lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2b56118d-a0f1-470e-9e36-65811a87a177@gmail.com>
Date: Tue, 8 Oct 2024 14:29:47 +0300
From: Abdiel Janulgue <abdiel.janulgue@...il.com>
To: Boqun Feng <boqun.feng@...il.com>, Alice Ryhl <aliceryhl@...gle.com>
Cc: rust-for-linux@...r.kernel.org, dakr@...hat.com,
 linux-kernel@...r.kernel.org, lyude@...hat.com, airlied@...hat.com,
 miguel.ojeda.sandonis@...il.com
Subject: Re: [PATCH 1/3] rust: page: replace the page pointer wrapper with
 Opaque



On 08/10/2024 10:04, Boqun Feng wrote:
> On Tue, Oct 08, 2024 at 08:58:56AM +0200, Alice Ryhl wrote:
>> On Mon, Oct 7, 2024 at 10:28 PM Abdiel Janulgue
>> <abdiel.janulgue@...il.com> wrote:
>>>
>>> Replace NonNull with Opaque to make it possible to cast to a Page pointer
>>> from a raw struct page pointer.
>>>
>>> Signed-off-by: Abdiel Janulgue <abdiel.janulgue@...il.com>
>>> ---
>>>   rust/kernel/page.rs | 19 +++++++++++++------
>>>   1 file changed, 13 insertions(+), 6 deletions(-)
>>>
>>> diff --git a/rust/kernel/page.rs b/rust/kernel/page.rs
>>> index 208a006d587c..08ff09a25223 100644
>>> --- a/rust/kernel/page.rs
>>> +++ b/rust/kernel/page.rs
>>> @@ -8,8 +8,9 @@
>>>       error::code::*,
>>>       error::Result,
>>>       uaccess::UserSliceReader,
>>> +    types::Opaque,
>>>   };
>>> -use core::ptr::{self, NonNull};
>>> +use core::ptr::{self};
>>>
>>>   /// A bitwise shift for the page size.
>>>   pub const PAGE_SHIFT: usize = bindings::PAGE_SHIFT as usize;
>>> @@ -25,8 +26,9 @@
>>>   /// # Invariants
>>>   ///
>>>   /// The pointer is valid, and has ownership over the page.
>>> +#[repr(transparent)]
>>>   pub struct Page {
>>> -    page: NonNull<bindings::page>,
>>> +    page: Opaque<bindings::page>,
>>>   }
>>>
>>>   // SAFETY: Pages have no logic that relies on them staying on a given thread, so moving them across
>>> @@ -65,15 +67,20 @@ pub fn alloc_page(flags: Flags) -> Result<Self, AllocError> {
>>>           // SAFETY: Depending on the value of `gfp_flags`, this call may sleep. Other than that, it
>>>           // is always safe to call this method.
>>>           let page = unsafe { bindings::alloc_pages(flags.as_raw(), 0) };
>>> -        let page = NonNull::new(page).ok_or(AllocError)?;
>>> +        if page.is_null() {
>>> +            return Err(AllocError);
>>> +        }
>>> +        // CAST: Self` is a `repr(transparent)` wrapper around `bindings::page`.
>>> +        let ptr = page.cast::<Self>();
>>>           // INVARIANT: We just successfully allocated a page, so we now have ownership of the newly
>>>           // allocated page. We transfer that ownership to the new `Page` object.
>>> -        Ok(Self { page })
>>> +        // SAFETY: According to invariant above ptr is valid.
>>> +        Ok(unsafe { ptr::read(ptr) })
>>
>> Using `ptr::read` on the page is definitely not okay. That duplicates
>> the contents of the `struct page`. You'll need some sort of pointer
>> type around `Page` instead.
>>
> 
> Agreed. So may I suggest we introduce `Owned` type and `Ownable` trait
> [1]? `alloc_page()` can be refactor to return a `Result<Owned<Self>,
> AllocError>`.
> 
> [1]: https://lore.kernel.org/rust-for-linux/ZnCzLIly3DRK2eab@boqun-archlinux/

Thanks for the feedback. How do you propose we move forward, do I take a 
stab at implementing `Owned` type and `Ownable` trait?

Regards,
Abdiel


> 
> Regards,
> Boqun
> 
>> Alice
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ