From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E1C42D6ACF2
	for <linux-mm@archiver.kernel.org>; Wed, 27 Nov 2024 16:19:01 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 6DFB66B0088; Wed, 27 Nov 2024 11:19:01 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 68FBC6B0089; Wed, 27 Nov 2024 11:19:01 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 557C96B008C; Wed, 27 Nov 2024 11:19:01 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10])
	by kanga.kvack.org (Postfix) with ESMTP id 3987D6B0088
	for <linux-mm@kvack.org>; Wed, 27 Nov 2024 11:19:01 -0500 (EST)
Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay09.hostedemail.com (Postfix) with ESMTP id F11AC81A29
	for <linux-mm@kvack.org>; Wed, 27 Nov 2024 16:19:00 +0000 (UTC)
X-FDA: 82832383788.13.B08C3A3
Received: from mail-ed1-f48.google.com (mail-ed1-f48.google.com [209.85.208.48])
	by imf11.hostedemail.com (Postfix) with ESMTP id 3D4D640013
	for <linux-mm@kvack.org>; Wed, 27 Nov 2024 16:18:52 +0000 (UTC)
Authentication-Results: imf11.hostedemail.com;
	dkim=pass header.d=google.com header.s=20230601 header.b=VWPvMD1V;
	dmarc=pass (policy=reject) header.from=google.com;
	spf=pass (imf11.hostedemail.com: domain of jannh@google.com designates 209.85.208.48 as permitted sender) smtp.mailfrom=jannh@google.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1732724333; a=rsa-sha256;
	cv=none;
	b=LNG3ycWCOO6SzV0B2dGjU1JyoFkKuN7kAG/svBL5Y+1A7XG2wyG6TBs57yhvxrhe9FKPO7
	w9AgpShX2ncdfv3NZ71Xnrt/RCQiRMWbKaIzYjqTCiEXF2rALewFI0qa5OUalra6DS3ssp
	Tlahm3hZW4aFie08m9dCP4JQRQzWz8c=
ARC-Authentication-Results: i=1;
	imf11.hostedemail.com;
	dkim=pass header.d=google.com header.s=20230601 header.b=VWPvMD1V;
	dmarc=pass (policy=reject) header.from=google.com;
	spf=pass (imf11.hostedemail.com: domain of jannh@google.com designates 209.85.208.48 as permitted sender) smtp.mailfrom=jannh@google.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1732724333;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=NtL6wKjrUKaD9G1UUVsHA8qoTJvLASSvZXVOzErx25M=;
	b=QohXD74nlTyQVPSFZ+uZgjMcYzoVprm7/x55kDSqTKPku7v1Ml+pdIANqFH4+pdweflqHP
	SRceIVTHlVxLwFmPoqrMtkO/l4TJ8C8vqHbb9usia6kjALlzIAicTyYOgnoSubmKF/byJE
	Bhp/vS4HLjOGLawAGhdYhpCY2Gams9E=
Received: by mail-ed1-f48.google.com with SMTP id 4fb4d7f45d1cf-5d027dc53ccso10349a12.1
        for <linux-mm@kvack.org>; Wed, 27 Nov 2024 08:18:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1732724338; x=1733329138; darn=kvack.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=NtL6wKjrUKaD9G1UUVsHA8qoTJvLASSvZXVOzErx25M=;
        b=VWPvMD1VDLptpV14V5Zub7kR/VxPpJatobiKBeMqMsAU2oBavvUNQqbJFoHQdWwXUX
         NfecE8oQ1VIWmVCftT3hj9QBgjESznDwIobDdsnNi02GvyQnyBzyI0lfLwn0zCcn3wXy
         +6YidgoMCTtmFv8kZ0tMaco2/y7PGW1lwiSEa8J11Vl16vyXf17cxT+0Ppub3gq3ZGqr
         lH55wPp+a9/HuqE9duAAl3Gnk7loSfJwcYYXJ8m9rBKGB1fCuXB5aPxmchAZldxW+ph2
         /fRzOhti1+Svqy7ajBjSB1kDNlq38+uUHqdbmwK6udFN/sfvvrKgOIHw+cCXHFF8Wjbj
         wJsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1732724338; x=1733329138;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=NtL6wKjrUKaD9G1UUVsHA8qoTJvLASSvZXVOzErx25M=;
        b=DuNUu39dfnSl7VKOUVXqC012M1vqI5CF057AzbYnln5BUcDLr1RoZYW9YXBYmEanwI
         pX3muxBS6IE7u6jbfzjaBGk5aZp1XzC1Ibr6gdbIZDrLyLOmK2VXAApkbZ8ykuJmrLZH
         ggJsdhlBy9aKio4hSZGmgqLadN3AvAWTYmNiABOpO/Mpl8XMlqz0gFKF+z0V09hq7BAx
         hi2tq72jUySLdKOc08MHjNknUtFtoiky2UmME2ruXjdKwn6ib/ocT/sBfEuPb9g7M6/u
         BqQt+Q5EOAhb4xPHgAXho7OZB7SFZAigiPrW3+7Nj9KZ3QMChWIZyiQhMYnqj1Cl80aQ
         E42g==
X-Forwarded-Encrypted: i=1; AJvYcCV+XhUTc677A1kxsUI4OXtYhOlA6fLy/xa//LDnYY7y+zzi3QcRAp0tlZT+4RnyrAJofqcKUmjiyw==@kvack.org
X-Gm-Message-State: AOJu0YxZHIYmFTDr7lhaJlj9biT77knauJFbX/VP/ji9mLcV8m48PlZt
	+j/zKPdhDzufvHtbhH2q/i4UO3MLrk5HMqP8SjX3knyEiDLb8BJoBhe4TZkXhFCugtW7ylYXu7+
	lrjgRyqSbyuwVVLXaBsDPbxyfCP4eXk9USpBW
X-Gm-Gg: ASbGncsvb6yXSNFkChz3OWaGxrzrxunfB+XvjeLuN9jlDbCigxcBLlqGSqyCLNAJo+5
	K01ey/1EHKor4iUjbSOTfb5gIvM/0KDpKP2s5HgR17lKqkiEIPNqfse1cpWk=
X-Google-Smtp-Source: AGHT+IGyvRZff5SP+V5FIb2c2WgZxCW2RkMkXyailqNw0SxFY/h2Ezn7rEf+kB6G9/hMA8LcUFv43P+VanzsdKuSEZc=
X-Received: by 2002:aa7:cacf:0:b0:5cf:c93f:36f3 with SMTP id
 4fb4d7f45d1cf-5d08356e19bmr84258a12.7.1732724337334; Wed, 27 Nov 2024
 08:18:57 -0800 (PST)
MIME-Version: 1.0
References: <20241122-vma-v9-0-7127bfcdd54e@google.com> <20241122-vma-v9-8-7127bfcdd54e@google.com>
 <CAG48ez09fS1v2gWbOFx+uQd7Lj+z2x3LhL3hfpQzpVHdNJ5UJg@mail.gmail.com>
 <CAH5fLgiJLP_w9vpuQFszkrUW3V3DyJVGHLv7Q43-Rx9-WSXzyw@mail.gmail.com>
 <CAG48ez3a0vs=LHzkbpOKW753m6_LOtoYyWtjhfYvB48TKsCekQ@mail.gmail.com> <CAH5fLgjuKEU8noU5XN_FWEy4wAzJu0aeaURzNsCQrt59a_0gJA@mail.gmail.com>
In-Reply-To: <CAH5fLgjuKEU8noU5XN_FWEy4wAzJu0aeaURzNsCQrt59a_0gJA@mail.gmail.com>
From: Jann Horn <jannh@google.com>
Date: Wed, 27 Nov 2024 17:18:21 +0100
Message-ID: <CAG48ez1an_cbUinfCvukQe=X-veygFLe-twQq5zMKTVcMpPv7g@mail.gmail.com>
Subject: Re: [PATCH v9 8/8] task: rust: rework how current is accessed
To: Alice Ryhl <aliceryhl@google.com>
Cc: Miguel Ojeda <ojeda@kernel.org>, Matthew Wilcox <willy@infradead.org>, 
	Lorenzo Stoakes <lorenzo.stoakes@oracle.com>, Vlastimil Babka <vbabka@suse.cz>, 
	John Hubbard <jhubbard@nvidia.com>, "Liam R. Howlett" <Liam.Howlett@oracle.com>, 
	Andrew Morton <akpm@linux-foundation.org>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, 
	Arnd Bergmann <arnd@arndb.de>, Christian Brauner <brauner@kernel.org>, 
	Suren Baghdasaryan <surenb@google.com>, Alex Gaynor <alex.gaynor@gmail.com>, 
	Boqun Feng <boqun.feng@gmail.com>, Gary Guo <gary@garyguo.net>, 
	=?UTF-8?Q?Bj=C3=B6rn_Roy_Baron?= <bjorn3_gh@protonmail.com>, 
	Benno Lossin <benno.lossin@proton.me>, linux-kernel@vger.kernel.org, linux-mm@kvack.org, 
	rust-for-linux@vger.kernel.org, Andreas Hindborg <a.hindborg@kernel.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Server: rspam04
X-Rspamd-Queue-Id: 3D4D640013
X-Stat-Signature: wkb9n9przjdmj1ox383phdcym5rn3wkp
X-Rspam-User: 
X-HE-Tag: 1732724332-643028
X-HE-Meta: U2FsdGVkX192XfhSzLAQkXeuKMbb37Tc1svDg/464Q4GYn8pSMlC1+xn05m5APFZ57GhQENlaj9t8wQhzb2Z3WAnCVw14plIk7n68BOO8L2Bby/oIbJBip+7cYsfxDFa5E4RtS/i44apjQmJQvTc5zQDgxRfmxlJtf/D83Mx6TFaxPlxc8dyMLOUW/CXjzMmgY0ukzQxrob5hzTXYaL5D86Kyuzl8AWWHTEfSzvh3evu2lYrt6cPLTwb68xmkUQF6/XD9TPajbBDiLFvlSx9biwEPDkCKjUKVOZ3DUnSMudu21lXSCnqMGsdrrJgA7Al10DhDvu6SNMd6vGAXHTP5dJnJ9yRJsxAA6mOI9iTVMWHFPiIOTGj8IrUv2dyKUZEHt9uL5WlMIS9gN2/ndMggnGzmIMarf4j5OSzqn8SH1Z+wI710SAjLrOksz6bWnNqhZvzWDG34ixOPi+Z8R1H93unyw0DWgLZZVOYetEkK0AZ1vN8XRbZUgf3l+tiovoKQ31Z7yzW1ETq0pSg5a2iqeGoryqC1vYOzV750lWeGQRd0fiHuuCTZ4e34PAE0M9/7djB+ATtGoCX4nENWlafan6Q13iKJX3EQoA9SteHSzkmK7OW2F1zPPftFlF1PIdcvyFZEZHOZT67vcP4Cv8q47a+383izPSvQhnXa5fEqGt8toTIQFFhvd4K7v2g/r+HipMGMJuZFWZh9zlIb7vAcV/sCVnnnoFY/n8VuwM2qYQZ3uybLT6/jGna51R0lgcevSJogfBjRltX2OMvcT+CJ+JjRfZ0YUMnpxdN21nUYxYYpkVzpo0345rjuYS7Tl46quwpqA/tAm0AvgmuhQF8oHrX8C4UjP6aBnLAWRq2arv/+lCfHoQOduLZliMFewK+CH7cySg7yQJO7I7YyHUCob+UeVlsC2kfP+BKOyD8sTMHXjBbrxlxQ2WS1VJhyECigSQCS6RxALDKKjj+2Wd
 fb/I2hGV
 l/7KStUS021qvuPUlZynDUdoMPA/QqidTsTxIFC5cjAakFzikjeBC4eY5w/f0rQs4FRKW+NaxyBhVqrwxU4DHQ1CmGsH2e9f4H3FH/uavrplR2CjU+h1sFNjVOSru0565irHhAdYMS0mNBOXGRs4y73KcVjO42u0m4ovP15WNJ5DnGvsPZZFmrm+gfLrzdqkipT2qxLQjstIOtSYWICl3DS3qVoq1PJ4zkhOhlNoEjimRaoR9wMIFEyxNoRp3ue1zk6xAbIwlFJAGDbFcqqOCoGRmt4lVYGHb7Ro9FXIhoD2DwdudjY1ev/4zGsgK36pZ/rg9gIcyy9b0qns=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000001, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Wed, Nov 27, 2024 at 4:57=E2=80=AFPM Alice Ryhl <aliceryhl@google.com> w=
rote:
> On Wed, Nov 27, 2024 at 4:52=E2=80=AFPM Jann Horn <jannh@google.com> wrot=
e:
> > On Wed, Nov 27, 2024 at 1:36=E2=80=AFPM Alice Ryhl <aliceryhl@google.co=
m> wrote:
> > > On Tue, Nov 26, 2024 at 6:15=E2=80=AFPM Jann Horn <jannh@google.com> =
wrote:
> > > >
> > > > On Fri, Nov 22, 2024 at 4:41=E2=80=AFPM Alice Ryhl <aliceryhl@googl=
e.com> wrote:
> > > > > +impl CurrentTask {
> > > > > +    /// Access the address space of this task.
> > > > > +    ///
> > > > > +    /// To increment the refcount of the referenced `mm`, you ca=
n use `ARef::from`.
> > > > > +    #[inline]
> > > > > +    pub fn mm(&self) -> Option<&MmWithUser> {
> > > > > +        let mm =3D unsafe { (*self.as_ptr()).mm };
> > > > > +
> > > > > +        if mm.is_null() {
> > > > > +            None
> > > > > +        } else {
> > > > > +            // SAFETY: If `current->mm` is non-null, then it ref=
erences a valid mm with a non-zero
> > > > > +            // value of `mm_users`. The returned `&MmWithUser` b=
orrows from `CurrentTask`, so the
> > > > > +            // `&MmWithUser` cannot escape the current task, mea=
ning `mm_users` can't reach zero
> > > > > +            // while the reference is still live.
> > > > > +            Some(unsafe { MmWithUser::from_raw(mm) })
> > > >
> > > > Maybe also add safety comments for these nitpicky details:
> > > >
> > > > kthreads can use kthread_use_mm()/kthread_unuse_mm() to change
> > > > current->mm (which allows kthreads to access arbitrary userspace
> > > > address spaces with copy_from_user/copy_to_user), but as long as yo=
u
> > > > can't call into kthread_use_mm()/kthread_unuse_mm() from Rust code,
> > > > this should be correct. If you do want to allow calls into
> > > > kthread_use_mm()/kthread_unuse_mm() later on, you might have to gat=
e
> > > > this on a check for PF_KTHREAD, or something like that.
> > >
> > > Huh ... is it possible to use kthread_use_mm() to create a situation
> > > where current->mm has mm_users equal to zero? If not, then I don't
> > > think it's a problem.
> >
> > Ah, no, I don't think so. I think the only problematic scenario would
> > be if rust code created a borrow of current->mm, then called
> > kthread_unuse_mm() and dropped the reference that was held on the MM,
> > and then accessed the borrowed old mm_struct. Which isn't possible
> > unless a Rust binding is created for
> > kthread_use_mm()/kthread_unuse_mm().
>
> Ah, ok.
>
> The way that the current abstraction works is that it enforces that
> the current pointer cannot escape the scope you were in when you
> obtained it. If we enforce that kthread_use_mm() and
> kthread_unuse_mm() involve a scope, then that should solve that.

Oooh, that's neat, thanks for the explanation.