lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <DAN4IWLJX27C.1TBCMNKRMNH9T@nvidia.com>
Date: Sun, 15 Jun 2025 21:59:39 +0900
From: "Alexandre Courbot" <acourbot@...dia.com>
To: "Boqun Feng" <boqun.feng@...il.com>
Cc: "Daniel Almeida" <daniel.almeida@...labora.com>, "Miguel Ojeda"
 <ojeda@...nel.org>, "Alex Gaynor" <alex.gaynor@...il.com>, "Gary Guo"
 <gary@...yguo.net>, Björn Roy Baron
 <bjorn3_gh@...tonmail.com>, "Benno Lossin" <benno.lossin@...ton.me>,
 "Andreas Hindborg" <a.hindborg@...nel.org>, "Alice Ryhl"
 <aliceryhl@...gle.com>, "Trevor Gross" <tmgross@...ch.edu>, "Danilo
 Krummrich" <dakr@...nel.org>, <linux-kernel@...r.kernel.org>,
 <rust-for-linux@...r.kernel.org>
Subject: Re: [PATCH v6] rust: kernel: add support for bits/genmask macros

On Sun Jun 15, 2025 at 12:06 AM JST, Boqun Feng wrote:
> On Sat, Jun 14, 2025 at 10:38:11PM +0900, Alexandre Courbot wrote:
> [...]
>> > +macro_rules! impl_genmask_fn {
>> > +    (
>> > +        $ty:ty, $checked_bit:ident, $bit:ident, $genmask:ident, $genmask_checked:ident, $genmask_unbounded:ident,
>> > +        $(#[$genmask_ex:meta])*
>> > +    ) => {
>> > +        /// Creates a compile-time contiguous bitmask for the given range by
>> > +        /// validating the range at runtime.
>> > +        ///
>> > +        /// Returns [`None`] if the range is invalid, i.e.: if the start is
>> > +        /// greater than or equal to the end.
>> > +        #[inline]
>> > +        pub fn $genmask_checked(range: Range<u32>) -> Option<$ty> {
>> > +            if range.start >= range.end || range.end > <$ty>::BITS {
>> > +                return None;
>> > +            }
>> 
>> From this check I assumed that you interpret `range` as non-inclusive,
>> since `range.end == 32` is valid on u32...
>> 
>> > +            let high = $checked_bit(range.end)?;
>> 
>> ... however IIUC `checked_bit` will return `None` here in such a case.
>> Should the argument be `range.end - 1`?
>> 
>> Your examples do seem to interpret the range as inclusive though, so
>> probably the check should be `|| range.end >= <$ty>::BITS`. But that
>> triggers the question, is it ok to use `Range` that way, when its
>> documentation specifically states that it is bounded exclusively above?
>> We could use `RangeInclusive` to match the semantics, which would
>> require us to write the ranges as `0..=7`. At least it is clear that the
>> upper bound is inclusive.
>> 
>> ... or we make the methods generic against `RangeBounds` and allow both
>> `Range` and `RangeInclusive` to be used. But I'm concerned that callers
>> might use `0..1` thinking it is inclusive while it is not.
>> 
>
> I think generic over `RangeBounds` is a good idea, and we should
> .is_emtpy() or .contains() instead of comparison + boolean operation
> when possible. Seems we need a function to check whether one range
> contains another range, which is not available currently?
>
> I would not be worried about callers treating `0..1` as inclusive: this
> is a Rust project anyway, we need to learn the correct semantics of
> expressions eventually ;-)

Right, your comment made me realize that my concern could apply to all
uses of the ranges, including the basic and common slice access. So
following the expected semantics and offering the caller the option to
use an inclusive or non-inclusive range through `RangeBounds` indeed
sounds like the way to go.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ