lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <cgh5cj42vkxc66f2utpa3eznvqaqtdo3gszahfhempujj3kxdc@zaor2sx4cosp>
Date: Fri, 11 Jul 2025 09:22:29 +1000
From: Alistair Popple <apopple@...dia.com>
To: Benno Lossin <lossin@...nel.org>
Cc: rust-for-linux@...r.kernel.org, Danilo Krummrich <dakr@...nel.org>, 
	Bjorn Helgaas <bhelgaas@...gle.com>, Krzysztof Wilczyński <kwilczynski@...nel.org>, 
	Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, 
	Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>, 
	Björn Roy Baron <bjorn3_gh@...tonmail.com>, Andreas Hindborg <a.hindborg@...nel.org>, 
	Alice Ryhl <aliceryhl@...gle.com>, Trevor Gross <tmgross@...ch.edu>, 
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>, "Rafael J. Wysocki" <rafael@...nel.org>, 
	John Hubbard <jhubbard@...dia.com>, Alexandre Courbot <acourbot@...dia.com>, 
	linux-pci@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/2] rust: Update PCI binding safety comments and add
 inline compiler hint

On Thu, Jul 10, 2025 at 10:01:05AM +0200, Benno Lossin wrote:
> On Thu Jul 10, 2025 at 4:24 AM CEST, Alistair Popple wrote:
> > diff --git a/rust/kernel/pci.rs b/rust/kernel/pci.rs
> > index 8435f8132e38..5c35a66a5251 100644
> > --- a/rust/kernel/pci.rs
> > +++ b/rust/kernel/pci.rs
> > @@ -371,14 +371,18 @@ fn as_raw(&self) -> *mut bindings::pci_dev {
> >  
> >  impl Device {
> >      /// Returns the PCI vendor ID.
> > +    #[inline]
> >      pub fn vendor_id(&self) -> u16 {
> > -        // SAFETY: `self.as_raw` is a valid pointer to a `struct pci_dev`.
> > +        // SAFETY: by its type invariant `self.as_raw` is always a valid pointer to a
> 
> s/by its type invariant/by the type invariants of `Self`,/
> s/always//
> 
> Also, which invariant does this refer to? The only one that I can see
> is:
> 
>     /// A [`Device`] instance represents a valid `struct device` created by the C portion of the kernel.

Actually isn't that wrong? Shouldn't that read for "a valid `struct pci_dev`"?

> And this doesn't say anything about the validity of `self.as_raw()`...

Isn't it up to whatever created this pci::Device to ensure the underlying struct
pci_dev remains valid for at least the lifetime of `Self`? Sorry I'm quite new
to Rust (and especially Rust in the kernel), so not sure what the best way to
express that in a SAFETY style comment would be. Are you saying the list of
invariants for pci::Device also needs expanding?

Thanks.

> > +        // `struct pci_dev`.
> >          unsafe { (*self.as_raw()).vendor }
> >      }
> >  
> >      /// Returns the PCI device ID.
> > +    #[inline]
> >      pub fn device_id(&self) -> u16 {
> > -        // SAFETY: `self.as_raw` is a valid pointer to a `struct pci_dev`.
> > +        // SAFETY: by its type invariant `self.as_raw` is always a valid pointer to a
> > +        // `struct pci_dev`.
> 
> Ditto here.
> 
> ---
> Cheers,
> Benno
> 
> >          unsafe { (*self.as_raw()).device }
> >      }
> >  
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ