From: Andreas Hindborg <a.hindborg@kernel.org>
To: Boqun Feng <boqun@kernel.org>, Peter Zijlstra <peterz@infradead.org>
Cc: "Alice Ryhl" <aliceryhl@google.com>,
"Lorenzo Stoakes" <lorenzo.stoakes@oracle.com>,
"Liam R. Howlett" <Liam.Howlett@oracle.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <lossin@kernel.org>,
"Trevor Gross" <tmgross@umich.edu>,
"Danilo Krummrich" <dakr@kernel.org>,
"Will Deacon" <will@kernel.org>,
"Mark Rutland" <mark.rutland@arm.com>,
linux-mm@kvack.org, rust-for-linux@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3] rust: page: add byte-wise atomic memory copy methods
Date: Sat, 14 Feb 2026 09:18:16 +0100 [thread overview]
Message-ID: <87tsvjsppz.fsf@kernel.org> (raw)
In-Reply-To: <aY9UedlaCmagVmzh@tardis.local>
Boqun Feng <boqun@kernel.org> writes:
> On Fri, Feb 13, 2026 at 12:28:37PM +0100, Peter Zijlstra wrote:
>> On Fri, Feb 13, 2026 at 07:42:53AM +0100, Andreas Hindborg wrote:
>> > When copying data from buffers that are mapped to user space, it is
>> > impossible to guarantee absence of concurrent memory operations on those
>> > buffers. Copying data to/from `Page` from/to these buffers would be
>> > undefined behavior if no special considerations are made.
>> >
>> > Add methods on `Page` to read and write the contents using byte-wise atomic
>> > operations.
>> >
>> > Also improve clarity by specifying additional requirements on
>> > `read_raw`/`write_raw` methods regarding concurrent operations on involved
>> > buffers.
>>
>>
>> > + /// - Callers must ensure that this call does not race with a write to the source page that
>> > + /// overlaps with this read.
>>
>> Yeah, but per the bit above, its user mapped, you *CANNOT* ensure this.
>>
>
> First, this safety requirement is actually incorrect, because of the
> user mapped case you mentioned. I believe Andreas put it to prevent
> others from racing with memcpy(), e.g.
Since context is a bit washed out here, let's make sure we are talking
about `Page::read_bytewise_atomic``.
There are two buffers in play. `src`, which is provided by the `self:
&Page` and `dst: *mut u8`, which is passed as a function parameter.
The requirement for `src` is:
Callers must ensure that this call does not race with a write to the **source page** that
overlaps with this read.
This requirement is different than the requirement on `dst`. I do not
want to enforce that all memory operations on `src` be atomic, simply
that they are synchronized. This is a weaker requirement than the
requirement on `dst`. As we hold a shared reference to `self` and there
is no internal synchronization, I think this is the correct requirement.
For `dst` we have:
For the duration of the call, other accesses to the area described by `dst` and `len`,
must not cause data races (defined by [`LKMM`]) against atomic operations executed by this
function. Note that if all other accesses are atomic, then this safety requirement is
trivially fulfilled.
Which is also requiring no races, but is specifically mentioning atomic
operations, which I did not want on `src`.
With this in mind, do you still think they are redundant?
Best regards,
Andreas Hindborg
next prev parent reply other threads:[~2026-02-14 8:18 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-13 6:42 Andreas Hindborg
2026-02-13 11:28 ` Peter Zijlstra
2026-02-13 12:45 ` Andreas Hindborg
2026-02-13 14:35 ` Peter Zijlstra
2026-02-13 16:42 ` Boqun Feng
2026-02-14 8:18 ` Andreas Hindborg [this message]
2026-02-17 18:47 ` Boqun Feng
2026-02-13 17:44 ` Boqun Feng
2026-02-14 8:04 ` Andreas Hindborg
2026-02-17 8:55 ` Peter Zijlstra
2026-02-17 9:42 ` Gary Guo
2026-02-17 10:47 ` Will Deacon
2026-02-17 17:10 ` Boqun Feng
2026-02-18 8:53 ` Peter Zijlstra
2026-02-18 11:20 ` Peter Zijlstra
2026-02-17 12:03 ` Alice Ryhl
2026-02-17 17:32 ` Boqun Feng
2026-02-17 23:10 ` Gary Guo
2026-02-18 9:40 ` Alice Ryhl
2026-02-18 10:20 ` Peter Zijlstra
2026-02-18 11:36 ` Gary Guo
2026-02-18 12:12 ` Peter Zijlstra
2026-02-18 11:56 ` Miguel Ojeda
2026-02-18 12:00 ` Alice Ryhl
2026-02-18 12:07 ` Miguel Ojeda
2026-02-18 12:33 ` Andreas Hindborg
2026-02-18 14:42 ` Benno Lossin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87tsvjsppz.fsf@kernel.org \
--to=a.hindborg@kernel.org \
--cc=Liam.Howlett@oracle.com \
--cc=aliceryhl@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=boqun@kernel.org \
--cc=dakr@kernel.org \
--cc=gary@garyguo.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=lossin@kernel.org \
--cc=mark.rutland@arm.com \
--cc=ojeda@kernel.org \
--cc=peterz@infradead.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=tmgross@umich.edu \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox