lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 27 Sep 2022 17:22:22 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Miguel Ojeda <ojeda@...nel.org>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        rust-for-linux@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-fsdevel@...r.kernel.org, patches@...ts.linux.dev,
        Jarkko Sakkinen <jarkko@...nel.org>,
        Wedson Almeida Filho <wedsonaf@...gle.com>,
        Alex Gaynor <alex.gaynor@...il.com>,
        Geoffrey Thomas <geofft@...reload.com>,
        Finn Behrens <me@...enk.de>,
        Adam Bratschi-Kaye <ark.email@...il.com>,
        Sven Van Asbroeck <thesven73@...il.com>,
        Gary Guo <gary@...yguo.net>,
        Boris-Chengbiao Zhou <bobo1239@....de>,
        Boqun Feng <boqun.feng@...il.com>,
        Fox Chen <foxhlchen@...il.com>,
        Viktor Garske <viktor@...ar.de>,
        Dariusz Sosnowski <dsosnowski@...snowski.pl>,
        Léo Lanteri Thauvin 
        <leseulartichaut@...il.com>, Niklas Mohrin <dev@...lasmohrin.de>,
        Milan Landaverde <milan@...verde.com>,
        Morgan Bartlett <mjmouse9999@...il.com>,
        Maciej Falkowski <m.falkowski@...sung.com>,
        Nándor István Krácser <bonifaido@...il.com>,
        David Gow <davidgow@...gle.com>,
        John Baublitz <john.m.baublitz@...il.com>,
        Björn Roy Baron <bjorn3_gh@...tonmail.com>
Subject: Re: [PATCH v10 12/27] rust: add `kernel` crate

On Tue, Sep 27, 2022 at 03:14:43PM +0200, Miguel Ojeda wrote:
> +unsafe impl GlobalAlloc for KernelAllocator {
> +    unsafe fn alloc(&self, layout: Layout) -> *mut u8 {
> +        // `krealloc()` is used instead of `kmalloc()` because the latter is
> +        // an inline function and cannot be bound to as a result.
> +        unsafe { bindings::krealloc(ptr::null(), layout.size(), bindings::GFP_KERNEL) as *mut u8 }

This feels "odd" to me.  Why not just use __kmalloc() instead of
krealloc()?  I think that will get you the same kasan tracking, and
should be a tiny bit faster (1-2 less function calls).

I guess it probably doesn't matter right now, just curious, and not a
big deal at all.

Other minor comments:


> +/// Contains the C-compatible error codes.
> +pub mod code {
> +    /// Out of memory.
> +    pub const ENOMEM: super::Error = super::Error(-(crate::bindings::ENOMEM as i32));
> +}

You'll be adding other error values here over time, right?


> +/// A [`Result`] with an [`Error`] error type.
> +///
> +/// To be used as the return type for functions that may fail.
> +///
> +/// # Error codes in C and Rust
> +///
> +/// In C, it is common that functions indicate success or failure through
> +/// their return value; modifying or returning extra data through non-`const`
> +/// pointer parameters. In particular, in the kernel, functions that may fail
> +/// typically return an `int` that represents a generic error code. We model
> +/// those as [`Error`].
> +///
> +/// In Rust, it is idiomatic to model functions that may fail as returning
> +/// a [`Result`]. Since in the kernel many functions return an error code,
> +/// [`Result`] is a type alias for a [`core::result::Result`] that uses
> +/// [`Error`] as its error type.
> +///
> +/// Note that even if a function does not return anything when it succeeds,
> +/// it should still be modeled as returning a `Result` rather than
> +/// just an [`Error`].
> +pub type Result<T = ()> = core::result::Result<T, Error>;

What about functions that do have return functions of:
	>= 0 number of bytes read/written/consumed/whatever
	< 0  error code

Would that use Result or Error as a type?  Or is it best just to not try
to model that mess in Rust calls? :)

> +macro_rules! pr_info (
> +    ($($arg:tt)*) => (
> +        $crate::print_macro!($crate::print::format_strings::INFO, $($arg)*)
> +    )
> +);

In the long run, using "raw" print macros like this is usually not the
thing to do.  Drivers always have a device to reference the message to,
and other things like filesystems and subsystems have a prefix to use as
well.

Hopefully not many will use these as-is and we can wrap them properly
later on.

Then there's the whole dynamic debug stuff, but that's a different
topic.

Anyway, all looks sane to me, sorry for the noise:

Reviewed-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ