lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAH5fLgi3B_Wyz2OzBLhHHgWrg7hboyFUcQe-+GUrrvXiX9di=w@mail.gmail.com>
Date: Tue, 10 Jun 2025 16:15:17 +0200
From: Alice Ryhl <aliceryhl@...gle.com>
To: Andreas Hindborg <a.hindborg@...nel.org>
Cc: Benno Lossin <lossin@...nel.org>, Danilo Krummrich <dakr@...nel.org>, Miguel Ojeda <ojeda@...nel.org>, 
	Alex Gaynor <alex.gaynor@...il.com>, Boqun Feng <boqun.feng@...il.com>, 
	Gary Guo <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, 
	Trevor Gross <tmgross@...ch.edu>, Bjorn Helgaas <bhelgaas@...gle.com>, 
	Krzysztof Wilczyński <kwilczynski@...nel.org>, 
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>, "Rafael J. Wysocki" <rafael@...nel.org>, 
	Tamir Duberstein <tamird@...il.com>, Viresh Kumar <viresh.kumar@...aro.org>, 
	rust-for-linux@...r.kernel.org, linux-kernel@...r.kernel.org, 
	linux-pci@...r.kernel.org, Maíra Canal <mcanal@...lia.com>
Subject: Re: [PATCH v2] rust: types: add FOREIGN_ALIGN to ForeignOwnable

On Tue, Jun 10, 2025 at 4:10 PM Andreas Hindborg <a.hindborg@...nel.org> wrote:
>
> "Benno Lossin" <lossin@...nel.org> writes:
>
> > On Tue Jun 10, 2025 at 1:30 PM CEST, Andreas Hindborg wrote:
> >> diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
> >> index 22985b6f6982..0ccef6b5a20a 100644
> >> --- a/rust/kernel/types.rs
> >> +++ b/rust/kernel/types.rs
> >> @@ -21,15 +21,11 @@
> >>  ///
> >>  /// # Safety
> >>  ///
> >> -/// Implementers must ensure that [`into_foreign`] returns a pointer which meets the alignment
> >> -/// requirements of [`PointedTo`].
> >> -///
> >> -/// [`into_foreign`]: Self::into_foreign
> >> -/// [`PointedTo`]: Self::PointedTo
> >> +/// Implementers must ensure that [`Self::into_foreign`] returns pointers aligned to
> >> +/// [`Self::FOREIGN_ALIGN`].
> >>  pub unsafe trait ForeignOwnable: Sized {
> >> -    /// Type used when the value is foreign-owned. In practical terms only defines the alignment of
> >> -    /// the pointer.
> >> -    type PointedTo;
> >> +    /// The alignment of pointers returned by `into_foreign`.
> >> +    const FOREIGN_ALIGN: usize;
> >>
> >>      /// Type used to immutably borrow a value that is currently foreign-owned.
> >>      type Borrowed<'a>;
> >> @@ -39,18 +35,20 @@ pub unsafe trait ForeignOwnable: Sized {
> >>
> >>      /// Converts a Rust-owned object to a foreign-owned one.
> >>      ///
> >> +    /// The foreign representation is a pointer to void. Aside from the guarantees listed below,
> >
> > I feel like this reads better:
> >
> > s/guarantees/ones/
> >
> >> +    /// there are no other guarantees for this pointer. For example, it might be invalid, dangling
> >
> > We should also mention that it could be null. (or is that assumption
> > wrong?)
>
> It is probably not going to be null, but it is allowed to. I can add it.
>
> The list does not claim to be exhaustive, and a null pointer is just a
> special case of an invalid pointer.

We probably should not allow null pointers. If we do, then
try_from_foreign does not make sense.

Alice

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ