On Thu, 25 Jul 2024 at 14:19, Paolo Bonzini <pbonz...@redhat.com> wrote:
>
> On Thu, Jul 25, 2024 at 12:14 PM Manos Pitsidianakis
> <manos.pitsidiana...@linaro.org> wrote:
> > >Unfortunately that's a *mut, not a &mut. A &mut must be unique, so the cast
> > >in pl011_read() is undefined behavior.
> >
> > Actually it's:
> >
> > unsafe { qemu_chr_fe_accept_input(&mut self.char_backend) };
> >
> > And you can ensure there's no disjoint borrowing by making a wrapper
> > function that mutably borrows self, e.g.
> >
> > fn accept_input(&mut self) {
> > unsafe { qemu_chr_fe_accept_input(&mut self.char_backend) };
> > }
> >
> > This is not undefined behavior, since the cast in pl011_read creates a
> > mutable reference that does not outlive the same call to pl011_read.
>
> pl011_receive (called by qemu_chr_fe_accept_input) creates a mutable
> reference that *overlaps* the lifetime of the outer reference created
> by pl011_read. This is undefined behavior. You're effectively writing:
There is no overlap there, sorry. Once qemu_chr_fe_accept_input
returns, any references it created do not exist anymore.
