| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20241011-rust-char-dev-v1-2-350225ae228b@walterzollerpiano.com>
Date: Fri, 11 Oct 2024 20:55:43 +0200
From: Josef Zoller <josef@...terzollerpiano.com>
To: Arnd Bergmann <arnd@...db.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>
Cc: Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>,
Björn Roy Baron <bjorn3_gh@...tonmail.com>,
Benno Lossin <benno.lossin@...ton.me>,
Andreas Hindborg <a.hindborg@...nel.org>, Alice Ryhl <aliceryhl@...gle.com>,
Trevor Gross <tmgross@...ch.edu>, linux-kernel@...r.kernel.org,
rust-for-linux@...r.kernel.org, Josef Zoller <josef@...terzollerpiano.com>
Subject: [PATCH 2/3] rust: macros: add IoctlCommand derive macro
Provide a macro that derives the `IoctlCommand` trait for simple enums
by converting every variant into a unique command.
The macro can be instructed to use a specific letter or integer as the
code. Each variant is then assigned a consecutive number starting from
0 or a given value. The type of the command, i.e. if it is a read or
write command, is inferred from the variant's associated data: if it
has no data or only an integer, it is neither read nor write, if it has
a UserSliceReader it is a write command, if it has a UserSliceWriter it
is a read command, and if it just has a UserSlice it is a read-write
command. The code and the variant's number and type are then combined
to parse the command from the user-provided cmd and arg values.
Signed-off-by: Josef Zoller <josef@...terzollerpiano.com>
---
rust/kernel/ioctl.rs | 190 ++++++++++++++++++++++++++++++++++++++++++++
rust/kernel/prelude.rs | 2 +-
rust/macros/ioctl_cmd.rs | 202 +++++++++++++++++++++++++++++++++++++++++++++++
rust/macros/lib.rs | 21 +++++
4 files changed, 414 insertions(+), 1 deletion(-)
diff --git a/rust/kernel/ioctl.rs b/rust/kernel/ioctl.rs
index 03359ab28495b94d98d53db2115bbbcc520c18a3..f6af9c10c0b244b8d8183cf70b4ef5ce9233c935 100644
--- a/rust/kernel/ioctl.rs
+++ b/rust/kernel/ioctl.rs
@@ -73,6 +73,22 @@ pub const fn _IOC_SIZE(nr: u32) -> usize {
}
/// Types implementing this trait can be used to parse ioctl commands.
+///
+/// Normally, this trait is derived for a command enum.
+///
+/// # Example
+///
+/// ```
+/// #[derive(IoctlCommand)]
+/// #[ioctl(code = 0x18, start_num = 0)]
+/// enum Command {
+/// NoReadWrite, // No read or write access.
+/// NoReadWriteButTakesArg(u64), // No read or write access, but takes an argument.
+/// ReadOnly(UserSliceWriter), // We write data for the user to read.
+/// WriteOnly(UserSliceReader), // We read data that the user wrote.
+/// WriteAndRead(UserSlice), // We read data from the user and then write data to the user.
+/// }
+/// ```
#[vtable]
pub trait IoctlCommand: Sized + Send + Sync + 'static {
/// The error type returned by the parse functions.
@@ -114,3 +130,177 @@ fn parse(_cmd: ffi::c_uint, _arg: ffi::c_ulong) -> Result<Self> {
Err(ENOTTY)
}
}
+
+/// Support macro for deriving the `IoctlCommand` trait.
+#[doc(hidden)]
+#[macro_export]
+macro_rules! __derive_ioctl_cmd {
+ (parse_input:
+ @enum_name($enum_name:ident),
+ @code($code:literal),
+ @variants(
+ $(
+ @variant($i:literal, $variant:ident, $arg_type:tt),
+ )*
+ )
+ ) => {
+ #[automatically_derived]
+ impl $crate::ioctl::IoctlCommand for $enum_name {
+ type Err = $crate::error::Error;
+
+ const USE_VTABLE_ATTR: () = ();
+
+ const HAS_PARSE: bool = true;
+
+ fn parse(
+ cmd: ::core::ffi::c_uint,
+ arg: ::core::ffi::c_ulong,
+ ) -> ::core::result::Result<Self, Self::Err> {
+ let ty = $crate::ioctl::_IOC_TYPE(cmd) as u8;
+
+ if ty != $code {
+ return Err($crate::error::code::ENOTTY);
+ }
+
+ let nr = $crate::ioctl::_IOC_NR(cmd) as u8;
+ let dir = $crate::ioctl::_IOC_DIR(cmd);
+ let size = $crate::ioctl::_IOC_SIZE(cmd);
+
+ // Make sure we don't get unused parameter warnings
+ let _ = arg;
+
+ match (nr, dir, size) {
+ $(
+ ::kernel::__derive_ioctl_cmd!(
+ match_pattern:
+ @variant($i, $arg_type)
+ ) => ::kernel::__derive_ioctl_cmd!(
+ match_body:
+ @dir(dir),
+ @size(size),
+ @arg(arg),
+ @variant($variant, $arg_type)
+ ),
+ )*
+ _ => Err($crate::error::code::ENOTTY),
+ }
+ }
+ }
+ };
+ (match_pattern:
+ @variant($i:literal, None)
+ ) => {
+ ($i, $crate::uapi::_IOC_NONE, 0)
+ };
+ (match_body:
+ @dir($dir:ident),
+ @size($size:ident),
+ @arg($arg:ident),
+ @variant($variant:ident, None)
+ ) => {
+ Ok(Self::$variant)
+ };
+ (match_pattern:
+ @variant($i:literal, u64)
+ ) => {
+ ($i, $crate::uapi::_IOC_NONE, 0)
+ };
+ (match_body:
+ @dir($dir:ident),
+ @size($size:ident),
+ @arg($arg:ident),
+ @variant($variant:ident, u64)
+ ) => {
+ Ok(Self::$variant($arg))
+ };
+ (match_pattern:
+ @variant($i:literal, UserSliceWriter)
+ ) => {
+ ($i, $crate::uapi::_IOC_READ, _)
+ };
+ (match_body:
+ @dir($dir:ident),
+ @size($size:ident),
+ @arg($arg:ident),
+ @variant($variant:ident, UserSliceWriter)
+ ) => {
+ {
+ let user_writer = $crate::uaccess::UserSlice::new(
+ $arg as $crate::uaccess::UserPtr,
+ $size
+ )
+ .writer();
+
+ Ok(Self::$variant(user_writer))
+ }
+ };
+ (match_pattern:
+ @variant($i:literal, UserSliceReader)
+ ) => {
+ ($i, $crate::uapi::_IOC_WRITE, _)
+ };
+ (match_body:
+ @dir($dir:ident),
+ @size($size:ident),
+ @arg($arg:ident),
+ @variant($variant:ident, UserSliceReader)
+ ) => {
+ {
+ let user_reader = $crate::uaccess::UserSlice::new(
+ $arg as $crate::uaccess::UserPtr,
+ $size
+ )
+ .reader();
+
+ Ok(Self::$variant(user_reader))
+ }
+ };
+ (match_pattern:
+ @variant($i:literal, UserSlice)
+ ) => {
+ ($i, _, _)
+ };
+ (match_body:
+ @dir($dir:ident),
+ @size($size:ident),
+ @arg($arg:ident),
+ @variant($variant:ident, UserSlice)
+ ) => {
+ // Unfortunately, we cannot just do a match guard
+ if $dir != $crate::uapi::_IOC_READ | $crate::uapi::_IOC_WRITE {
+ Err($crate::error::code::ENOTTY)
+ } else {
+ let user_slice = $crate::uaccess::UserSlice::new(
+ $arg as $crate::uaccess::UserPtr,
+ $size
+ );
+
+ Ok(Self::$variant(user_slice))
+ }
+ };
+ (match_pattern:
+ @variant($i:literal, $arg_type:tt)
+ ) => {
+ ($i, _, _)
+ };
+ (match_body:
+ @dir($dir:ident),
+ @size($size:ident),
+ @arg($arg:ident),
+ @variant($variant:ident, $arg_type:tt)
+ ) => {
+ {
+ // We have an unsupported argument type
+ const _: () = ::core::assert!(
+ false,
+ ::core::concat!(
+ "Invalid argument type for ioctl command ",
+ stringify!($variant),
+ ": ",
+ stringify!($arg_type),
+ )
+ );
+ ::core::unreachable!()
+ }
+ };
+}
diff --git a/rust/kernel/prelude.rs b/rust/kernel/prelude.rs
index 4571daec0961bb34fb6956a4e9eda8445954b719..1277d1ec5a476d3e115f6b2ba432b0fbe28941a2 100644
--- a/rust/kernel/prelude.rs
+++ b/rust/kernel/prelude.rs
@@ -20,7 +20,7 @@
pub use alloc::{boxed::Box, vec::Vec};
#[doc(no_inline)]
-pub use macros::{module, pin_data, pinned_drop, vtable, Zeroable};
+pub use macros::{module, pin_data, pinned_drop, vtable, IoctlCommand, Zeroable};
pub use super::build_assert;
diff --git a/rust/macros/ioctl_cmd.rs b/rust/macros/ioctl_cmd.rs
new file mode 100644
index 0000000000000000000000000000000000000000..366a9b1f7ba70ba764b0d78cb32d82125bc7b854
--- /dev/null
+++ b/rust/macros/ioctl_cmd.rs
@@ -0,0 +1,202 @@
+// SPDX-License-Identifier: GPL-2.0
+
+use proc_macro::{token_stream, Delimiter, Literal, TokenStream, TokenTree};
+
+fn expect_punct(input: &mut impl Iterator<Item = TokenTree>, expected: char, reason: &str) {
+ let Some(TokenTree::Punct(punct)) = input.next() else {
+ panic!("expected '{expected}' {reason}");
+ };
+
+ if punct.as_char() != expected {
+ panic!("expected '{expected}' {reason}");
+ }
+}
+
+fn expect_ident(input: &mut impl Iterator<Item = TokenTree>, expected: &str, reason: &str) {
+ let Some(TokenTree::Ident(ident)) = input.next() else {
+ panic!("expected '{expected}' {reason}");
+ };
+
+ if ident.to_string() != expected {
+ panic!("expected '{expected}' {reason}");
+ }
+}
+
+fn expect_group(
+ input: &mut impl Iterator<Item = TokenTree>,
+ expected: Delimiter,
+ reason: &str,
+) -> token_stream::IntoIter {
+ let Some(TokenTree::Group(group)) = input.next() else {
+ panic!("expected group {reason}");
+ };
+
+ if group.delimiter() != expected {
+ panic!("expected group {reason}");
+ }
+
+ group.stream().into_iter()
+}
+
+fn parse_attribute(input: &mut impl Iterator<Item = TokenTree>) -> (u8, u8) {
+ expect_punct(input, '#', "to start attribute");
+
+ let mut stream = expect_group(input, Delimiter::Bracket, "as attribute body");
+
+ expect_ident(&mut stream, "ioctl", "as attribute name");
+
+ let mut inner_stream = expect_group(
+ &mut stream,
+ Delimiter::Parenthesis,
+ "as attribute arguments",
+ );
+
+ expect_ident(&mut inner_stream, "code", "as ioctl attribute field");
+ expect_punct(&mut inner_stream, '=', "in ioctl attribute field");
+
+ let Some(TokenTree::Literal(lit)) = inner_stream.next() else {
+ panic!("expected ioctl attribute code value");
+ };
+
+ let lit_str = lit.to_string();
+ let code = if lit_str.starts_with("b'") {
+ lit_str
+ .chars()
+ .nth(2)
+ .expect("expected ioctl attribute code value") as u8
+ } else if let Some(hex) = lit_str.strip_prefix("0x") {
+ u8::from_str_radix(hex, 16).expect("expected ioctl attribute code value")
+ } else {
+ lit_str
+ .parse()
+ .expect("expected ioctl attribute code value")
+ };
+
+ let start_num = if let Some(tree) = inner_stream.next() {
+ if !matches!(tree, TokenTree::Punct(punct) if punct.as_char() == ',') {
+ panic!("expected ioctl attribute comma");
+ }
+
+ expect_ident(&mut inner_stream, "start_num", "as ioctl attribute field");
+ expect_punct(&mut inner_stream, '=', "in ioctl attribute field");
+
+ let Some(TokenTree::Literal(lit)) = inner_stream.next() else {
+ panic!("expected ioctl attribute start number value");
+ };
+
+ lit.to_string()
+ .parse()
+ .expect("expected ioctl attribute start number value")
+ } else {
+ 0
+ };
+
+ assert!(
+ inner_stream.next().is_none(),
+ "unexpected token in ioctl attribute"
+ );
+ assert!(
+ stream.next().is_none(),
+ "unexpected token in ioctl attribute"
+ );
+
+ (code, start_num)
+}
+
+fn parse_enum_def(input: &mut impl Iterator<Item = TokenTree>) -> TokenTree {
+ expect_ident(input, "enum", "to start enum definition");
+
+ let Some(ident @ TokenTree::Ident(_)) = input.next() else {
+ panic!("expected enum name");
+ };
+
+ ident
+}
+
+fn parse_enum_body(
+ input: &mut impl Iterator<Item = TokenTree>,
+) -> Vec<(TokenTree, Option<TokenTree>)> {
+ let mut stream = expect_group(input, Delimiter::Brace, "as enum body").peekable();
+
+ let mut variants = Vec::new();
+
+ while let Some(variant) = stream.next_if(|t| matches!(t, TokenTree::Ident(_))) {
+ let arg_type = if let Some(TokenTree::Group(group)) =
+ stream.next_if(|t| matches!(t, TokenTree::Group(_)))
+ {
+ if group.delimiter() != Delimiter::Parenthesis {
+ panic!("expected group");
+ }
+
+ let mut inner_stream = group.stream().into_iter();
+
+ let arg_type = if let Some(ident @ TokenTree::Ident(_)) = inner_stream.next() {
+ ident
+ } else {
+ panic!("expected argument type")
+ };
+
+ assert!(
+ inner_stream.next().is_none(),
+ "unexpected token in enum variant"
+ );
+
+ Some(arg_type)
+ } else {
+ None
+ };
+
+ variants.push((variant, arg_type));
+
+ if stream
+ .next_if(|t| matches!(t, TokenTree::Punct(punct) if punct.as_char() == ','))
+ .is_none()
+ {
+ break;
+ }
+ }
+
+ assert!(stream.next().is_none(), "unexpected token in enum body");
+
+ variants
+}
+
+pub(crate) fn derive(input: TokenStream) -> TokenStream {
+ let mut input = input.into_iter();
+
+ let (code, start_num) = parse_attribute(&mut input);
+ let enum_name = parse_enum_def(&mut input);
+ let variants = parse_enum_body(&mut input);
+
+ assert!(input.next().is_none(), "unexpected token in ioctl_cmd");
+
+ let code = TokenTree::from(Literal::u8_suffixed(code));
+
+ let variants = variants
+ .into_iter()
+ .enumerate()
+ .map(|(i, (variant, arg_type))| {
+ let i = i as u8 + start_num;
+
+ let i = TokenTree::from(Literal::u8_suffixed(i));
+
+ if let Some(arg_type) = arg_type {
+ quote! {
+ @variant(#i, #variant, #arg_type),
+ }
+ } else {
+ quote! {
+ @variant(#i, #variant, None),
+ }
+ }
+ });
+
+ quote! {
+ ::kernel::__derive_ioctl_cmd!(
+ parse_input:
+ @enum_name(#enum_name),
+ @code(#code),
+ @variants(#(#variants)*)
+ );
+ }
+}
diff --git a/rust/macros/lib.rs b/rust/macros/lib.rs
index a626b1145e5c4ff00692e9d4e11fdb93500db1a8..5a33ed69b5b0b64f6720fb54e18056af9b2f7a00 100644
--- a/rust/macros/lib.rs
+++ b/rust/macros/lib.rs
@@ -10,6 +10,7 @@
mod quote;
mod concat_idents;
mod helpers;
+mod ioctl_cmd;
mod module;
mod paste;
mod pin_data;
@@ -412,6 +413,26 @@ pub fn paste(input: TokenStream) -> TokenStream {
tokens.into_iter().collect()
}
+/// Derives the [`IoctlCommand`] trait for the given enum.
+///
+/// # Example
+///
+/// ```
+/// #[derive(IoctlCommand)]
+/// #[ioctl(code = 0x18, start_num = 0)]
+/// enum Command {
+/// NoReadWrite, // No read or write access.
+/// NoReadWriteButTakesArg(u64), // No read or write access, but takes an argument.
+/// ReadOnly(UserSliceWriter), // We write data for the user to read.
+/// WriteOnly(UserSliceReader), // We read data that the user wrote.
+/// WriteAndRead(UserSlice), // We read data from the user and then write data to the user.
+/// }
+/// ```
+#[proc_macro_derive(IoctlCommand, attributes(ioctl))]
+pub fn derive_ioctl_cmd(input: TokenStream) -> TokenStream {
+ ioctl_cmd::derive(input)
+}
+
/// Derives the [`Zeroable`] trait for the given struct.
///
/// This can only be used for structs where every field implements the [`Zeroable`] trait.
--
2.47.0
Powered by blists - more mailing lists