From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE951C47422 for ; Fri, 26 Jan 2024 12:34:00 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 563D06B007E; Fri, 26 Jan 2024 07:34:00 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 513F36B0080; Fri, 26 Jan 2024 07:34:00 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3DC1A6B0082; Fri, 26 Jan 2024 07:34:00 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 2BFC76B007E for ; Fri, 26 Jan 2024 07:34:00 -0500 (EST) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id EB883A0F66 for ; Fri, 26 Jan 2024 12:33:59 +0000 (UTC) X-FDA: 81721404198.21.A72CDFF Received: from mail-ua1-f52.google.com (mail-ua1-f52.google.com [209.85.222.52]) by imf15.hostedemail.com (Postfix) with ESMTP id 31722A000F for ; Fri, 26 Jan 2024 12:33:57 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=s26hi8bQ; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf15.hostedemail.com: domain of aliceryhl@google.com designates 209.85.222.52 as permitted sender) smtp.mailfrom=aliceryhl@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1706272438; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=9UqArqULVidH7ROM7QOynYR0nvQSPMOUC/XDGfU+9xg=; b=rYp+wgTpGUbvAvZ9mZBKrtbUY5snK2qaJEhLQOz57972tSNn71jTrufvSK5Z2vHZbfcUfX +43vMZh4lh7XR7fxpSyniJlwIOElDbQ6B94Z3CjdnCSyhLjYCxPTIlzoLO2Q8vs+SLYH13 4whP67Stef5NfeK08ZabVtIveeWAG78= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=s26hi8bQ; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf15.hostedemail.com: domain of aliceryhl@google.com designates 209.85.222.52 as permitted sender) smtp.mailfrom=aliceryhl@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706272438; a=rsa-sha256; cv=none; b=XEAsTC/IIxvFNV8Sgxn8WXoBJ5bodtJ0HeE44kjU5OFzLvFc5ojyXv3B783hsy9WsHXYcj rz/ksGG5KBvZesM9iApZvlWjOh7pCqVpxFIhnC+/X20q/UIC+p19yFe220nuznli1jEFSe rS1cAYoIFuYcX2fRljPzpLNUOgt/N7I= Received: by mail-ua1-f52.google.com with SMTP id a1e0cc1a2514c-7ce603b9051so116365241.2 for ; Fri, 26 Jan 2024 04:33:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1706272437; x=1706877237; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=9UqArqULVidH7ROM7QOynYR0nvQSPMOUC/XDGfU+9xg=; b=s26hi8bQDy4f+SgwE2O+pNU13jVTMW5W++nZSNx3BnVc8mxAEUjidCdCI0mX0vzNY7 vlGzblcjWPD0Fp3+xECFcCTTejINcEmmi7GHGFie5A8gkRlv2PWXEviffA3DkSy2KMBx LEiGoRB6w1Pt68dMzOLYRShodo36jNgv5Hpr63dyIJmM+PUC5nqIp3jbJMO9JfcStFUV hFGdDQOTFb9Lhc9zSGMgfnwJ180W8tzzNGTmKASa2nwDZgAUBwyMdgKtkM34S5hWTNrI eG+EtrTivTT2ZD0G0rfGaCZLP3w0Hfk+3baKjpc7GgRMIAIAcNl3dIWTrKnTpYBwOZ/Z vqkg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706272437; x=1706877237; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9UqArqULVidH7ROM7QOynYR0nvQSPMOUC/XDGfU+9xg=; b=iZPeBEWRH9YHtq1/6OijMICVvhdiprycIOi4lswoIDVITRHtVkDv28QPBD+Ejb9avE Af0ChyICjAdYXZMRwMbazkMzBdDpS+dHitvzGurw6mg8eqTTNyxFKHCZTj4THIXH7wbP 1JQIgex+hafLWLxZjHfJedBLwLeC93LuarfNBO/F/vNEhE/RKu0rfmKTJkqlpIWRrS9g UE1IDnaRE0Qjp2o3ttotuPzsj+9QYkurGKAZK7sBythYPliXjJKzsD6eyKZFQH7vqyw6 z1PwEl0FsslO2z/Cz53HwWgjAF7uA5kkAIZJbvCxk1s+adp6o1KPzTc2aojcGOJhAnyL uTVg== X-Gm-Message-State: AOJu0YwV3gB7KrsMTQ2rocsXzDF3y/kAydzRui+4XRaU6epBqYpPWPS3 xv0kgAhB5X81zrxt01O3SPxFpT/xCEeiGLyB/+0Zo2aR53nnmgIsd/TqD8EklzTu3ii+OsPm1ph X1htpFbq8xHHuw9NDckL0fpK2qYKF3kO25BOD X-Google-Smtp-Source: AGHT+IGd62n+2RxpM3PIhY6cym3GnlSNkz7sZpZK5qZcCreUyKwry0eMpuKUCEZGpL8I0eVhgGC860sdXzu9+PQOL0A= X-Received: by 2002:a05:6122:2a07:b0:4b6:e71d:362d with SMTP id fw7-20020a0561222a0700b004b6e71d362dmr862145vkb.18.1706272437051; Fri, 26 Jan 2024 04:33:57 -0800 (PST) MIME-Version: 1.0 References: <20240124-alice-mm-v1-0-d1abcec83c44@google.com> <20240124-alice-mm-v1-3-d1abcec83c44@google.com> In-Reply-To: From: Alice Ryhl Date: Fri, 26 Jan 2024 13:33:46 +0100 Message-ID: Subject: Re: [PATCH 3/3] rust: add abstraction for `struct page` To: Boqun Feng Cc: Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Gary Guo , =?UTF-8?Q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Kees Cook , Al Viro , Andrew Morton , Greg Kroah-Hartman , =?UTF-8?B?QXJ2ZSBIasO4bm5ldsOlZw==?= , Todd Kjos , Martijn Coenen , Joel Fernandes , Carlos Llamas , Suren Baghdasaryan , Arnd Bergmann , linux-mm@kvack.org, linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org, Christian Brauner Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 31722A000F X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: qjsayfmcjhi7dnyyoyzdfk3894d13s3w X-HE-Tag: 1706272437-454904 X-HE-Meta: U2FsdGVkX1/jekWGXfaFH0t5Dd3hM9Nm8hHSN2LnJps9uW70Vm1P0VhxscMTkxr2eJpDz0QW4NMGdpfVFBhrMCvgO5wUEW5WSa1lVZpEtjqIzUCWwnt0X9Keeow8gGlxwmacLj3SxbX+DbBOPxx2EHnxwlcSbYWZ4pafTPufTUwzZUQ8uBXsVCktTUKq3DBIxdR8m44Bxw6AV00fyJg5RlxY+4Hvb7xrmjqhdAy/DD2/A9lEVGnleNm4qOy9M2PZ3QCjG/wjtQgC8HVG4KoGNQIewKK33jCajryCUMhLeXneDAGWb64z+IggpnWc15pGlBPQ9XnbC4wgYQPIJBWjofuMkqrKj7LAVxYW8RiD7Z/YEoW7UiAlWoaYN/kHX9d15LwhAXLV9jmb73I/BwPj7+6VSfIkHwgbuQyBlszk+Ax/KOCVPqH04d5ujlzN6OLFpF1jc28Jeaay1P2r+KMxI8EgTBNERImWKythNvX2pqfSTN6eZ284jPvppHiMkP671Y/OEhE+l1lMAUmtZnySpTt9OKOfrrVGqq38jH4wz8ywnHpj0bGXKOvSDfXLNHhDrma/+D/kkHp9EB8LuDJW320v1Is/TPhFAt+H3W+4yiTm4+ol4fEE/4mROomLvZyygKmDqCGTqr/rGm+RbTNdldWAyH4Aq3kiwABhpmpcxju7FhLm65y50kL07l4vOwG1mAIIHE/2XbbxkuvDi/jvg05Q/75gL/nDM/wIvDBxGmiBJEWqNmQKXXN5iJRU69MzNdSqUtnTwrmEJLZSHvJUrmYkQe9tV6rdh+lv+mE6lPG7Po+97Sr9Txe662XNR66lH88LSzLFcXBHOdGOJ0f7X8FxC1Lxj8tvuHt6uoU/shw/86OqAxznBHcXDlpri5dPMzBc0RvVf830OkNDz8TH9pDX8SvqCzpYZ2LK+tWkSdiquG3Ff9+HxMlNT9ydnb3dwICFA/4W80Y9WjDAKk8 piJmRcHk ax7ZGd/izkReyL2VnED6o7HNEFJ9djcRGkmSHfgEQaO5hy8A0VvcSjnA/VqfwsnSBROlZmjcZsn3CKhci6QuyWMJRwV2DDzzGs+kMpUVmr+NZYxVRziwW+bna2mKOPaFGuRvIRcCuYiv8apvnCXgZuEgne9plRhayBgQN9HmlsSkzPxojQ+KmZPBksLDLg/53q9AU/mymCx7X8+hLNwnGnjOSHk7qlxlwCENN X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Jan 26, 2024 at 1:47=E2=80=AFAM Boqun Feng w= rote: > > On Wed, Jan 24, 2024 at 11:20:23AM +0000, Alice Ryhl wrote: > > + /// Maps the page and reads from it into the given buffer. > > + /// > > + /// # Safety > > + /// > > + /// Callers must ensure that `dest` is valid for writing `len` byt= es. > > + pub unsafe fn read(&self, dest: *mut u8, offset: usize, len: usize= ) -> Result { > > + self.with_pointer_into_page(offset, len, move |from_ptr| { > > + // SAFETY: If `with_pointer_into_page` calls into this clo= sure, then > > + // it has performed a bounds check and guarantees that `fr= om_ptr` is > > + // valid for `len` bytes. > > + unsafe { ptr::copy(from_ptr, dest, len) }; > > + Ok(()) > > + }) > > + } > > + > > + /// Maps the page and writes into it from the given buffer. > > + /// > > + /// # Safety > > + /// > > + /// Callers must ensure that `src` is valid for reading `len` byte= s. > > + pub unsafe fn write(&self, src: *const u8, offset: usize, len: usi= ze) -> Result { > > Use a slice like type as `src` maybe? Then the function can be safe: > > pub fn write>(&self, src: S, offset: usize) -> Res= ult > > Besides, since `Page` impl `Sync`, shouldn't this `write` and the > `fill_zero` be a `&mut self` function? Or make them both `unsafe` > because of potential race and add some safety requirement? Ideally, we don't want data races with these methods to be UB. They could be mapped into the address space of a userspace process. Alice