| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 May 2023 12:26:39 +0000
From: Alice Ryhl <aliceryhl@...gle.com>
To: gary@...yguo.net
Cc: alex.gaynor@...il.com, aliceryhl@...gle.com,
benno.lossin@...ton.me, bjorn3_gh@...tonmail.com,
boqun.feng@...il.com, jiangshanlai@...il.com,
linux-kernel@...r.kernel.org, ojeda@...nel.org,
patches@...ts.linux.dev, rust-for-linux@...r.kernel.org,
tj@...nel.org, wedsonaf@...il.com
Subject: Re: [PATCH v1 2/7] rust: add offset_of! macro
Gary Guo <gary@...yguo.net> writes:
> On Wed, 17 May 2023 20:31:14 +0000
> Alice Ryhl <aliceryhl@...gle.com> wrote:
>> +#[macro_export]
>> +macro_rules! offset_of {
>> + ($type:ty, $field:ident) => {{
>> + let tmp = ::core::mem::MaybeUninit::<$type>::uninit();
>> + let outer = tmp.as_ptr();
>> + // To avoid warnings when nesting `unsafe` blocks.
>> + #[allow(unused_unsafe)]
>> + // SAFETY: The pointer is valid and aligned, just not initialised; `addr_of` ensures that
>> + // we don't actually read from `outer` (which would be UB) nor create an intermediate
>> + // reference.
>> + let inner = unsafe { ::core::ptr::addr_of!((*outer).$field) } as *const u8;
>> + // To avoid warnings when nesting `unsafe` blocks.
>> + #[allow(unused_unsafe)]
>> + // SAFETY: The two pointers are within the same allocation block.
>> + unsafe {
>> + inner.offset_from(outer as *const u8) as usize
>> + }
>
> This has no protection against using `Deref`. The memoffset crate has a
>
> let $type { $field: _, .. };
>
> line to ensure that the field is a direct member of type and deref is
> not happening.
Added. I had to change `$type:ty` to `$type:path` to get that to
compile, since otherwise you can't use the token in a pattern. However,
I think it's fine - this is temporary anyway until the standard library
gets the macro.
>> + }};
>> +}
>> diff --git a/scripts/Makefile.build b/scripts/Makefile.build
>> index 9f94fc83f086..ec583d13dde2 100644
>> --- a/scripts/Makefile.build
>> +++ b/scripts/Makefile.build
>> @@ -277,7 +277,7 @@ $(obj)/%.lst: $(src)/%.c FORCE
>> # Compile Rust sources (.rs)
>> # ---------------------------------------------------------------------------
>>
>> -rust_allowed_features := core_ffi_c,explicit_generic_args_with_impl_trait,new_uninit,pin_macro
>> +rust_allowed_features := const_ptr_offset_from,const_refs_to_cell,core_ffi_c,explicit_generic_args_with_impl_trait,new_uninit,pin_macro
>
> Side note: once we bump our compiler to 1.71, we should switch to the
> built-in `offset_of!` macro and get rid of these unstable features.
Agreed. I mentioned that in the commit message.
Alice
Powered by blists - more mailing lists