rust-for-linux@vger.kernel.org, Miguel Ojeda <ojeda@kernel.org>,
 Alex Gaynor <alex.gaynor@gmail.com>, Boqun Feng <boqun.feng@gmail.com>,
 Gary Guo <gary@garyguo.net>, =?UTF-8?Q?Bj=C3=B6rn_Roy_Baron?=
 <bjorn3_gh@protonmail.com>, Benno Lossin <benno.lossin@proton.me>,
 Andreas Hindborg <a.hindborg@kernel.org>, Alice Ryhl <aliceryhl@google.com>,
 Trevor Gross <tmgross@umich.edu>, Danilo Krummrich <dakr@kernel.org>,
 Wedson Almeida Filho <wedsonaf@gmail.com>,
 Valentin Obst <kernel@valentinobst.de>,
 open list <linux-kernel@vger.kernel.org>,
 Andrew Morton <akpm@linux-foundation.org>,
 "open list:MEMORY MANAGEMENT" <linux-mm@kvack.org>, airlied@redhat.com
References: <20241119112408.779243-1-abdiel.janulgue@gmail.com>
 <20241119112408.779243-3-abdiel.janulgue@gmail.com>
 <CAG48ez3fjXG1Zi=V8yte9ZgSkDVeJiQV6xau7FHocTiTMw0d=w@mail.gmail.com>
Content-Language: en-US
From: Abdiel Janulgue <abdiel.janulgue@gmail.com>
In-Reply-To: <CAG48ez3fjXG1Zi=V8yte9ZgSkDVeJiQV6xau7FHocTiTMw0d=w@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Stat-Signature: 3g9bkpy1gt89dt1r8mrcmd7znwmatahu
X-Rspam-User: 
X-Rspamd-Queue-Id: 7B6D1C0007
X-Rspamd-Server: rspam02
X-HE-Tag: 1732143325-803531
X-HE-Meta: U2FsdGVkX1+okNBIHn7dZWh+UJGWDCcUDQERD9yLNgf8CDIR/7ClthK+zkw9uRBt/oeWXmpeSVUI/lGj10bME6UpDELZDDPElp3ERGL3Vgo56a8+s3HGGQ1sKcUuJCk4mR8Bj9SVR0nFPFeyBjTE0LgDm3Qtv+r5Mm7yZSQY0ry6HPuYtXbOOTlWKSoF7xthIr7CDtv68lwp3b57uGfOeFRZneaXB50tAU3DouupyJX1VqeIyyFG/wE2z+hy5UoGSjkp0zXmEzF050/QyUwgnLFez6s7JrpM5xTDxSZJ+KYB3FbI/tKu4iRxwtoPx6rIWQ/iGJOgXD8oTDyTRbbxVkQM7x+s8BeqHSqwxLdZixm3IQH6V+aR364uP+4nNUSdsN+/1fhn71gMDyRsAezNRvYVUH9eXnAgcoJk0c7gNNdRfKtjvZtW2qwMglJJ22fe1fppeJ4Cx4Fru3777bZTeXFs8+KsrqvaDnUvcLCsnDjxRYKHagxGah7IqPn88fjiu97BBw7K8M2beWbQYbDYq+Uu4sGPqj2Ou161Unj2W2gMspd2gFD+eP9VRzGLr/hYNchFeyRFTTqtokpVWyO+vOi4e7SMEoj6HRlcjrDEA/ZEQMCFcZHdH/R/uD2qfaBYkOqLaULbvFk7PzFT19qasVn3F1CXVe8tTU/EHCfQPqrT+E4q4J4HKdKn9LHE0tMEuglplMpWGH7ws3skH6RSopsOkfC2Fqv+56CWcrczkveXKte4yCXoS3mNbovvHr+lt/eEsjafWBN1DERB+Rh6v5I1S2U+I4UvY1glLT3oLBVxUWdGALEtWJ8Z49OmaKPOPMr0/9GXZ5Ff4q4vxI68nJb517mZbRXSsSxxfNgSQ/6Z4XADJZP5JmHoJbHnPisL4mgsEJo7t5SBHbN1mN83GNgEU5eGc6p2TQ22wCsLbXEr+kN+/g5n2u1SuyUaLirDA6YDw3+bNtsxrMxLy4k
 F3uXzO44
 HXl9V2kU1Cpj/C4VNjxZMbVr3JJwg6iTCWtck7wiXVbrQsURyFkcRyuUaxdCcVk/uD3UrIjkcsSeJhgXOcNkF1VDErysBQTbyvm2yAvay7clMOOB2oL0fxS7NIeXlpjWDqP2w1aBiyKRKTCipiNGieRhHE58VlIUP59n8Y5IYmtacvRP7LNfsL2WShytozkgopUCSqwzrNiwMJ3rNu2neA7N/34CSw/IicmCqmwD70jF4ArKAi13HvA0RAWocG9sYbg5FDYIeCNEovZmsbNLWa+THtE9j/eHbdKyqT36lsIHl8FlRX9lkxpvzdGplA6kHk4FQQbTsBVEuFTfUrO3UegTRZ/xMyfSiA5BNIWNdlSqq4hCvNMDoelInAKbjA8TAl8cUhZBZ2jN3btnjp3j6kYGB/NUfmibBfN8RcNN81I6V7J734uLXn1ON4e/kvFvbaPUy5tBhCxgaE3ASQbAGg1YJI5Kz0R38PwUU/NvB0DxU6So6pR94wpHvLHYPxVQW80mG
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000002, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

Hi,

Thanks for the feedback.

On 19/11/2024 19:07, Jann Horn wrote:
>> +    pub fn page_slice_to_page<'a>(page: &PageSlice) -> Result<&'a Self>
> 
> Sorry, can you explain to me what the semantics of this are? Does this
> create a Page reference that is not lifetime-bound to the PageSlice?

This creates a Page reference that is tied to the lifetime of the `C 
struct page` behind the PageSlice buffer. Basically, it's just a cast 
from the struct page pointer and does not own that resource.

>> +fn to_vec_with_allocator<A: Allocator>(val: &[u8]) -> Result<Vec<PageSlice, A>, AllocError> {
> Do I understand correctly that this can be used to create a kmalloc
> allocation whose pages can then basically be passed to
> page_slice_to_page()?
> 
> FYI, the page refcount does not protect against UAF of slab
> allocations through new slab allocations of the same size. In other
> words: The slab allocator can internally recycle memory without going
> through the page allocator, and the slab allocator itself does not
> care about page refcounts.
> 
> If the Page returned from calling page_slice_to_page() on the slab
> memory pages returned from to_vec_with_allocator() is purely usable as
> a borrow and there is no way to later grab a refcounted reference to
> it or pass it into a C function that assumes it can grab a reference
> to the page, I guess that works. 

Yes, I think that is the intent. I appreciate your help in pointing out 
the issues with using refcounts in slab memory pages. As you can see, 
page_slice_to_page() only returns a Page reference (not a refcounted 
Page). Hopefully that addresses your concern?

Regards,
Abdiel