lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aB2aAEELa3253nBh@gmail.com>
Date: Fri, 9 May 2025 08:00:32 +0200
From: Ingo Molnar <mingo@...nel.org>
To: Boqun Feng <boqun.feng@...il.com>
Cc: Peter Zijlstra <peterz@...radead.org>, Ingo Molnar <mingo@...hat.com>,
	Juri Lelli <juri.lelli@...hat.com>,
	Vincent Guittot <vincent.guittot@...aro.org>,
	Dietmar Eggemann <dietmar.eggemann@....com>,
	Steven Rostedt <rostedt@...dmis.org>,
	Ben Segall <bsegall@...gle.com>, Mel Gorman <mgorman@...e.de>,
	Valentin Schneider <vschneid@...hat.com>,
	Miguel Ojeda <ojeda@...nel.org>,
	Alex Gaynor <alex.gaynor@...il.com>, Gary Guo <gary@...yguo.net>,
	Björn Roy Baron <bjorn3_gh@...tonmail.com>,
	Benno Lossin <benno.lossin@...ton.me>,
	Andreas Hindborg <a.hindborg@...nel.org>,
	Alice Ryhl <aliceryhl@...gle.com>, Trevor Gross <tmgross@...ch.edu>,
	Danilo Krummrich <dakr@...nel.org>,
	Nathan Chancellor <nathan@...nel.org>,
	Nick Desaulniers <nick.desaulniers+lkml@...il.com>,
	Bill Wendling <morbo@...gle.com>,
	Justin Stitt <justinstitt@...gle.com>,
	FUJITA Tomonori <fujita.tomonori@...il.com>,
	Tamir Duberstein <tamird@...il.com>,
	Kunwu Chan <kunwu.chan@...mail.com>,
	Mitchell Levy <levymitchell0@...il.com>,
	Martin Rodriguez Reboredo <yakoyoku@...il.com>,
	Borys Tyran <borys.tyran@...tonmail.com>,
	Christian Brauner <brauner@...nel.org>,
	Panagiotis Foliadis <pfoliadis@...teo.net>,
	linux-kernel@...r.kernel.org, rust-for-linux@...r.kernel.org,
	llvm@...ts.linux.dev, Daniel Almeida <daniel.almeida@...labora.com>,
	Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH 4/5] sched/core: Add __might_sleep_precision()


* Boqun Feng <boqun.feng@...il.com> wrote:

> From: FUJITA Tomonori <fujita.tomonori@...il.com>
> 
> Add __might_sleep_precision(), Rust friendly version of
> __might_sleep(), which takes a pointer to a string with the length
> instead of a null-terminated string.
> 
> Rust's core::panic::Location::file(), which gives the file name of a
> caller, doesn't provide a null-terminated
> string. __might_sleep_precision() uses a precision specifier in the
> printk format, which specifies the length of a string; a string
> doesn't need to be a null-terminated.
> 
> Modify __might_sleep() to call __might_sleep_precision() but the
> impact should be negligible. When printing the error (sleeping
> function called from invalid context), the precision string format is
> used instead of the simple string format; the precision specifies the
> the maximum length of the displayed string.
> 
> Note that Location::file() providing a null-terminated string for
> better C interoperability is under discussion [1].
> 
> [1]: https://github.com/rust-lang/libs-team/issues/466
> 
> Tested-by: Daniel Almeida <daniel.almeida@...labora.com>
> Reviewed-by: Alice Ryhl <aliceryhl@...gle.com>
> Co-developed-by: Boqun Feng <boqun.feng@...il.com>
> Signed-off-by: Boqun Feng <boqun.feng@...il.com>
> Signed-off-by: FUJITA Tomonori <fujita.tomonori@...il.com>
> Signed-off-by: Boqun Feng <boqun.feng@...il.com>
> Link: https://lore.kernel.org/r/20250410225623.152616-2-fujita.tomonori@gmail.com
> ---
>  include/linux/kernel.h |  2 ++
>  kernel/sched/core.c    | 62 ++++++++++++++++++++++++++++--------------
>  2 files changed, 43 insertions(+), 21 deletions(-)
> 
> diff --git a/include/linux/kernel.h b/include/linux/kernel.h
> index be2e8c0a187e..086ee1dc447e 100644
> --- a/include/linux/kernel.h
> +++ b/include/linux/kernel.h
> @@ -87,6 +87,7 @@ extern int dynamic_might_resched(void);
>  #ifdef CONFIG_DEBUG_ATOMIC_SLEEP
>  extern void __might_resched(const char *file, int line, unsigned int offsets);
>  extern void __might_sleep(const char *file, int line);
> +extern void __might_sleep_precision(const char *file, int len, int line);

Ugh.

Firstly, '_precision' is really ambiguous in this context and suggests 
'precise sleep' or something like that, which this is not about at all. 
So the naming here is all sorts of bad already.

But more importantly, this is really a Rust problem. Does Rust really 
have no NUL-terminated strings? It should hide them in shame and 
construct proper, robust strings, instead of spreading this disease to 
the rest of the kernel, IMHO ...

Rust is supposed to be about increased security, right? How does extra, 
nonsensical complexity for simple concepts such as strings achieve 
that? If the Rust runtime wants to hook into debug facilities of the 
Linux kernel then I have bad news: almost all strings used by kernel 
debugging facilities are NUL-terminated.

So I really don't like this patch. Is there no other way to do this?

Thanks,

	Ingo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ