From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 48327D6ACF0 for ; Wed, 27 Nov 2024 15:57:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BFA006B0088; Wed, 27 Nov 2024 10:57:35 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id BA9FD6B0089; Wed, 27 Nov 2024 10:57:35 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A718D6B008C; Wed, 27 Nov 2024 10:57:35 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 83B2A6B0088 for ; Wed, 27 Nov 2024 10:57:35 -0500 (EST) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 15AF51C74B2 for ; Wed, 27 Nov 2024 15:57:35 +0000 (UTC) X-FDA: 82832329986.14.A28749F Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com [209.85.216.49]) by imf29.hostedemail.com (Postfix) with ESMTP id ADC68120004 for ; Wed, 27 Nov 2024 15:57:24 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=u426WPVq; spf=pass (imf29.hostedemail.com: domain of aliceryhl@google.com designates 209.85.216.49 as permitted sender) smtp.mailfrom=aliceryhl@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1732723046; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Mzq+sY/UuVHCJgsty70Afejr/cELZw5CwMQokYJBrCM=; b=78c/svrJybevypOu0CdwTU+q1aY5+M9P+Husw4NwpMN+FnPTCzU813ljLkyeSYsxkuEdie 0tZ/3hEuLYH7x0ecpIv9EmvfRYbTK00eEBkk/jeYa8RHY1kTv1REyDqYVGYUhQw04EXWHk CjObDpmnUhNt7R/4/UwzsxfuITSFwFw= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=u426WPVq; spf=pass (imf29.hostedemail.com: domain of aliceryhl@google.com designates 209.85.216.49 as permitted sender) smtp.mailfrom=aliceryhl@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1732723046; a=rsa-sha256; cv=none; b=QiPs0EUp18Nn6Z5p/woInsf8Zd7eNSnqDBAntxp4TvdUk2qD1J9aX8hAoHGwETt+bRl0Ax gvPgowB9odYvTh4W+Wasnvvy8/2W/8GQppxPfOlW4QCtEdRPRm2oJK4lUC8eTTK1muf5OF prr4wE2ev3fqdAVTzzT+FrnRSb6P1Aw= Received: by mail-pj1-f49.google.com with SMTP id 98e67ed59e1d1-2e59746062fso5835445a91.2 for ; Wed, 27 Nov 2024 07:57:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732723052; x=1733327852; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Mzq+sY/UuVHCJgsty70Afejr/cELZw5CwMQokYJBrCM=; b=u426WPVqzGwTmXkIrGVcZroQ+uQUdLob3WwugOU1DLt2++sBTpAOAD0XQTSg+Ata+i l+m0k+yxAJVRq8G6rMPWuzg11bc+U/Sgq9up6LsXqyUJ+9D6fsTl+kmQT4cv4CzmdhPy 7vN+A5hIohqSyZ+RdOZCUlgyFQJh1qdRgBNJ2r9C6pDvjIc256rwSDRdoG6P+h0DIRXU lmIu1ku1wjwaXFYT+JKD/iXGeI/ielMyyUu91Ync+ERMyo8SdZg7wdcj1aNOSnTuKLDo WqSa4Iw7hGrXQQ5BU10eEr+QIBFiUEw61E2JYfd15xxGT7inpagyy8rBugfbGhWvKk9L 6yUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732723052; x=1733327852; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Mzq+sY/UuVHCJgsty70Afejr/cELZw5CwMQokYJBrCM=; b=uYYwJ4C1WtkjcsUShJY0zTNPB1u4GIn7W53jd2MHGdUtnGi1OAL6xydiSCFtE3PVE4 HTreP/HbLBf47hdsFD6JvYTFotMib35YkAv2x+imAUwjnhAv67Nr2OSAUxhXZ4SPeIoZ mAuBKWSJ0HX3g3IbokI8Xt6A2YVVAwNo4WL9VqmQbCeq/+a9UnBC8FLK7Gr08npWbubl hX/zWQbxvv1oWGdQz89cH6mzveTaUgTcpY7A9mzLox7yhrqPRdUz1BD2v9ds+aZeyhLv h0tFYOOe6djf1U8iODU7zDy3Ui7t//yrV8NAeyexeUXFVxoW7ThG8XArRQJV9Mpx6sxP SDoA== X-Forwarded-Encrypted: i=1; AJvYcCWQ1dURxJYDQfjnaS6PD6bNfrPVOBWNOb3Q/xj5/3mddo/3SMA71IjcQEPXTf+QH2birt4WlMa3wA==@kvack.org X-Gm-Message-State: AOJu0YwRhjIE0slXxWvL3P8QmdFsDdo5CsVznMEyKeaW3PCSoJQDQaNL BIbWitHa+ETNAzc912kGPBNW2DGHAmmBIziWJZKKZZosC1OD6GU0yUYktNEKGycVgSa5wBAPU50 fH0eGED21p0I8oj0Ht04H+pDcCuRoP8Nft9t3 X-Gm-Gg: ASbGncubfXYK/xrTMZNW/KwJY9rgNO5oR8nG53vB545kvUaI0e/h5mT4ggQ6j7M9uWm S1jDPg5lkWhn5naVCX5OR/HrRxH1lmEy42u2UmURYJLxN6Nx1skg1xn23q1esPg== X-Google-Smtp-Source: AGHT+IG6y1bQBNLQkQ/ye9/NfGNFTdcIbZPYVf1DhkiwrolILsLzrOzKl8C9OOLMv1IvSiKNfdCQWD3L1QdBkC//MAk= X-Received: by 2002:a17:90b:1e43:b0:2ea:8e42:c3f with SMTP id 98e67ed59e1d1-2ee08dab550mr5115668a91.0.1732723051588; Wed, 27 Nov 2024 07:57:31 -0800 (PST) MIME-Version: 1.0 References: <20241122-vma-v9-0-7127bfcdd54e@google.com> <20241122-vma-v9-8-7127bfcdd54e@google.com> In-Reply-To: From: Alice Ryhl Date: Wed, 27 Nov 2024 16:57:18 +0100 Message-ID: Subject: Re: [PATCH v9 8/8] task: rust: rework how current is accessed To: Jann Horn Cc: Miguel Ojeda , Matthew Wilcox , Lorenzo Stoakes , Vlastimil Babka , John Hubbard , "Liam R. Howlett" , Andrew Morton , Greg Kroah-Hartman , Arnd Bergmann , Christian Brauner , Suren Baghdasaryan , Alex Gaynor , Boqun Feng , Gary Guo , =?UTF-8?Q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , linux-kernel@vger.kernel.org, linux-mm@kvack.org, rust-for-linux@vger.kernel.org, Andreas Hindborg Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: ADC68120004 X-Rspam-User: X-Stat-Signature: mcm9hesu5661ho1kf18e9on6naczemna X-HE-Tag: 1732723044-646476 X-HE-Meta: U2FsdGVkX1/v0xKUa0f/zb+rEnBVbauLdU1ggQxtYWjlrRCcZDRClJRHkjtpIj2Xf/ZHUBkxpOeDOlnvHxxhfayE2jMNxMvPgKMIyb+cuDDaDK4/qbE3oOZua5nxPUaQ+/0+iWNIxlgQHmyqA/jNCd4dgpk1U4/VzUN+QkX+F0rp6/pr8ZFF5la7+VNzI9N7/wk864iIFmPs/tl9O/z2mj4IQD9AiH2p6DlVGYS3945tPBxXAZcrVC889/A4cw61YYJBiFYm9gXHcS/EnVa7ZMia/xqJGWZVSgBe5iFjX5uw6d37TO/UDAHHJn0b6hpCIfcORbpCr3fW/orFX1Ue8ovtMWXJ+yXnUycaBUqfnZhk+AYmO5w+TQ+Q7qlXpIwWF/HNjjQVI/CQsKI2aN8miyc/0IzCqsUmQ7WUq2yDeTF+AENoBDbIQ6MHZcQ+PeM0Fc31CbCkIDWp9AjWfyPAtbdn1xgadONGZPfkji+jEGMpQUoDWFdJLGBlW8uj4UtLbx8x3No19zCBa22VE/Rp7Lus6ir7D1HLQPN1FRgVRvAs3mnm4t7s920rz0eI4aKzkyCucECpbmodd86f1PYWMLo7aDwYQSCphtIgIYpkgBaUrSAIxhAdeytFqFtOktU9Chku2bk5eZy17EY23n/oxFrHcXrHEh9PG3JW/cEBhInNfODVQkeOAlVRRAzzXFXIafTMRKaslVfj+YYMbSCSbVIVteH3GejduZg+U4PddXtkXr3dSPuJ3O6MfopS3JkBonPyglN5RqBs35ynrSKjBVRSRu5VirRmg4wyY1IsDB2c704aV+vFUYSWTQAJQ4FSGBLcxBAd5zoh9z4paSfBmEaQy3dKLvzdSJ9XnGJOOj+ur/kZos76i7c7c9jccFzK1OJYudKQXn7C1yAu7aTusyzCj7+ST+oLckKMNhVWCMHUUXfbo4kcHndTdm8IaX2A9FpDZwb0Mttjkc0yxt6 3tXJ9CC7 HebuyJNPVVObdBlxSeNcOV0WjDOUpdoUtL+X1jhX48IehrNw3smcdVdr6ZWDzbPo1eeWyv47dglFxdS4Mqgb+W1ihQykntzIddPf/A1GpZ3+7BTZdmHmK1hLJlPLUfANBRAa3JUVMKYF5okslYNLuZQYHH97x8v6/qCnVZ37pv/pl78Hci+0V3Id1ZfbuVAVeHx9tc0cPlhcXsM7ZQYcBbqzGlZ1IgRDzymSkR8fkBJIwt+/ktnY8s+a2he6hGQikgK6Y2KYXI5CcqkFqPCr3O3HUUTyDlCrh2ENqE45Mg868seo438upIDIVbWlpfP6Q7H5iqAN4YEHc4VU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000049, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, Nov 27, 2024 at 4:52=E2=80=AFPM Jann Horn wrote: > > On Wed, Nov 27, 2024 at 1:36=E2=80=AFPM Alice Ryhl = wrote: > > On Tue, Nov 26, 2024 at 6:15=E2=80=AFPM Jann Horn wr= ote: > > > > > > On Fri, Nov 22, 2024 at 4:41=E2=80=AFPM Alice Ryhl wrote: > > > > +impl CurrentTask { > > > > + /// Access the address space of this task. > > > > + /// > > > > + /// To increment the refcount of the referenced `mm`, you can = use `ARef::from`. > > > > + #[inline] > > > > + pub fn mm(&self) -> Option<&MmWithUser> { > > > > + let mm =3D unsafe { (*self.as_ptr()).mm }; > > > > + > > > > + if mm.is_null() { > > > > + None > > > > + } else { > > > > + // SAFETY: If `current->mm` is non-null, then it refer= ences a valid mm with a non-zero > > > > + // value of `mm_users`. The returned `&MmWithUser` bor= rows from `CurrentTask`, so the > > > > + // `&MmWithUser` cannot escape the current task, meani= ng `mm_users` can't reach zero > > > > + // while the reference is still live. > > > > + Some(unsafe { MmWithUser::from_raw(mm) }) > > > > > > Maybe also add safety comments for these nitpicky details: > > > > > > kthreads can use kthread_use_mm()/kthread_unuse_mm() to change > > > current->mm (which allows kthreads to access arbitrary userspace > > > address spaces with copy_from_user/copy_to_user), but as long as you > > > can't call into kthread_use_mm()/kthread_unuse_mm() from Rust code, > > > this should be correct. If you do want to allow calls into > > > kthread_use_mm()/kthread_unuse_mm() later on, you might have to gate > > > this on a check for PF_KTHREAD, or something like that. > > > > Huh ... is it possible to use kthread_use_mm() to create a situation > > where current->mm has mm_users equal to zero? If not, then I don't > > think it's a problem. > > Ah, no, I don't think so. I think the only problematic scenario would > be if rust code created a borrow of current->mm, then called > kthread_unuse_mm() and dropped the reference that was held on the MM, > and then accessed the borrowed old mm_struct. Which isn't possible > unless a Rust binding is created for > kthread_use_mm()/kthread_unuse_mm(). Ah, ok. The way that the current abstraction works is that it enforces that the current pointer cannot escape the scope you were in when you obtained it. If we enforce that kthread_use_mm() and kthread_unuse_mm() involve a scope, then that should solve that. Alice