[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240418-alice-mm-v6-0-cb8f3e5d688f@google.com>
Date: Thu, 18 Apr 2024 08:59:16 +0000
From: Alice Ryhl <aliceryhl@...gle.com>
To: Miguel Ojeda <ojeda@...nel.org>, Matthew Wilcox <willy@...radead.org>,
Al Viro <viro@...iv.linux.org.uk>, Andrew Morton <akpm@...ux-foundation.org>,
Kees Cook <keescook@...omium.org>
Cc: Alex Gaynor <alex.gaynor@...il.com>, Wedson Almeida Filho <wedsonaf@...il.com>,
Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>,
"Björn Roy Baron" <bjorn3_gh@...tonmail.com>, Benno Lossin <benno.lossin@...ton.me>,
Andreas Hindborg <a.hindborg@...sung.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"Arve Hjønnevåg" <arve@...roid.com>, Todd Kjos <tkjos@...roid.com>, Martijn Coenen <maco@...roid.com>,
Joel Fernandes <joel@...lfernandes.org>, Carlos Llamas <cmllamas@...gle.com>,
Suren Baghdasaryan <surenb@...gle.com>, Arnd Bergmann <arnd@...db.de>, Trevor Gross <tmgross@...ch.edu>,
linux-mm@...ck.org, linux-kernel@...r.kernel.org,
rust-for-linux@...r.kernel.org, Alice Ryhl <aliceryhl@...gle.com>,
Christian Brauner <brauner@...nel.org>
Subject: [PATCH v6 0/4] Memory management patches needed by Rust Binder
This patchset contains some abstractions needed by the Rust
implementation of the Binder driver for passing data between userspace,
kernelspace, and directly into other processes.
These abstractions do not exactly match what was included in the Rust
Binder RFC - I have made various improvements and simplifications since
then. Nonetheless, please see the Rust Binder RFC [1] to get an
understanding for how this will be used:
Users of "rust: add userspace pointers"
and "rust: add typed accessors for userspace pointers":
rust_binder: add binderfs support to Rust binder
rust_binder: add threading support
rust_binder: add nodes and context managers
rust_binder: add oneway transactions
rust_binder: add death notifications
rust_binder: send nodes in transactions
rust_binder: add BINDER_TYPE_PTR support
rust_binder: add BINDER_TYPE_FDA support
rust_binder: add process freezing
Users of "rust: add abstraction for `struct page`":
rust_binder: add oneway transactions
rust_binder: add vma shrinker
Links: https://lore.kernel.org/rust-for-linux/20231101-rust-binder-v1-0-08ba9197f637@google.com/ [1]
Signed-off-by: Alice Ryhl <aliceryhl@...gle.com>
---
Changes in v6:
- Base on top of Wedson's Allocation APIs patchset.
- Do not define my own gfp flags, instead use the ones that are now
available in `kernel::alloc`.
- Add gfp flags to `read_all` methods instead of always using
GFP_KERNEL.
- The __GFP_HIGHMEM flag is not provided by the Allocation APIs
patchset, and I do not add it here. I will send a separate patchset
for adding it.
- Use usize instead of void pointer for userspace address.
- Add _raw suffix to `fill_zero` and `copy_from_user_slice`.
- Do not allow interior mutability in AsBytes/FromBytes.
- Doc changes:
- Mention that validity of user slices is checked at read/write time,
not in the constructor of the user slice.
- Mention that methods can also return EFAULT if a bounds check fails.
- Mention that methods may have partially copied data even if they
return EFAULT.
- Add link from `read_raw` to `read_slice`.
- Move comment about initialized memory on `read_raw` to
`# Guarantees` section.
- Add examples for `Page::alloc_page`.
- A previous version renamed UserSlicePtr to UserSlice but forgot to
update that in the commit message. Commit message fixed in this
version.
- Add Reviewed-by tags submitted on v5.
- Link to v5: https://lore.kernel.org/rust-for-linux/20240415-alice-mm-v5-0-6f55e4d8ef51@google.com/
Changes in v5:
- Fix casts in declarations of PAGE_* constants.
- Fix formatting of PAGE_MASK.
- Reformat comments at 100 line length.
- Minor fixes to safety comments of `read_raw` and `write_slice`.
- Link to v4: https://lore.kernel.org/rust-for-linux/20240404-alice-mm-v4-0-49a84242cf02@google.com/
Changes in v4:
- Rephrase when we fail with EFAULT.
- Remove `pub` from examples.
- Use slices for raw uaccess methods.
- Fix PAGE_MASK constant.
- Rephrase most safety comments in Page abstraction.
- Make with_pointer_into_page and with_page_mapped private.
- Explain how raw pointers into pages are used correctly.
- Other minor doc improvements.
- Link to v3: https://lore.kernel.org/rust-for-linux/20240311-alice-mm-v3-0-cdf7b3a2049c@google.com/
Changes in v3:
- Fix bug in read_all.
- Add missing `#include <linux/nospec.h>`.
- Mention that the second patch passes CONFIG_TEST_USER_COPY.
- Add gfp flags for Page.
- Minor documentation adjustments.
- Link to v2: https://lore.kernel.org/rust-for-linux/20240208-alice-mm-v2-0-d821250204a6@google.com/
Changes in v2:
- Rename user_ptr module to uaccess.
- Use srctree-relative links.
- Improve documentation.
- Rename UserSlicePtr to UserSlice.
- Make read_to_end append to the buffer.
- Use named fields for uaccess types.
- Add examples.
- Use _copy_from/to_user to skip check_object_size.
- Rename traits and move to kernel::types.
- Remove PAGE_MASK constant.
- Rename page methods to say _raw.
- Link to v1: https://lore.kernel.org/rust-for-linux/20240124-alice-mm-v1-0-d1abcec83c44@google.com/
---
Alice Ryhl (2):
rust: uaccess: add typed accessors for userspace pointers
rust: add abstraction for `struct page`
Arnd Bergmann (1):
uaccess: always export _copy_[from|to]_user with CONFIG_RUST
Wedson Almeida Filho (1):
rust: uaccess: add userspace pointers
include/linux/uaccess.h | 38 ++--
lib/usercopy.c | 30 +---
rust/bindings/bindings_helper.h | 1 +
rust/helpers.c | 34 ++++
rust/kernel/alloc.rs | 7 +
rust/kernel/lib.rs | 2 +
rust/kernel/page.rs | 250 ++++++++++++++++++++++++++
rust/kernel/types.rs | 64 +++++++
rust/kernel/uaccess.rs | 388 ++++++++++++++++++++++++++++++++++++++++
9 files changed, 774 insertions(+), 40 deletions(-)
---
base-commit: 2c1092853f163762ef0aabc551a630ef233e1be3
change-id: 20231128-alice-mm-bc533456cee8
Best regards,
--
Alice Ryhl <aliceryhl@...gle.com>
Powered by blists - more mailing lists