lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <46A998B0-8101-4F51-91DE-857B237F6CC5@collabora.com>
Date: Fri, 25 Jul 2025 11:12:46 -0300
From: Daniel Almeida <daniel.almeida@...labora.com>
To: Lyude Paul <lyude@...hat.com>
Cc: rust-for-linux@...r.kernel.org,
 Thomas Gleixner <tglx@...utronix.de>,
 Boqun Feng <boqun.feng@...il.com>,
 linux-kernel@...r.kernel.org,
 Andreas Hindborg <a.hindborg@...nel.org>,
 FUJITA Tomonori <fujita.tomonori@...il.com>,
 Frederic Weisbecker <frederic@...nel.org>,
 Anna-Maria Behnsen <anna-maria@...utronix.de>,
 John Stultz <jstultz@...gle.com>,
 Stephen Boyd <sboyd@...nel.org>,
 Miguel Ojeda <ojeda@...nel.org>,
 Alex Gaynor <alex.gaynor@...il.com>,
 Gary Guo <gary@...yguo.net>,
 Björn Roy Baron <bjorn3_gh@...tonmail.com>,
 Benno Lossin <lossin@...nel.org>,
 Alice Ryhl <aliceryhl@...gle.com>,
 Trevor Gross <tmgross@...ch.edu>,
 Danilo Krummrich <dakr@...nel.org>
Subject: Re: [PATCH v6 6/7] rust: time: Add Instant::from_nanos()



> On 24 Jul 2025, at 15:49, Lyude Paul <lyude@...hat.com> wrote:
> 
> For implementing Rust bindings which can return a point in time.
> 
> Signed-off-by: Lyude Paul <lyude@...hat.com>
> 
> ---
> V4:
> * Turn from_nanos() into an unsafe function in order to ensure that we
>  uphold the invariants of Instant
> V5:
> * Add debug_assert!() to from_nanos
> 
> Signed-off-by: Lyude Paul <lyude@...hat.com>
> ---
> rust/kernel/time.rs | 23 +++++++++++++++++++++++
> 1 file changed, 23 insertions(+)
> 
> diff --git a/rust/kernel/time.rs b/rust/kernel/time.rs
> index 64c8dcf548d63..75088d080b834 100644
> --- a/rust/kernel/time.rs
> +++ b/rust/kernel/time.rs
> @@ -200,6 +200,29 @@ pub fn elapsed(&self) -> Delta {
>     pub(crate) fn as_nanos(&self) -> i64 {
>         self.inner
>     }
> +
> +    /// Create an [`Instant`] from a time duration specified in nanoseconds without checking if it
> +    /// is positive.
> +    ///
> +    /// # Panics
> +    ///
> +    /// On debug builds, this function will panic if `nanos` violates our safety contract.
> +    ///
> +    /// # Safety
> +    ///
> +    /// The caller promises that `nanos` is in the range from 0 to `KTIME_MAX`.
> +    #[expect(unused)]
> +    #[inline]
> +    pub(crate) unsafe fn from_nanos(nanos: i64) -> Self {
> +        debug_assert!(nanos >= 0);

Since you’re already checking the lower bound, wouldn’t it make sense to check the upper bound as well? 

> +
> +        // INVARIANT: Our safety contract ensures that `nanos` is in the range from 0 to
> +        // `KTIME_MAX`.
> +        Self {
> +            inner: nanos as bindings::ktime_t,
> +            _c: PhantomData,
> +        }
> +    }
> }
> 
> impl<C: ClockSource> core::ops::Sub for Instant<C> {
> -- 
> 2.50.0
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ