| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250618205824.GA1682301@joelnvbox>
Date: Wed, 18 Jun 2025 16:58:24 -0400
From: Joel Fernandes <joelagnelf@...dia.com>
To: Boqun Feng <boqun.feng@...il.com>
Cc: Alexandre Courbot <acourbot@...dia.com>,
Daniel Almeida <daniel.almeida@...labora.com>,
Miguel Ojeda <ojeda@...nel.org>,
Alex Gaynor <alex.gaynor@...il.com>, Gary Guo <gary@...yguo.net>,
Björn Roy Baron <bjorn3_gh@...tonmail.com>,
Benno Lossin <benno.lossin@...ton.me>,
Andreas Hindborg <a.hindborg@...nel.org>,
Alice Ryhl <aliceryhl@...gle.com>, Trevor Gross <tmgross@...ch.edu>,
Danilo Krummrich <dakr@...nel.org>, linux-kernel@...r.kernel.org,
rust-for-linux@...r.kernel.org
Subject: Re: [PATCH v6] rust: kernel: add support for bits/genmask macros
On Sat, Jun 14, 2025 at 09:05:41AM -0700, Boqun Feng wrote:
> On Sat, Jun 14, 2025 at 08:56:36AM -0700, Boqun Feng wrote:
> > On Sat, Jun 14, 2025 at 08:06:04AM -0700, Boqun Feng wrote:
> > > On Sat, Jun 14, 2025 at 10:38:11PM +0900, Alexandre Courbot wrote:
> > > [...]
> > > > > +macro_rules! impl_genmask_fn {
> > > > > + (
> > > > > + $ty:ty, $checked_bit:ident, $bit:ident, $genmask:ident, $genmask_checked:ident, $genmask_unbounded:ident,
> > > > > + $(#[$genmask_ex:meta])*
> > > > > + ) => {
> > > > > + /// Creates a compile-time contiguous bitmask for the given range by
> > > > > + /// validating the range at runtime.
> > > > > + ///
> > > > > + /// Returns [`None`] if the range is invalid, i.e.: if the start is
> > > > > + /// greater than or equal to the end.
> > > > > + #[inline]
> > > > > + pub fn $genmask_checked(range: Range<u32>) -> Option<$ty> {
> > > > > + if range.start >= range.end || range.end > <$ty>::BITS {
> > > > > + return None;
> > > > > + }
> > > >
> > > > From this check I assumed that you interpret `range` as non-inclusive,
> > > > since `range.end == 32` is valid on u32...
> > > >
> > > > > + let high = $checked_bit(range.end)?;
> > > >
> > > > ... however IIUC `checked_bit` will return `None` here in such a case.
> > > > Should the argument be `range.end - 1`?
> > > >
> > > > Your examples do seem to interpret the range as inclusive though, so
> > > > probably the check should be `|| range.end >= <$ty>::BITS`. But that
> > > > triggers the question, is it ok to use `Range` that way, when its
> > > > documentation specifically states that it is bounded exclusively above?
> > > > We could use `RangeInclusive` to match the semantics, which would
> > > > require us to write the ranges as `0..=7`. At least it is clear that the
> > > > upper bound is inclusive.
> > > >
> > > > ... or we make the methods generic against `RangeBounds` and allow both
> > > > `Range` and `RangeInclusive` to be used. But I'm concerned that callers
> > > > might use `0..1` thinking it is inclusive while it is not.
I think if they use 0..1 and consider it as inclusive, then they just need to
learn Rust. If they are writing Rust, then not knowing Rust is going to cause
them issues anyway. ;-)
> > > >
> > >
> > > I think generic over `RangeBounds` is a good idea, and we should
> > > .is_emtpy() or .contains() instead of comparison + boolean operation
> > > when possible. Seems we need a function to check whether one range
I am also of the opinion that RangeBounds is a good idea. I think it may come
down to both classes of devs, those who have used genmask before in C and
expect inclusivity, and those who are using it for the first time in Rust -
the latter may almost always want to use the non-inclusive syntax, no?
thanks,
- Joel
Powered by blists - more mailing lists