From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3472AD6ACC4 for ; Wed, 27 Nov 2024 12:36:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B90306B0088; Wed, 27 Nov 2024 07:36:05 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id B40316B008C; Wed, 27 Nov 2024 07:36:05 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A2E516B0092; Wed, 27 Nov 2024 07:36:05 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 86DEA6B0088 for ; Wed, 27 Nov 2024 07:36:05 -0500 (EST) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 2C5BF41483 for ; Wed, 27 Nov 2024 12:36:05 +0000 (UTC) X-FDA: 82831822164.05.E8C3ED2 Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com [209.85.221.53]) by imf03.hostedemail.com (Postfix) with ESMTP id A2A2B20008 for ; Wed, 27 Nov 2024 12:36:00 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=0AcFFXUt; spf=pass (imf03.hostedemail.com: domain of aliceryhl@google.com designates 209.85.221.53 as permitted sender) smtp.mailfrom=aliceryhl@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1732710956; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=TrzbbClRBZ1yOTU2YN04HTV4UJx3/zhI0vBTZVhTMAw=; b=sPPlq+HjYoUL3AUmCsUywi55Gzay+CNEPkC9mPpWzQx6CFoYQLLWmUOYaUl9wsh8AVLoNQ OZf8lR68avzT6Q4Z+VNZUZ0EuZpt/2fiXf8cKq9WgsHlQ6QWwsakc7GRW0VlgAai4AsEBJ lUbb7GH32HFqsZdpYxZIQPwIwKIC0+U= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=0AcFFXUt; spf=pass (imf03.hostedemail.com: domain of aliceryhl@google.com designates 209.85.221.53 as permitted sender) smtp.mailfrom=aliceryhl@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1732710956; a=rsa-sha256; cv=none; b=C635Ft03eZZenLZQXk1p+QFCGl81w12yl/zjd5JA3k/kKrYzEtsTyPTZEwKN639QEuTrKZ uLaguhtl988K19yARqLB1jTZa0KIOIq34InpM6R0lxAQsOYBpnvA/pjrvAfcV7m8UghH3w tHSKktQJH/slraPKDC/LyOBIclq6RTY= Received: by mail-wr1-f53.google.com with SMTP id ffacd0b85a97d-38241435528so4225445f8f.2 for ; Wed, 27 Nov 2024 04:36:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732710961; x=1733315761; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=TrzbbClRBZ1yOTU2YN04HTV4UJx3/zhI0vBTZVhTMAw=; b=0AcFFXUtOHRer0OpFK4JSmZ2aueAwRZTjPKPzn2byhXWR3P3RLhZ8nUJM74IhQTyNm qpwFpVxS4eg8O9lGMFJZiXVO4u9yC8amEBwUQT5UqqwIsKvjbXrEvzDgZyS+K7Fi4lfB 0DaOIZtSYNZO1B9uOfyzG5+NiwiBoc452hmBCKw31hX0aJk7IdNJmcteJ2v9lpKNN21S oHpemyDX/rXFqY3x+RaGOveHBOuXAQI+fYtfvffiCzeuD0//dxH4G9+YGS5s0EuyRpPX zL5S6xOQ14N/WD7HPsqGA9/ByX9HwrXxaGfH4z1J5Tjt2gub927WJvy+YqHGAtAxa1dk bqUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732710961; x=1733315761; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TrzbbClRBZ1yOTU2YN04HTV4UJx3/zhI0vBTZVhTMAw=; b=OEwuBb7NQhzBER8NjVy1yvx/7RkHzDU3p+TpTV5X9gUPQfjRE6rw6TDi8ZpwFvfSyN ryBUwHdYgnc9NuO2hpEC1vjXSNk052L8sqqc1/4R+5UToUWE57t0o7YA4lz4mdo3HA6C y+on2hgLjlEr7eT7JWBw9Hr1TWAM2vTueG6cIsF3Dk8MsEW8qeEWTfSAHyZBM4IGj9ni bXFEcTKTtZ6nZuWUv1pyOvoVzc/3NXXIn93T5CnhsVcSaA2Zu8qwNEvLi9X1vzHUK/j5 hoBugiW6qGLaUO/Lujm/Xu8Tz3AbI0dJfptGWuNUXN3p9mp5MlJx4KYudFlMSMoIin6t R0Cw== X-Forwarded-Encrypted: i=1; AJvYcCUiLYlZui7aj3VOFJDWMh1HJNjRaiNU1w+meuAC4biPCwPXwOdVr4nixYQNSlBIlWewyoBLnJsp1w==@kvack.org X-Gm-Message-State: AOJu0YwrQlzYdENeL8J8WeKMTEO21i/55YcQec281BhrGojA2Tc20cLf +i9v3JyKO2yZ6BaAOdfhp5otcOYRrz272PuHn724GpHK0gbIkZrtrBniaeP06EuSI7O43K76ssc hrj4NCJ7I79UMCSYEQXdXpcPka9ePxUXBrZ83 X-Gm-Gg: ASbGncs+Z1uN8dBpm4V+mXgkbqRSd+543MEwH215i88nTEMnfvLpjoikvMnmu1Zw1Wy xdvIVqiJGrWhR/K37x3W91qdBHicNZMRm7h0uNfYZPFlQmT+GjzKblm6RflHAzw== X-Google-Smtp-Source: AGHT+IEbpjzkgc8IM7OndZI804Me6rzyM6Kjc3mTYT80bhflefRpDQA7MbvAM40NWVN+XmE+Ao7DgeTZqeqNuKDfQlI= X-Received: by 2002:a5d:59a6:0:b0:382:31a1:8dc3 with SMTP id ffacd0b85a97d-385c6ec0ce0mr2408873f8f.35.1732710961482; Wed, 27 Nov 2024 04:36:01 -0800 (PST) MIME-Version: 1.0 References: <20241122-vma-v9-0-7127bfcdd54e@google.com> <20241122-vma-v9-8-7127bfcdd54e@google.com> In-Reply-To: From: Alice Ryhl Date: Wed, 27 Nov 2024 13:35:49 +0100 Message-ID: Subject: Re: [PATCH v9 8/8] task: rust: rework how current is accessed To: Jann Horn Cc: Miguel Ojeda , Matthew Wilcox , Lorenzo Stoakes , Vlastimil Babka , John Hubbard , "Liam R. Howlett" , Andrew Morton , Greg Kroah-Hartman , Arnd Bergmann , Christian Brauner , Suren Baghdasaryan , Alex Gaynor , Boqun Feng , Gary Guo , =?UTF-8?Q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , linux-kernel@vger.kernel.org, linux-mm@kvack.org, rust-for-linux@vger.kernel.org, Andreas Hindborg Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: A2A2B20008 X-Rspam-User: X-Stat-Signature: zu9o5x5xsew3zy957cc318ucigh8p443 X-HE-Tag: 1732710960-247833 X-HE-Meta: U2FsdGVkX18yBuzQMoSKoFLO5uJXHWoatnXi4cWawyZcuyHj1yfJ6sowXdATPiuHxB8AxMlhEdvX+aFTfeZOXtBIvdzrWyD4HrNLcJVeW6reHL9j7nXgcBVmFWQCpn35P05LPVyWqoWVEzFSp4+yclVG/jLxAPWFcYpEOIiuwhUzLve/L7FZg2XZv9eG1YQjDAstCYugcVB+B8kxDgmjsx4BpNFLeH/vmsNEPUvHTOfqpi2USyAwrdt9/STMsAzJjTmCmcom4W6mZBciJyY2aZ/+sSPla1hPUZuto/Dy9mGQ/qJb3nm07BQG9UfOCS8T1SLfmPhUK3oavfQg6zPJnOUnjs6xf+2qKHiCPFU43cl/m0TekZTTZafFZQd+aoDK/jvt6NndRGy53KjFZX4H8dcV+6wrxASZYgBcYGmfdUVpwiPGUtKb98BwDvP1RLaI3vvAEL6g/ukxDQMHUgDLJfKP9nxQT6OnIYAgO617IzAeMaGqJOLZRMGJ7gECJu6SFR+SewvYidD7HhpfGaZXGj+mZZOJHaQOzCZotj3iVn3cdAw7/TWTJrzWJ7gSnfQyx48i4RpikremJs554OjN/q85EKS/hSlLzhOds1fPDhYcg0H8x0i3JCcF4pNKJtB6hk/3LrOYB5qEZE7DgxV3viaXeRuIwIbIzlvnQ25SZeJopuJ+tBp7VjvTxXqPquMD9S8r1Kr+Acim2Ao4fM5KDoztLkTBlHH3e0BejUnzX0CGTlBjZlzl+fHcywLBbZYE31EkqewhpB2AZRVtKVGAZg+OVQfLku+Fdwy+HqI3qjiExGG7fEgaKEsBW3YjJ3zgEiahCzUzX0Cjr1I8dTvs8F3qYYpXxfS4g3xrW+ImrH86sLCj9TNtIwytwPfRoaXBxj/Z/zQIQ50VvmJDlLeb1JOCMP9JbRxb1EpEhN6/+AI51bLKW1TVG7Osf97wIgc+F5eWI7hXydKWdniD69Z RshN0BRH wmyubH60BbAKAgym807ZR60TNlUJYzDchV6nR5wDkHsEDw5snAeOUpmQttx07ZoJkryrm9jIn9QNVO1EIiynty+Cn4MOuzt/h6TsyScHeWd8CrEJS3idJVy4y8yy02QTqecZ3QbaG9I7d1Pr2iK+Z4v97/qBAhOd+XhDRGG8XL3EumfMpxAUIeA4HKifAtgGE08F+W+HdEJRUnK5a6tHOx75tPDeGS6diuJg+Ybnft7noSLCpVp4Tpo0ILaweD63ITM5fbQLj8rKJSgMOqb6IdcgMJhF1xh1JkT92 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000268, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Nov 26, 2024 at 6:15=E2=80=AFPM Jann Horn wrote: > > On Fri, Nov 22, 2024 at 4:41=E2=80=AFPM Alice Ryhl = wrote: > > +impl CurrentTask { > > + /// Access the address space of this task. > > + /// > > + /// To increment the refcount of the referenced `mm`, you can use = `ARef::from`. > > + #[inline] > > + pub fn mm(&self) -> Option<&MmWithUser> { > > + let mm =3D unsafe { (*self.as_ptr()).mm }; > > + > > + if mm.is_null() { > > + None > > + } else { > > + // SAFETY: If `current->mm` is non-null, then it reference= s a valid mm with a non-zero > > + // value of `mm_users`. The returned `&MmWithUser` borrows= from `CurrentTask`, so the > > + // `&MmWithUser` cannot escape the current task, meaning `= mm_users` can't reach zero > > + // while the reference is still live. > > + Some(unsafe { MmWithUser::from_raw(mm) }) > > Maybe also add safety comments for these nitpicky details: > > kthreads can use kthread_use_mm()/kthread_unuse_mm() to change > current->mm (which allows kthreads to access arbitrary userspace > address spaces with copy_from_user/copy_to_user), but as long as you > can't call into kthread_use_mm()/kthread_unuse_mm() from Rust code, > this should be correct. If you do want to allow calls into > kthread_use_mm()/kthread_unuse_mm() later on, you might have to gate > this on a check for PF_KTHREAD, or something like that. Huh ... is it possible to use kthread_use_mm() to create a situation where current->mm has mm_users equal to zero? If not, then I don't think it's a problem. > Binary formats' .load_binary implementations can change current->mm by > calling begin_new_exec(), but that's not an issue as long as no binary > format loaders are implemented in Rust. I think we can allow such loaders by having them involve an unsafe operation asserting that you're not holding any references into current when you start the new process. Alice