lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240915225111.50645f57.gary@garyguo.net>
Date: Sun, 15 Sep 2024 22:51:11 +0100
From: Gary Guo <gary@...yguo.net>
To: Alice Ryhl <aliceryhl@...gle.com>
Cc: Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>,
 "Serge E. Hallyn" <serge@...lyn.com>, Miguel Ojeda <ojeda@...nel.org>,
 Christian Brauner <brauner@...nel.org>, Alex Gaynor
 <alex.gaynor@...il.com>, Wedson Almeida Filho <wedsonaf@...il.com>, Boqun
 Feng <boqun.feng@...il.com>, "Björn Roy Baron"
 <bjorn3_gh@...tonmail.com>, Benno Lossin <benno.lossin@...ton.me>, Andreas
 Hindborg <a.hindborg@...sung.com>, Peter Zijlstra <peterz@...radead.org>,
 Alexander Viro <viro@...iv.linux.org.uk>, Greg Kroah-Hartman
 <gregkh@...uxfoundation.org>, "Arve Hjønnevåg"
 <arve@...roid.com>, Todd Kjos <tkjos@...roid.com>, Martijn Coenen
 <maco@...roid.com>, Joel Fernandes <joel@...lfernandes.org>, Carlos Llamas
 <cmllamas@...gle.com>, Suren Baghdasaryan <surenb@...gle.com>, Dan Williams
 <dan.j.williams@...el.com>, Matthew Wilcox <willy@...radead.org>, Thomas
 Gleixner <tglx@...utronix.de>, Daniel Xu <dxu@...uu.xyz>, Martin Rodriguez
 Reboredo <yakoyoku@...il.com>, Trevor Gross <tmgross@...ch.edu>,
 linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org,
 rust-for-linux@...r.kernel.org, linux-fsdevel@...r.kernel.org, Kees Cook
 <kees@...nel.org>
Subject: Re: [PATCH v10 3/8] rust: file: add Rust abstraction for `struct
 file`

On Sun, 15 Sep 2024 14:31:29 +0000
Alice Ryhl <aliceryhl@...gle.com> wrote:

> From: Wedson Almeida Filho <wedsonaf@...il.com>
> 
> This abstraction makes it possible to manipulate the open files for a
> process. The new `File` struct wraps the C `struct file`. When accessing
> it using the smart pointer `ARef<File>`, the pointer will own a
> reference count to the file. When accessing it as `&File`, then the
> reference does not own a refcount, but the borrow checker will ensure
> that the reference count does not hit zero while the `&File` is live.
> 
> Since this is intended to manipulate the open files of a process, we
> introduce an `fget` constructor that corresponds to the C `fget`
> method. In future patches, it will become possible to create a new fd in
> a process and bind it to a `File`. Rust Binder will use these to send
> fds from one process to another.
> 
> We also provide a method for accessing the file's flags. Rust Binder
> will use this to access the flags of the Binder fd to check whether the
> non-blocking flag is set, which affects what the Binder ioctl does.
> 
> This introduces a struct for the EBADF error type, rather than just
> using the Error type directly. This has two advantages:
> * `File::fget` returns a `Result<ARef<File>, BadFdError>`, which the
>   compiler will represent as a single pointer, with null being an error.
>   This is possible because the compiler understands that `BadFdError`
>   has only one possible value, and it also understands that the
>   `ARef<File>` smart pointer is guaranteed non-null.
> * Additionally, we promise to users of the method that the method can
>   only fail with EBADF, which means that they can rely on this promise
>   without having to inspect its implementation.
> That said, there are also two disadvantages:
> * Defining additional error types involves boilerplate.
> * The question mark operator will only utilize the `From` trait once,
>   which prevents you from using the question mark operator on
>   `BadFdError` in methods that return some third error type that the
>   kernel `Error` is convertible into. (However, it works fine in methods
>   that return `Error`.)
> 
> Signed-off-by: Wedson Almeida Filho <wedsonaf@...il.com>
> Co-developed-by: Daniel Xu <dxu@...uu.xyz>
> Signed-off-by: Daniel Xu <dxu@...uu.xyz>
> Co-developed-by: Alice Ryhl <aliceryhl@...gle.com>
> Reviewed-by: Benno Lossin <benno.lossin@...ton.me>
> Signed-off-by: Alice Ryhl <aliceryhl@...gle.com>

Reviewed-by: Gary Guo <gary@...yguo.net>

> ---
>  fs/file.c                       |   7 +
>  rust/bindings/bindings_helper.h |   2 +
>  rust/helpers/fs.c               |  12 ++
>  rust/helpers/helpers.c          |   1 +
>  rust/kernel/fs.rs               |   8 +
>  rust/kernel/fs/file.rs          | 375 ++++++++++++++++++++++++++++++++++++++++
>  rust/kernel/lib.rs              |   1 +
>  7 files changed, 406 insertions(+)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ