lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CANiq72kYBvx9Wb-jEGqfUrpbzy8SQvcbjTmAytHZ=2_qx7c1pA@mail.gmail.com>
Date: Sun, 3 Aug 2025 19:44:44 +0200
From: Miguel Ojeda <miguel.ojeda.sandonis@...il.com>
To: Jinheng LI <ahengljh@...il.com>
Cc: ojeda@...nel.org, rust-for-linux@...r.kernel.org, 
	linux-kernel@...r.kernel.org, alex.gaynor@...il.com, gary@...yguo.net, 
	bjorn3_gh@...tonmail.com, lossin@...nel.org, a.hindborg@...nel.org, 
	aliceryhl@...gle.com, tmgross@...ch.edu
Subject: Re: [PATCH] rust: kernel: add missing safety comments

On Sun, Aug 3, 2025 at 7:10 PM Jinheng LI <ahengljh@...il.com> wrote:
>
> From 5cba005b59a032fc80f818b393b7e4c36a460710 Mon Sep 17 00:00:00 2001
> From: Jinheng Li <ahengljh@...il.com>
> Date: Mon, 4 Aug 2025 00:56:11 +0800
> Subject: [PATCH] rust: kernel: add missing safety comments

This is supposed to be used by e.g. Git `send-email` to craft the
email, rather than being sent in the body.

> Add safety documentation for unsafe functions that were missing proper
> SAFETY comments. This improves code maintainability and helps
> developers understand the safety requirements.
>
> - str.rs: Document safety requirements for as_str_unchecked()
> - list.rs: Document safety requirements for remove() method
>
> These functions had TODO markers for safety documentation that are
> now properly filled in with clear explanations of the invariants
> and caller responsibilities.

These paragraphs all sound as if we are documenting the safety
requirements of the outer function. However, `// SAFETY: ...` comments
are meant to explain how we satisfy the safety requirements of the
functions etc. used within the `unsafe` block that follows.

Also, to avoid confusion, we normally use the word "documentation" for
the `///` ones, i.e. things that are meant for users of APIs.

So I think the commit message is a bit confusing.

The contents are also a bit strange, e.g.:

> +        // Since `CStr` is guaranteed to contain no interior null
> bytes (by its invariants),
> +        // and we're excluding the trailing null byte via
> `as_bytes()`, the resulting slice
> +        // is valid for `from_utf8_unchecked`.

`from_utf8_unchecked`'s requirements are just that "The bytes passed
in must be valid UTF-8.". Why does the NUL matter here?

Thanks!

Cheers,
Miguel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ