Re: [PATCH 1/2] rust: add initial scatterlist bindings

[Jason Gunthorpe]

On Thu, Jun 26, 2025 at 11:31:15PM +0300, Abdiel Janulgue wrote:
> Just commenting on this bit. From what I've seen, we don't actually leak
> anything. The cast only creates a reference to the original C `struct
> sg_table` object which was allocated and owned by whichever kernel subsystem
> called sg_alloc_table(). Rust doesn't even allow us to take ownership or to
> dereference the value, so this one is safe. Destructors are not called on
> those "casted" objects.

This does not seem the right kind of philosophy.

Every pointer out of the kernel APIs has some kind of implicit
lifetime contract.

Eg if you have
  b = get_b(a);

Then the lifetime of b might well be 'alive so long as a is alive'

Or if you have some function pointer callback
  void op_foo(a) {}

The lifetime of a might well be 'alive only within the function'

AFAICT rust needs to figure out these implicit rules and the compiler
needs to enforce them.

Eg

 a = make_a()
 b = get_b(a)
 destroy_a()
 do_something(b)

Should be something impossible.

Jason