From: "Danilo Krummrich" <dakr@kernel.org>
To: "Vlastimil Babka" <vbabka@suse.cz>
Cc: "Elijah Wright" <git@elijahs.space>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <lossin@kernel.org>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org,
"Lorenzo Stoakes" <lorenzo.stoakes@oracle.com>,
"Liam R. Howlett" <Liam.Howlett@oracle.com>,
"Uladzislau Rezki" <urezki@gmail.com>,
linux-mm@kvack.org
Subject: Re: [PATCH] rust: slab: add basic slab module
Date: Fri, 26 Sep 2025 18:58:06 +0200 [thread overview]
Message-ID: <DD2W3LCC7FWA.2X90YAPLI1FGC@kernel.org> (raw)
In-Reply-To: <1f5ae3bd-db21-4042-b177-55464644ce2e@suse.cz>
On Fri Sep 26, 2025 at 6:32 PM CEST, Vlastimil Babka wrote:
> On 9/26/25 17:55, Danilo Krummrich wrote:
>> On Fri Sep 26, 2025 at 5:33 PM CEST, Danilo Krummrich wrote:
>>> The only thing we need on the Rust side is that existing allocations remain
>>> valid even if the cache is destroyed. Or the other way around the cache is
>>> silently kept alive internally.
>>
>> Or to express it in C code:
>>
>> struct kmem_cache *cache = kmem_cache_create();
>> struct Foo *foo = kmem_cache_alloc();
>>
>> // After this call cache will never be accessed; leaves a zombie cache,
>> // since foo is still alive.
>> kmem_cache_destroy(cache);
>
> This will cause a WARN.
>
>> // This must still be valid.
>> foo->bar = 42;
>
> Yes this will be safe.
That's great!
>> // Frees foo and causes the "zombie" cache to actually be destroyed.
>> kmem_cache_free(foo);
>
> The free will be fine. But not cause the cache destruction, as that would
> require checks on each free. But should be fine wrt safety if we only leak
> some memory due to a wrong usage, no?
Yes, technically that's safe, but we wouldn't prevent the leak, which still
is not desirable (and not our ambition for a Rust API).
From a C standpoint, both the warning and the cache leak could be solved by
making kmem_cache_destroy() fallible as you mentioned previously.
On the Rust side the cache would be represented with a struct KmemCache<T>
(where T is the type that should be allocated by the cache).
kmem_cache_destroy() would be called from KmemCache<T>::drop(), which is not
fallible. But even if it were, we can't enforce that users keep the KmemCache
instance alive as long as there are allocations.
So, either we always keep the KmemCache<T> alive for the whole module lifetime
(which depending on whether its built-in or not could be considered a memory
leak as well). Or we ensure that the last kmem_cache_free() also frees the cache
if kmem_cache_destroy() was called previously.
OOC, does the cache pointer remain valid if kmem_cache_destroy() is called while
allocations still exist? I.e. is this, except for the WARN(), valid code?
kmem_cache_destroy(cache);
kmem_cache_free(foo);
kmem_cache_destroy(cache);
At a quick glance it appears to me that things would go south in
kmem_cache_release(). Anyways, I don't think it would help, if it would be the
case.
next prev parent reply other threads:[~2025-09-26 16:58 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20250924193643.4001-1-git@elijahs.space>
2025-09-25 2:17 ` John Hubbard
2025-09-25 9:54 ` Danilo Krummrich
2025-09-25 17:20 ` Elijah
2025-09-25 17:43 ` Danilo Krummrich
2025-09-25 18:02 ` Liam R. Howlett
2025-09-25 18:08 ` Danilo Krummrich
2025-09-25 18:11 ` Boqun Feng
2025-09-25 18:05 ` Elijah
2025-09-25 18:15 ` Danilo Krummrich
2025-09-25 18:17 ` Danilo Krummrich
[not found] ` <74b3ef24-a307-4d3c-891a-8c5283448b20@elijahs.space>
2025-09-25 18:52 ` Elijah
2025-09-25 17:54 ` Alice Ryhl
2025-09-26 15:00 ` Vlastimil Babka
2025-09-26 15:33 ` Danilo Krummrich
2025-09-26 15:55 ` Danilo Krummrich
2025-09-26 16:32 ` Vlastimil Babka
2025-09-26 16:58 ` Danilo Krummrich [this message]
2025-09-26 17:11 ` Vlastimil Babka
2025-09-26 19:01 ` Danilo Krummrich
2025-09-28 14:47 ` Danilo Krummrich
2025-09-29 7:14 ` Vlastimil Babka
2025-09-29 14:11 ` Elijah
2025-09-29 20:32 ` Danilo Krummrich
2025-10-01 4:44 ` [PATCH v2] " Elijah Wright
2025-11-06 7:53 ` Alice Ryhl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DD2W3LCC7FWA.2X90YAPLI1FGC@kernel.org \
--to=dakr@kernel.org \
--cc=Liam.Howlett@oracle.com \
--cc=a.hindborg@kernel.org \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=gary@garyguo.net \
--cc=git@elijahs.space \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=lossin@kernel.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=tmgross@umich.edu \
--cc=urezki@gmail.com \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox