lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAJ-ks9nusk9GAy5myshNVg+w1w_J-awBZqPVupmpjjwuc1Eo-w@mail.gmail.com>
Date: Mon, 25 Nov 2024 09:52:00 -0500
From: Tamir Duberstein <tamird@...il.com>
To: Alice Ryhl <aliceryhl@...gle.com>
Cc: Danilo Krummrich <dakr@...nel.org>, Miguel Ojeda <ojeda@...nel.org>, 
	Alex Gaynor <alex.gaynor@...il.com>, Boqun Feng <boqun.feng@...il.com>, 
	Gary Guo <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, 
	Benno Lossin <benno.lossin@...ton.me>, Andreas Hindborg <a.hindborg@...nel.org>, 
	Trevor Gross <tmgross@...ch.edu>, Maíra Canal <mcanal@...lia.com>, 
	Asahi Lina <lina@...hilina.net>, rust-for-linux@...r.kernel.org, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v10 1/2] rust: types: add `ForeignOwnable::PointedTo`

On Mon, Nov 25, 2024 at 9:49 AM Alice Ryhl <aliceryhl@...gle.com> wrote:
>
> On Wed, Nov 20, 2024 at 12:48 PM Tamir Duberstein <tamird@...il.com> wrote:
> >
> > Allow implementors to specify the foreign pointer type; this exposes
> > information about the pointed-to type such as its alignment.
> >
> > This requires the trait to be `unsafe` since it is now possible for
> > implementors to break soundness by returning a misaligned pointer.
> >
> > Encoding the pointer type in the trait (and avoiding pointer casts)
> > allows the compiler to check that implementors return the correct
> > pointer type. This is preferable to directly encoding the alignment in
> > the trait using a constant as the compiler would be unable to check it.
> >
> > Signed-off-by: Tamir Duberstein <tamird@...il.com>
>
> I'm not super convinced by this way forward. It introduces more casts
> to/from c_void in code using it, and forces us to expose internal
> types such as ArcInner. Does anyone else have thoughts on this?

It's certainly a trade-off. The alternative (something like exposing
`const ALIGNMENT: usize`) would nullify the compiler's ability to
check implementations.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ