lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <87ed2z2uqr.fsf@kernel.org>
Date: Mon, 25 Nov 2024 16:33:48 +0100
From: Andreas Hindborg <a.hindborg@...nel.org>
To: "Alice Ryhl" <aliceryhl@...gle.com>
Cc: "Tamir Duberstein" <tamird@...il.com>,  "Danilo Krummrich"
 <dakr@...nel.org>,  "Miguel Ojeda" <ojeda@...nel.org>,  "Alex Gaynor"
 <alex.gaynor@...il.com>,  "Boqun Feng" <boqun.feng@...il.com>,  "Gary Guo"
 <gary@...yguo.net>,  Björn Roy Baron
 <bjorn3_gh@...tonmail.com>,  "Benno
 Lossin" <benno.lossin@...ton.me>,  "Trevor Gross" <tmgross@...ch.edu>,
  Maíra Canal <mcanal@...lia.com>,  "Asahi Lina"
 <lina@...hilina.net>,
  <rust-for-linux@...r.kernel.org>,  <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v10 1/2] rust: types: add `ForeignOwnable::PointedTo`

"Alice Ryhl" <aliceryhl@...gle.com> writes:

> On Wed, Nov 20, 2024 at 12:48 PM Tamir Duberstein <tamird@...il.com> wrote:
>>
>> Allow implementors to specify the foreign pointer type; this exposes
>> information about the pointed-to type such as its alignment.
>>
>> This requires the trait to be `unsafe` since it is now possible for
>> implementors to break soundness by returning a misaligned pointer.
>>
>> Encoding the pointer type in the trait (and avoiding pointer casts)
>> allows the compiler to check that implementors return the correct
>> pointer type. This is preferable to directly encoding the alignment in
>> the trait using a constant as the compiler would be unable to check it.
>>
>> Signed-off-by: Tamir Duberstein <tamird@...il.com>
>
> I'm not super convinced by this way forward. It introduces more casts
> to/from c_void in code using it, and forces us to expose internal
> types such as ArcInner. Does anyone else have thoughts on this?

Erasing the type later rather than sooner seems like the right thing to
do, giving the compiler more options to check things over.

It was not really any significant work to add/remove casts where needed for
`rnull`. Granted, even the downstream driver is quite small, you are
going to spend a bit more time in binder.


Best regards,
Andreas Hindborg

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ