From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BD3BBC47422 for ; Fri, 26 Jan 2024 18:28:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5335E6B0089; Fri, 26 Jan 2024 13:28:42 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 4E37C6B008A; Fri, 26 Jan 2024 13:28:42 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 35D226B0092; Fri, 26 Jan 2024 13:28:42 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 26D566B0089 for ; Fri, 26 Jan 2024 13:28:42 -0500 (EST) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id E4413120632 for ; Fri, 26 Jan 2024 18:28:41 +0000 (UTC) X-FDA: 81722298042.30.5D74ABE Received: from mail-qv1-f51.google.com (mail-qv1-f51.google.com [209.85.219.51]) by imf30.hostedemail.com (Postfix) with ESMTP id B873F80021 for ; Fri, 26 Jan 2024 18:28:39 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=EpNwgEAo; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf30.hostedemail.com: domain of boqun.feng@gmail.com designates 209.85.219.51 as permitted sender) smtp.mailfrom=boqun.feng@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1706293719; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=YY5QdlvejuRuBjd73iKQnUzWXn5ClKcYIkPwTdN2etU=; b=idIE6CL9WrLh/ZbHDogv6tkYZN95nGWuRP0oU6icpxku67BU6nij66bfLd9fYUHhu6RlwS PjfKt4NNrRuJXWMzWZ92v7WsCqr+DeuIeBdpikC0bi9Qd45Rx9/nvJG6FKzdg5n2MFkVuk rpSMQfgAqRm1SpCFuW5VHviAN6CPpTw= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=EpNwgEAo; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf30.hostedemail.com: domain of boqun.feng@gmail.com designates 209.85.219.51 as permitted sender) smtp.mailfrom=boqun.feng@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706293719; a=rsa-sha256; cv=none; b=i4M9191lXchSFpH3RQSmyOKX7hyeNwrkXUERCe8mqQrQydn3niFiyIueEvtEpJqH//paTY eSkTOQyqqRlMQkArIj9KbC1f3qfY+Q04QCAWWIXQ+cUyuc2YS1d1mC2gp+tg8dlOEurnSy d4J63cTKs5tCQT9s/OT22M0QlqF/2es= Received: by mail-qv1-f51.google.com with SMTP id 6a1803df08f44-6869e87c8d8so3017336d6.2 for ; Fri, 26 Jan 2024 10:28:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1706293719; x=1706898519; darn=kvack.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :feedback-id:from:to:cc:subject:date:message-id:reply-to; bh=YY5QdlvejuRuBjd73iKQnUzWXn5ClKcYIkPwTdN2etU=; b=EpNwgEAo6vJa83z8VuaWhglXxlmeIt8giiWj9SeYdryJgxPJi4jlTmq+GnzQNZx2u1 axgDZVQD13GbSqnKW4OlsDfzNPm0Vt9JU3uUyDIA2L3F1/Sxt+KDA0jyLBaJ2qUb57Is Qm00WlaMwTExAThXTap2BHv//JUqNtKjpgI3FtSti/v3YNRL3X3Jm6NfSnufDOnV2dyJ T/qyFes6JI937YUsLB+ECYW7iJEaOpxl8B2aBGDofqDInUlwB0wLhMQEND48E3S9fgIL 91enAcTk+eW5e0w2DDE8ztA/AHqgVVmu8zeMey2c0wNdEyPTHwO8F8LlQynDL51V37yE kL3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706293719; x=1706898519; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :feedback-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YY5QdlvejuRuBjd73iKQnUzWXn5ClKcYIkPwTdN2etU=; b=dWG0wfgWJQROInlsyM+qJMai+fnAHeyZ/qIHxpbm1cidE8r1g7oeewd23/5lbVlr0r /H9MbzNBzaZfW02wkvoDPBWl+MFG5Y8sPwgiXHhfOTEumeMm/+9Xbpa1nD9QNekPLSPL v+lm2U0vYlSZbQ+jRiec2hESH+F38OyLQ5U5/e7Oo0ia1Xv6ESB9LozA2EQ0cL6zG1xc +8fcn2puJYnNW8ymA8FYAjopRKuImiIGsliXYEuQSfmuuKXik5WJgG6tSAAnAO+WkP8C e0y8OtN5jcAHVIEVoCbUAkZstzj4GLau73THjc00n+v6IFH+PvDklprWKlabzBW8O3Hv FmqA== X-Gm-Message-State: AOJu0YxTvkxmWRBrlBAk0cv/paCnE5BN2Uonqkj+alphcfJrHNS2uLKt EgiYhYsLPPs6T7WGp4T64FobtLnULBJkdzOQ7u9qeeZpbbHi7dsckJhSBghz X-Google-Smtp-Source: AGHT+IH6n0MtA82eUbR2NQcDtgBlhpzE7yRCW+imkMycfhL7GRpxWMd1iCD41JMC6ewE/4q76tUJKg== X-Received: by 2002:a05:6214:1316:b0:68c:34b0:aa18 with SMTP id pn22-20020a056214131600b0068c34b0aa18mr310315qvb.119.1706293718885; Fri, 26 Jan 2024 10:28:38 -0800 (PST) Received: from auth2-smtp.messagingengine.com (auth2-smtp.messagingengine.com. [66.111.4.228]) by smtp.gmail.com with ESMTPSA id vu2-20020a05620a560200b00783142f946bsm779300qkn.99.2024.01.26.10.28.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Jan 2024 10:28:38 -0800 (PST) Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailauth.nyi.internal (Postfix) with ESMTP id 710B227C0066; Fri, 26 Jan 2024 13:28:37 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Fri, 26 Jan 2024 13:28:37 -0500 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrvdeljedgudduudcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpeffhffvvefukfhfgggtugfgjgesthekredttddtjeenucfhrhhomhepueho qhhunhcuhfgvnhhguceosghoqhhunhdrfhgvnhhgsehgmhgrihhlrdgtohhmqeenucggtf frrghtthgvrhhnpeevgffhueevkedutefgveduuedujeefledthffgheegkeekiefgudek hffggeelfeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhroh hmpegsohhquhhnodhmvghsmhhtphgruhhthhhpvghrshhonhgrlhhithihqdeiledvgeeh tdeigedqudejjeekheehhedvqdgsohhquhhnrdhfvghngheppehgmhgrihhlrdgtohhmse hfihigmhgvrdhnrghmvg X-ME-Proxy: Feedback-ID: iad51458e:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 26 Jan 2024 13:28:36 -0500 (EST) Date: Fri, 26 Jan 2024 10:28:34 -0800 From: Boqun Feng To: Alice Ryhl Cc: Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Gary Guo , =?iso-8859-1?Q?Bj=F6rn?= Roy Baron , Benno Lossin , Andreas Hindborg , Kees Cook , Al Viro , Andrew Morton , Greg Kroah-Hartman , Arve =?iso-8859-1?B?SGr4bm5lduVn?= , Todd Kjos , Martijn Coenen , Joel Fernandes , Carlos Llamas , Suren Baghdasaryan , Arnd Bergmann , linux-mm@kvack.org, linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org, Christian Brauner Subject: Re: [PATCH 3/3] rust: add abstraction for `struct page` Message-ID: References: <20240124-alice-mm-v1-0-d1abcec83c44@google.com> <20240124-alice-mm-v1-3-d1abcec83c44@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: B873F80021 X-Stat-Signature: ueotzcsp9hyrsnsmw7hqchyib64nso5j X-Rspam-User: X-HE-Tag: 1706293719-459331 X-HE-Meta: U2FsdGVkX1+WB/9T80MtVEqI9aQJGmrIJDgIpIZlitb9ilniOBMSKowwoz8llllmlIsnWRHpbhQ37KEjxpNtgCGNWaVvLdCZJENpbTDKFs1LCCeiSVKDbUH8Jzfd/7CFcwOEVUbTakMxhpw5R32JuzonSbRPJufUxHtCz/kwKAYTLQ/aH+Ss29HyZu/zQxu3/79qmWHSzKa8MhhUSMu5caWND1KNE3Z30RfY2QIjxu6lhrcY3iidNRiUXj7dhIlp1Ig7yIb4Urmdk9sJpYS/E98DPwHpsRL2G/okMAXPPoLOWFuSGqDG9AcuYlaN2a8ZCRbJDxjr9NDtx3ttUn4uxcXYs5BUamWBfAgKzSkPfoN3HG8Kd+sZJIUKbx6lXtkUnUdHrGF0kAMeus/5iP5w+NtAzEwtCjefiJeb46GtKgltClJOZN8brG+Q8d49cn+Mkppggv0sRSlaDnY5xPUdLDU1W2f1LUd+Ncug22dgeAgltDq/Y6P/u1welfQpHsflUGXd0y6XEQHtzbZ6C4W8+zdMOQzW5XuvRLQwhtca4i1SUuopq7T5QBnPHxZBs7rXu5//MDa7FN9wkLLfEoiSM+3vguz5SDnyaFvoPWLq/4HQR1mBdqToRUYZNyPMPrqS62tAbuKqG0qLg0Yn1US5bbwffOQT5km9ihX8tqJiSTR1ZmoZ8fRpnbWGBT8wTLrvjF8amQaSQtajMta95NGe1IRfsvHuGiFIzzg9uwd82/rAmbV+0Uafnb2ObqwTNkEwJXZx+Z7bsVMgKUNauHdsMwVQHB8gIxSyMO3jv6OdJe4x6d69YOdykm41SaCHRNgJeklTJ/zc6p8lGGDXus1I5LTtAcxSBajkegoFfmmGgn2CRoT0l20JY3LT0tati1WxdNmY/gnCOnHHFiHGLJQMVRGPq6Fw14tIsris5gW73mgfMJCKvQmoPONIy5YQ5SbfmPVvCqyxFvi2BbCKhCl btmRDez7 XEdf+ps4B5vXFHCbCSkhk+yr3E9wTaoCIbDcMqThVhLayX9CuY86cXX3sxyrBdqYibxsnf6dKzdTonJORUVr6r7pse/S9OLMFVfGiF098pjoZwdhLmw0BoVaAFxKHD+OD/0YtNWy6GqomYUD1lP/cbTE58CXdsEjxwLs9ehrT0W4Hjkxy6WP9/TigqBK5KY33kHIyj4781b32+MCJljt+ii87lvK40rRviNxqr2qqwJCaYelZn17vIL4kvcrfGeCGVmtZ3c19Ww2oJOORieozc2ygq62Q8FuOmx7iIia6mRBzgVrANBm23Ffx43VhH+auHW38902ZwhY7Ck3Hs465Grg3eW8odQGCERQE8DAJhWbZ1PTjGRVP5chEY91ZZfMaK7bdv2d+IGRDIJY+qlIOM9oQwqYKW8EaLjINFsDnexD9Uzkm2avvoyDSIcA/A9ZJ4jJApyu6j6VOs+Jwi02DBkl+Q1dGD/oGeGCWOaBqlQNE3IcO1YEX1wAhZxtnEFt4G97M7N5siHQ8Fb+/j/qG+xf7aXrQuamUBf09 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Jan 26, 2024 at 01:33:46PM +0100, Alice Ryhl wrote: > On Fri, Jan 26, 2024 at 1:47 AM Boqun Feng wrote: > > > > On Wed, Jan 24, 2024 at 11:20:23AM +0000, Alice Ryhl wrote: > > > + /// Maps the page and reads from it into the given buffer. > > > + /// > > > + /// # Safety > > > + /// > > > + /// Callers must ensure that `dest` is valid for writing `len` bytes. > > > + pub unsafe fn read(&self, dest: *mut u8, offset: usize, len: usize) -> Result { > > > + self.with_pointer_into_page(offset, len, move |from_ptr| { > > > + // SAFETY: If `with_pointer_into_page` calls into this closure, then > > > + // it has performed a bounds check and guarantees that `from_ptr` is > > > + // valid for `len` bytes. > > > + unsafe { ptr::copy(from_ptr, dest, len) }; > > > + Ok(()) > > > + }) > > > + } > > > + > > > + /// Maps the page and writes into it from the given buffer. > > > + /// > > > + /// # Safety > > > + /// > > > + /// Callers must ensure that `src` is valid for reading `len` bytes. > > > + pub unsafe fn write(&self, src: *const u8, offset: usize, len: usize) -> Result { > > > > Use a slice like type as `src` maybe? Then the function can be safe: > > > > pub fn write>(&self, src: S, offset: usize) -> Result > > > > Besides, since `Page` impl `Sync`, shouldn't this `write` and the > > `fill_zero` be a `&mut self` function? Or make them both `unsafe` > > because of potential race and add some safety requirement? > > Ideally, we don't want data races with these methods to be UB. They I understand that, but in the current code, you can write: CPU 0 CPU 1 ===== ===== page.write(src1, 0, 8); page.write(src2, 0, 8); and it's a data race at kernel end. So my question is more how we can prevent the UB ;-) Regards, Boqun > could be mapped into the address space of a userspace process. > > Alice