Re: [PATCH 2/7] rust: cred: add Rust abstraction for `struct cred`

From: Benno Lossin
Date: Thu Nov 30 2023 - 11:17:28 EST

Next message: Jason Gunthorpe: "Re: [PATCH 1/1] iommu/vt-d: Disable PCI ATS in legacy passthrough mode"
Previous message: Paz Zcharya: "[PATCH] drm/i915/display: Check GGTT to determine phys_base"
In reply to: Alice Ryhl: "[PATCH 2/7] rust: cred: add Rust abstraction for `struct cred`"
Next in thread: Alice Ryhl: "[PATCH 3/7] rust: security: add abstraction for secctx"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/29/23 13:51, Alice Ryhl wrote:
> + /// Returns the credentials of the task that originally opened the file.
> + pub fn cred(&self) -> &Credential {
> + // This `read_volatile` is intended to correspond to a READ_ONCE call.
> + //
> + // SAFETY: The file is valid because the shared reference guarantees a nonzero refcount.
> + //
> + // TODO: Replace with `read_once` when available on the Rust side.
> + let ptr = unsafe { core::ptr::addr_of!((*self.0.get()).f_cred).read_volatile() };
> +
> + // SAFETY: The signature of this function ensures that the caller will only access the
> + // returned credential while the file is still valid, and the credential must stay valid
> + // while the file is valid.

About the last part of this safety comment, is this a guarantee from the
C side? If yes, then I would phrase it that way:

... while the file is still valid, and the C side ensures that the
credentials stay valid while the file is valid.

--
Cheers,
Benno

> + unsafe { Credential::from_ptr(ptr) }
> + }
> +

Next message: Jason Gunthorpe: "Re: [PATCH 1/1] iommu/vt-d: Disable PCI ATS in legacy passthrough mode"
Previous message: Paz Zcharya: "[PATCH] drm/i915/display: Check GGTT to determine phys_base"
In reply to: Alice Ryhl: "[PATCH 2/7] rust: cred: add Rust abstraction for `struct cred`"
Next in thread: Alice Ryhl: "[PATCH 3/7] rust: security: add abstraction for secctx"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]