Re: rust: wrong SAFETY comments in group_leader() and pid() + questions

[Oleg Nesterov]

Alice,

Thanks again for your explanations. Not that I fully understand
them, though ;)

On 12/05, Alice Ryhl wrote:
>
> To start with, it's likely that this comment is not the right choice
> for this function, given our discussion. Most likely group_leader()
> needs to be moved to `impl CurrentTask {}`

I obviously can't comment this proposal,

> and the safety comment needs
> to explain why being the current task ensures that the returned &Task
> lives for long enough.

This is simple. task->group_leader can't change or go away until
this task exits or execs. The "current" task can't exit/exec.

(This also covers the race with mt-exec from current's subthread,
 the execing thread will kill all the threads and wait until they
 all pass release_task(). Only then it will change ->group_leader).

> impl CurrentTask {
>     fn group_leader(&self) -> &Task {
>         // SAFETY: This is the current task, so the task must be alive.
>         // Therefore the group leader cannot change, and thus it will
>         // stay valid as long as self is the current task.
>         unsafe { &*bindings::task_group_leader(self.as_ptr()).cast::<Task>() }
>     }
> }

Yes, the comment looks good to me.

But we don't have the task_group_leader() helper yet, so far I
only sent the trivial initial preparations, see
https://lore.kernel.org/all/aTV1KYdcDGvjXHos@xxxxxxxxxx/

So if you are going to move Task::group_leader to the
CurrentTask block, please use .group_leader directly, like
the current code does.

Oleg.