Re: [PATCH 1/2] rust: list: fix SAFETY comment in List::remove

From: Christian Benton

Date: Mon Apr 27 2026 - 12:54:06 EST

Hello Phillip,

I am interested in taking this on will do so. I had reached out to Gary about his email and asked if he would like me to. I wasn't sure if his email implied he was to make the change or was mentioning the idea to me for me to do it. I am, however, more than happy to.

Sorry for any confusion on my end.

Christian Benton



Sent with Proton Mail secure email.

On Friday, April 24th, 2026 at 7:29 AM, Philipp Stanner <phasta@xxxxxxxxxxx> wrote:

> On Tue, 2026-04-07 at 12:56 +0100, Gary Guo wrote:
> > On Tue Apr 7, 2026 at 9:15 AM BST, Alice Ryhl wrote:
> > > On Fri, Apr 03, 2026 at 10:08:15PM +0000, Christian Benton wrote:
> > > > The SAFETY comment for the call to ListLinks::fields in List::remove
> > > > was left as TODO. Fill it in: the call is safe because T::view_links
> > > > returns a reference to the ListLinks field of item, and references are
> > > > always valid and non-dangling.
> > > >
> > > > Signed-off-by: Christian Benton <t1bur0n.kernel.org@xxxxxxxxxxxxx>
> > >
> > > Thanks. I agree that `item` being a reference is the only thing needed
> > > for this to be sound, as reference implies that the pointer is not
> > > dangling.
> >
> > (cc Philipp)
> >
> > FWIW, I want to change `item` from a reference to a raw pointer.
> >
>
> Are you still working on that, or should I or someone else pick it up?
>
> Regards
> P.
>
>
> > In Philipp's
> > WIP DRM job scheduler implementation, there is a case where the list is
> > conceptually a list of `UniqueArc`s; each job only needs to handle that is
> > sufficient to locate the item in the list and remove it.
> >
> > I suggested to him that keeping a pointer and do a list iter with ptr
> > comparison is sufficient to achieve that without needing to do additional
> > reference counting. Of course I don't want to iterate the list when I could just
> > call `remove` function on the list itself; for that use case I want to change
> > the `remove` function to only require a pointer (with additional safety
> > requirement that it is valid).
> >
> > It's orthogonal to this change as I'll probably be more careful about pointer
> > provenance too when making that change, so just a heads up.
> >
> > Best,
> > Gary
>
>