lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240516190345.957477-20-amiculas@cisco.com>
Date: Thu, 16 May 2024 22:03:42 +0300
From: Ariel Miculas <amiculas@...co.com>
To: rust-for-linux@...r.kernel.org
Cc: linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        tycho@...ho.pizza, brauner@...nel.org, viro@...iv.linux.org.uk,
        ojeda@...nel.org, alex.gaynor@...il.com, wedsonaf@...il.com,
        shallyn@...co.com, Ariel Miculas <amiculas@...co.com>
Subject: [RFC PATCH v3 19/22] Add borrow_mut implementation to a ForeignOwnable CString

Since the `borrow_mut` function was added to the ForeignOwnable trait,
we need to implement it for each type that implements it.

Signed-off-by: Ariel Miculas <amiculas@...co.com>
---
 rust/kernel/str.rs | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/rust/kernel/str.rs b/rust/kernel/str.rs
index c45612900fe2..b0a35d71bd49 100644
--- a/rust/kernel/str.rs
+++ b/rust/kernel/str.rs
@@ -197,6 +197,25 @@ pub unsafe fn from_char_ptr<'a>(ptr: *const core::ffi::c_char) -> &'a Self {
         unsafe { Self::from_bytes_with_nul_unchecked(bytes) }
     }
 
+    /// Like from_char_ptr, but returns a mutable reference
+    ///
+    /// # Safety
+    ///
+    /// `ptr` must be a valid pointer to a `NUL`-terminated C string, and it must
+    /// last at least `'a`. When `CStr` is alive, the memory pointed by `ptr`
+    /// must not be mutated.
+    #[inline]
+    pub unsafe fn from_char_ptr_mut<'a>(ptr: *const core::ffi::c_char) -> &'a mut Self {
+        // SAFETY: The safety precondition guarantees `ptr` is a valid pointer
+        // to a `NUL`-terminated C string.
+        let len = unsafe { bindings::strlen(ptr) } + 1;
+        // SAFETY: Lifetime guaranteed by the safety precondition.
+        let bytes = unsafe { core::slice::from_raw_parts_mut(ptr as _, len as _) };
+        // SAFETY: As `len` is returned by `strlen`, `bytes` does not contain interior `NUL`.
+        // As we have added 1 to `len`, the last byte is known to be `NUL`.
+        unsafe { Self::from_bytes_with_nul_unchecked_mut(bytes) }
+    }
+
     /// Creates a [`CStr`] from a `[u8]`.
     ///
     /// The provided slice must be `NUL`-terminated, does not contain any
@@ -901,6 +920,7 @@ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
 
 impl ForeignOwnable for CString {
     type Borrowed<'a> = &'a CStr;
+    type BorrowedMut<'a> = &'a mut CStr;
 
     fn into_foreign(self) -> *const core::ffi::c_void {
         Box::into_raw(self.buf) as _
@@ -910,6 +930,10 @@ unsafe fn borrow<'a>(ptr: *const core::ffi::c_void) -> Self::Borrowed<'a> {
         unsafe { CStr::from_char_ptr(ptr.cast::<core::ffi::c_char>()) }
     }
 
+    unsafe fn borrow_mut<'a>(ptr: *const core::ffi::c_void) -> Self::BorrowedMut<'a> {
+        unsafe { CStr::from_char_ptr_mut(ptr.cast::<core::ffi::c_char>()) }
+    }
+
     unsafe fn from_foreign(ptr: *const core::ffi::c_void) -> Self {
         // SAFETY: The safety requirements of this function satisfy those of `Self::borrow`.
         let str = unsafe { Self::borrow(ptr) };
-- 
2.34.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ