bytedance/monoio

Unsafety of pinned buffer?

alercah opened this issue · 3 comments

According to the docs, the runtime will pin the buffer of an IoBufMut. But doesn't this mean that the impl of AsyncReadRent for [u8; N] is unsound because it returns the buffer by move, which violates the pinning guarantees?

The [u8; N] will be moved to heap when calling IoBufMut. So it is safe to do so.

https://github.com/bytedance/monoio/blob/master/monoio/src/driver/uring/mod.rs#L329

But here you remove the Pin typing from the data with into_inner_unchecked, and then move it out with into_inner:

https://github.com/bytedance/monoio/blob/master/monoio/src/driver/op.rs#L95

This is UB; you can't move the buffer again once it is pinned.

Here maybe the code can be rewritten to Box::into_inner(Pin::into_inner(pinned_data)) because there is a Unpin restriction on T.
But yes, Box by default may cause overhead, I will remove it and let user do this.