| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <D9C5D4EC-FA24-47DB-BE89-609713F093FF@collabora.com>
Date: Wed, 16 Jul 2025 13:52:36 -0300
From: Daniel Almeida <daniel.almeida@...labora.com>
To: Alice Ryhl <aliceryhl@...gle.com>
Cc: Miguel Ojeda <ojeda@...nel.org>,
Alex Gaynor <alex.gaynor@...il.com>,
Boqun Feng <boqun.feng@...il.com>,
Gary Guo <gary@...yguo.net>,
Björn Roy Baron <bjorn3_gh@...tonmail.com>,
Benno Lossin <lossin@...nel.org>,
Andreas Hindborg <a.hindborg@...nel.org>,
Trevor Gross <tmgross@...ch.edu>,
Danilo Krummrich <dakr@...nel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"Rafael J. Wysocki" <rafael@...nel.org>,
linux-kernel@...r.kernel.org,
rust-for-linux@...r.kernel.org,
Fiona Behrens <me@...enk.dev>
Subject: Re: [PATCH v13 1/3] rust: io: add resource abstraction
Hi Alice,
>
>> + let inner = self.0.get();
>> + // SAFETY: safe as per the invariants of `Resource`.
>> + unsafe { (*inner).start }
>> + }
>> +
>> + /// Returns the name of the resource.
>> + pub fn name(&self) -> &'static CStr {
>> + let inner = self.0.get();
>> + // SAFETY: safe as per the invariants of `Resource`
>> + unsafe { CStr::from_char_ptr((*inner).name) }
>
> This is 'static? I would like this safety comment to explicitly say that
> the string always lives forever no matter what resource you call this
> on.
>
> Alice
>
Actually, we have a bit of a problem here.
First, there appears to be no guarantee that a `Resource` has a valid name.
In fact:
#define DEFINE_RES_NAMED(_start, _size, _name, _flags) \
DEFINE_RES_NAMED_DESC(_start, _size, _name, _flags, IORES_DESC_NONE)
#define DEFINE_RES(_start, _size, _flags) \
DEFINE_RES_NAMED(_start, _size, NULL, _flags)
#define DEFINE_RES_IO_NAMED(_start, _size, _name) \
DEFINE_RES_NAMED((_start), (_size), (_name), IORESOURCE_IO)
#define DEFINE_RES_IO(_start, _size) \
DEFINE_RES_IO_NAMED((_start), (_size), NULL)
The non _NAMED version of these macros will assign a NULL pointer, so we can't
derive a CStr from that at all.
On top of that, although some call sites do use static names, i.e.:
struct resource ioport_resource = {
.name = "PCI IO",
.start = 0,
.end = IO_SPACE_LIMIT,
.flags = IORESOURCE_IO,
};
EXPORT_SYMBOL(ioport_resource);
struct resource iomem_resource = {
.name = "PCI mem",
.start = 0,
.end = -1,
.flags = IORESOURCE_MEM,
};
EXPORT_SYMBOL(iomem_resource);
static struct resource busn_resource = {
.name = "PCI busn",
.start = 0,
.end = 255,
.flags = IORESOURCE_BUS,
};
Some appear to use other, smaller lifetimes, like the one below:
struct pnp_resource *pnp_add_resource(struct pnp_dev *dev,
struct resource *res)
{
struct pnp_resource *pnp_res;
pnp_res = pnp_new_resource(dev);
if (!pnp_res) {
dev_err(&dev->dev, "can't add resource %pR\n", res);
return NULL;
}
pnp_res->res = *res;
pnp_res->res.name = dev->name;
I guess the easiest solution is to drop 'static in order to account for the
above, and change the signature to return Option<&CStr> instead.
We can also change Region to own the name, and pass name by value here:
pub fn request_region(
&self,
start: ResourceSize,
size: ResourceSize,
name: &'static CStr <------
Thoughts?
— Daniel
Powered by blists - more mailing lists