| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2b56118d-a0f1-470e-9e36-65811a87a177@gmail.com>
Date: Tue, 8 Oct 2024 14:29:47 +0300
From: Abdiel Janulgue <abdiel.janulgue@...il.com>
To: Boqun Feng <boqun.feng@...il.com>, Alice Ryhl <aliceryhl@...gle.com>
Cc: rust-for-linux@...r.kernel.org, dakr@...hat.com,
linux-kernel@...r.kernel.org, lyude@...hat.com, airlied@...hat.com,
miguel.ojeda.sandonis@...il.com
Subject: Re: [PATCH 1/3] rust: page: replace the page pointer wrapper with
Opaque
On 08/10/2024 10:04, Boqun Feng wrote:
> On Tue, Oct 08, 2024 at 08:58:56AM +0200, Alice Ryhl wrote:
>> On Mon, Oct 7, 2024 at 10:28 PM Abdiel Janulgue
>> <abdiel.janulgue@...il.com> wrote:
>>>
>>> Replace NonNull with Opaque to make it possible to cast to a Page pointer
>>> from a raw struct page pointer.
>>>
>>> Signed-off-by: Abdiel Janulgue <abdiel.janulgue@...il.com>
>>> ---
>>> rust/kernel/page.rs | 19 +++++++++++++------
>>> 1 file changed, 13 insertions(+), 6 deletions(-)
>>>
>>> diff --git a/rust/kernel/page.rs b/rust/kernel/page.rs
>>> index 208a006d587c..08ff09a25223 100644
>>> --- a/rust/kernel/page.rs
>>> +++ b/rust/kernel/page.rs
>>> @@ -8,8 +8,9 @@
>>> error::code::*,
>>> error::Result,
>>> uaccess::UserSliceReader,
>>> + types::Opaque,
>>> };
>>> -use core::ptr::{self, NonNull};
>>> +use core::ptr::{self};
>>>
>>> /// A bitwise shift for the page size.
>>> pub const PAGE_SHIFT: usize = bindings::PAGE_SHIFT as usize;
>>> @@ -25,8 +26,9 @@
>>> /// # Invariants
>>> ///
>>> /// The pointer is valid, and has ownership over the page.
>>> +#[repr(transparent)]
>>> pub struct Page {
>>> - page: NonNull<bindings::page>,
>>> + page: Opaque<bindings::page>,
>>> }
>>>
>>> // SAFETY: Pages have no logic that relies on them staying on a given thread, so moving them across
>>> @@ -65,15 +67,20 @@ pub fn alloc_page(flags: Flags) -> Result<Self, AllocError> {
>>> // SAFETY: Depending on the value of `gfp_flags`, this call may sleep. Other than that, it
>>> // is always safe to call this method.
>>> let page = unsafe { bindings::alloc_pages(flags.as_raw(), 0) };
>>> - let page = NonNull::new(page).ok_or(AllocError)?;
>>> + if page.is_null() {
>>> + return Err(AllocError);
>>> + }
>>> + // CAST: Self` is a `repr(transparent)` wrapper around `bindings::page`.
>>> + let ptr = page.cast::<Self>();
>>> // INVARIANT: We just successfully allocated a page, so we now have ownership of the newly
>>> // allocated page. We transfer that ownership to the new `Page` object.
>>> - Ok(Self { page })
>>> + // SAFETY: According to invariant above ptr is valid.
>>> + Ok(unsafe { ptr::read(ptr) })
>>
>> Using `ptr::read` on the page is definitely not okay. That duplicates
>> the contents of the `struct page`. You'll need some sort of pointer
>> type around `Page` instead.
>>
>
> Agreed. So may I suggest we introduce `Owned` type and `Ownable` trait
> [1]? `alloc_page()` can be refactor to return a `Result<Owned<Self>,
> AllocError>`.
>
> [1]: https://lore.kernel.org/rust-for-linux/ZnCzLIly3DRK2eab@boqun-archlinux/
Thanks for the feedback. How do you propose we move forward, do I take a
stab at implementing `Owned` type and `Ownable` trait?
Regards,
Abdiel
>
> Regards,
> Boqun
>
>> Alice
>
Powered by blists - more mailing lists