Re: [PATCH v2 0/2] Lock and Pointer guards

From: Paolo Bonzini
Date: Fri Jun 09 2023 - 06:31:04 EST

Next message: Claudiu.Beznea: "Re: [PATCH v3 1/3] dt-bindings: timer: atmel,at91sam9260-pit: convert to yaml"
Previous message: Jingbo Xu: "[RFC] block: relax permission for Persistent Reservations ioctl"
In reply to: Nick Desaulniers: "Re: [PATCH v2 0/2] Lock and Pointer guards"
Next in thread: Peter Zijlstra: "Re: [PATCH v2 0/2] Lock and Pointer guards"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/8/23 22:14, Nick Desaulniers wrote:

Here, we're talking about using __attribute__((cleanup())) to DTR
locally, but then we return a "raw" pointer to a caller. What cleanup
function should the caller run, implicitly, if at all? If we use
__attribute__((cleanup())) that saves us a few gotos locally, but the
caller perhaps now needs the same treatment.

But this is only a problem when you return a void*; and in general in C you will return a struct more often than a raw pointer (and in C++ you also have the issue of delete vs. delete[], that does not exist in C).

Returning a struct doesn't protect against use-after-free bugs in the way std::unique_ptr<> or Rust lifetimes do, but it at least tries to protect against calling the wrong cleanup function if you provide a typed "destructor" function that does the right thing---for example by handling reference counting or by freeing sub-structs before calling kfree/vfree.

Of course it's not a silver bullet, but then that's why people are looking into Rust for Linux.

Paolo

Next message: Claudiu.Beznea: "Re: [PATCH v3 1/3] dt-bindings: timer: atmel,at91sam9260-pit: convert to yaml"
Previous message: Jingbo Xu: "[RFC] block: relax permission for Persistent Reservations ioctl"
In reply to: Nick Desaulniers: "Re: [PATCH v2 0/2] Lock and Pointer guards"
Next in thread: Peter Zijlstra: "Re: [PATCH v2 0/2] Lock and Pointer guards"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]