ivila commented on PR #120: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/120#issuecomment-2559150989
Actually we have done the same thing too, our use case is to build a session pool by using `mobc` or `r2d2`, and both of them require the Session struct type to be `Send + 'static`, currently we use [ouroboros](https://github.com/someguynamedjosh/ouroboros.git) to build a self reference struct (like what @maurer do with self_cell): ```rust #[ouroboros::self_referencing] pub struct Session { ctx: optee_teec::Context, #[borrows(mut ctx)] #[covariant] sess: optee_teec::Session<'this>, } ``` On my opinion, if we want to introduce a `'static Session` officially, we should just stop using crate like ouroboros and self_cell to make a self reference patch, but just introduce a Session struct holding both `optee_utee_sys::Context` and `optee_utee_sys::Session`, rather than using a share Context wrapper with Arc, because it can easily leads to bugs in rust, and currently there is a bug in this PR, it change the declaration of parameter context in Session::new from `&'ctx mut Context` to `&'ctx Context`, which can lead to race condition. Currently implementation of teaclave:  And in this PR, it changes to:  if you move `context.as_mut_raw_ptr()` out of unsafe, rust compiler will give it a compile error, because parameter context is not a mutable borrow. Actually, currently teaclave use a mutable borrow when calling TEEC_OpenSession is a correct way to go, because OP-TEE doesn't promise Context to be concurrent safe when using as parameter of TEEC_OpenSession, so it it required to get a mutable borrow to prevent any other concurrent visit. > PS: in rust, mutable doesn't just meaning a value can be changed, but also preventing concurrency visit, and immutable doesn't mean a value cannot be changed too, if you promise a value must not be visit concurrently(for example, a immutable RWMutex can get its inner value as mutable after lock), you can change it too, that's the point of the memory safe in rust. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
