lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAH5fLggHKuYT+s=tejnF-N63QOwcsAAeWb+LDLe0uO1sT3bdsg@mail.gmail.com>
Date: Fri, 29 Nov 2024 10:39:33 +0100
From: Alice Ryhl <aliceryhl@...gle.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: rust-for-linux@...r.kernel.org, linux-kernel@...r.kernel.org, 
	boqun.feng@...il.com, ojeda@...nel.org, benno.lossin@...ton.me, 
	axboe@...nel.dk, tmgross@...ch.edu, bjorn3_gh@...tonmail.com, 
	gary@...yguo.net, alex.gaynor@...il.com, a.hindborg@...nel.org
Subject: Re: [PATCH 1/2] rust: Zeroable: allow struct update syntax outside
 init macros

On Thu, Nov 28, 2024 at 5:43 PM Paolo Bonzini <pbonzini@...hat.com> wrote:
>
> On 11/28/24 15:40, Alice Ryhl wrote:
> >> The definition of the ZERO constant requires adding a Sized boundary, but
> >> this is not a problem either because neither slices nor trait objects
> >> are zeroable.
> >>
> >> Signed-off-by: Paolo Bonzini <pbonzini@...hat.com>
> >
> > Slices are zeroable. I know they don't implement the trait,
>
> Right, I should have used the uppercase "Zeroable" for clarity.
>
> > but they could implement it, and this could be used to implement e.g.:
> >
> > pub fn write_zero<T: Zeroed + ?Sized>(value: &mut T) {
> >      memset(0, ...);
> > }
>
> Yeah, that would be I think
>
>      pub fn write_zero<T: Zeroable + ?Sized>(value: &mut T) {
>          unsafe {
>             ptr::write_bytes((value as *mut T).cast::<u8>(), 0,
>                              std::mem::size_of_val(value))
>          }
>      }
>
> ?  And it works for both sized values and slices.  If Zeroable is
> limited to sized types, I guess you could still do:
>
>      pub fn write_zero_slice<T: Zeroable>(value: &mut [T]) {
>          ptr::write_bytes(value.as_mut_ptr(), 0, value.len())
>      }
>
> So the question is whether the ZERO constant is worthwhile enough, to
> justify the limitation of the Sized bound (e.g. having separate
> write_zero and write_zero_slice in the future).

Why not both?

If you change the constant to a const fn, then you don't have to rule
out either use-case.

Alice

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ