lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ad10ce1c-c3cb-438e-a0e6-37653eb0a37e@nvidia.com>
Date: Wed, 21 May 2025 11:59:30 -0400
From: Joel Fernandes <joelagnelf@...dia.com>
To: Boqun Feng <boqun.feng@...il.com>, Alexandre Courbot <acourbot@...dia.com>
Cc: Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>,
 Gary Guo <gary@...yguo.net>, Björn Roy Baron
 <bjorn3_gh@...tonmail.com>, Benno Lossin <benno.lossin@...ton.me>,
 Andreas Hindborg <a.hindborg@...nel.org>, Alice Ryhl <aliceryhl@...gle.com>,
 Trevor Gross <tmgross@...ch.edu>, Danilo Krummrich <dakr@...nel.org>,
 David Airlie <airlied@...il.com>, Simona Vetter <simona@...ll.ch>,
 Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
 Maxime Ripard <mripard@...nel.org>, Thomas Zimmermann <tzimmermann@...e.de>,
 John Hubbard <jhubbard@...dia.com>, Ben Skeggs <bskeggs@...dia.com>,
 Timur Tabi <ttabi@...dia.com>, Alistair Popple <apopple@...dia.com>,
 linux-kernel@...r.kernel.org, rust-for-linux@...r.kernel.org,
 nouveau@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org
Subject: Re: [PATCH v4 01/20] rust: dma: expose the count and size of
 CoherentAllocation



On 5/21/2025 11:57 AM, Joel Fernandes wrote:
> 
> 
> On 5/21/2025 8:43 AM, Boqun Feng wrote:
>> On Wed, May 21, 2025 at 03:44:56PM +0900, Alexandre Courbot wrote:
>>> These properties are very useful to have and should be accessible.
>>>
>>> Signed-off-by: Alexandre Courbot <acourbot@...dia.com>
>>> ---
>>>  rust/kernel/dma.rs | 18 ++++++++++++++++++
>>>  1 file changed, 18 insertions(+)
>>>
>>> diff --git a/rust/kernel/dma.rs b/rust/kernel/dma.rs
>>> index 605e01e35715667f93297fd9ec49d8e7032e0910..2a60eefa47dfc1f836c30ee342e26c6ff3e9b13a 100644
>>> --- a/rust/kernel/dma.rs
>>> +++ b/rust/kernel/dma.rs
>>> @@ -129,6 +129,10 @@ pub mod attrs {
>>>  //
>>>  // Hence, find a way to revoke the device resources of a `CoherentAllocation`, but not the
>>>  // entire `CoherentAllocation` including the allocated memory itself.
>>> +//
>>> +// # Invariants
>>> +//
>>> +// The size in bytes of the allocation is equal to `size_of::<T> * count()`.
>>>  pub struct CoherentAllocation<T: AsBytes + FromBytes> {
>>>      dev: ARef<Device>,
>>>      dma_handle: bindings::dma_addr_t,
>>> @@ -201,6 +205,20 @@ pub fn alloc_coherent(
>>>          CoherentAllocation::alloc_attrs(dev, count, gfp_flags, Attrs(0))
>>>      }
>>>  
>>> +    /// Returns the number of elements `T` in this allocation.
>>> +    ///
>>> +    /// Note that this is not the size of the allocation in bytes, which is provided by
>>> +    /// [`Self::size`].
>>> +    pub fn count(&self) -> usize {
>>> +        self.count
>>> +    }
>>> +
>>> +    /// Returns the size in bytes of this allocation.
>>> +    pub fn size(&self) -> usize {
>>> +        // As per the invariants of `CoherentAllocation`.
>>> +        self.count * core::mem::size_of::<T>()
>>
>> I think we need a comment or even an invariant saying this multiply
>> cannot overflow.
>>
> If there is a coding error (say large count passed to alloc_coherent()), then I
> don't think it can guaranteed. Maybe use
> self.count.checked_mul(core::mem::size_of::<T>())?
> 
Nevermind, we already checking for overflow in alloc_coherent():

        let size = count
            .checked_mul(core::mem::size_of::<T>())
            .ok_or(EOVERFLOW)?;

So maybe just a comment suffices, then.

thanks,

 - Joel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ