Comments (5)
The kernel is not allowed to allocate or reserve IDs in the user's namespace, but 0 would be exactly that. Hence, we went with -1. Care to elaborate why 0 would be better?
from bus1.
Also, why is it wrong to set the REMOTE flag on the invalid handle?
from bus1.
Hum, an invalid handle is then a remote and a managed handle. I didn't thought that this flags were meaningful if an handle was invalid. This code bus1-rust/bus1-rs@de5a826 is then wrong, right?
Setting all bits to 1 is the same as setting the managed and remote flags (2 bits), plus having an ID. Because of the invalid handle exception, the handle ID is in fact not 62 bits but 61 bits, which seems weird. I think it would be clearer to have a dedicated/documented bit for this exception.
In a userland code, would you check either if the handle is invalid and/or managed?
from bus1.
So conceptually there is only a single ID namespace, and it is managed by the kernel. Whenever you create a node, the kernel allocates a new ID for you, which will never be re-used, even if you destroy the node (i.e., the ID namespace is not sparse, unlike FD numbers). This ID uniquely identifies your object, and it is a 64bit ID, completely opaque to user-space. That is, do not treat it as a 62bit ID with flags! The namespace is kernel managed, and the kernel gives you the guarantee that an ID is never re-used. Ever.
Additionally, the kernel gives you the following guarantees: Every ID it allocates has the LSB set, and it never allocates -1
. You can safely rely on this. But you should never put any other assumptions on the IDs the kernel returns. They're opaque.
The problem with this approach was that user-space now has to do ID lookups manually on every message they receive, even though the kernel technically does that already. Hence, we provide a separate ID namespace for user-space to pick IDs from whenever they create a node. This ID namespace has the LSB not set. Furthermore, this ID namespace is fully under user-space control. They can decide whether to use the same logic as the kernel (simply increment a counter for each new ID you allocate), or to implement a sparse-namespace like FDs, or to simply pass memory pointers unchanged. The last part is particularly interesting for C programmers. Pointers never have the LSB set (they're aligned), hence you can just pass in pointers to the kernel, and the kernel returns them to you whenever you retrieve a message.
I cannot tell you how to design your Rust accessors, since this is a design decision. Preferably you would not deal with IDs at all, but instead provide real Rust objects to the user. But I am not to tell you how to do this. Just as an example: It is completely valid in C to malloc()
an object and pass that pointer to a bus1 ioctl. It will end up as unmanaged ID of a local node of the peer.
Whenever you end up checking whether the invalid ID is managed
or remote
, I would assert you are doing something wrong, since this is not an interesting question to ask. That situation should not happen. This is like invoking member functions of your class on a NULL pointer. It is simply undefined.
You are free to avoid NULL pointers and instead have dummy
objects, but then you are also responsible to decide how that dummy behaves. I cannot decide that for you, without knowing the overall design of the API.
from bus1.
Thanks for this in-depth explanation!
cc @Siosm
from bus1.
Related Issues (15)
- rmmod: ERROR: Module bus1 is in use HOT 6
- make tt fails a test HOT 13
- bus1 tests - "INFO: suspicious RCU usage" HOT 4
- FTBFS with c-sundry 0~29 HOT 3
- replace c with rust HOT 5
- Examples of API usage HOT 8
- test-io: test.h:102: test_open: Assertion `*mapp != ((void *) -1)' failed HOT 3
- Priority inheritance (Binder-like) HOT 4
- file descriptor exhaustion attack HOT 5
- State/Status of project now that we have dbus-broker? HOT 4
- a peer context shared by two processes HOT 4
- [Question] Why handles are transitive? HOT 2
- Project no longer builds? HOT 6
- Diagrams on the website
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bus1.