| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <DBXTJQ27RY6K.1R6KUNEXF008N@kernel.org>
Date: Sat, 09 Aug 2025 12:18:49 +0200
From: "Benno Lossin" <lossin@...nel.org>
To: "Sidong Yang" <sidong.yang@...iosa.ai>
Cc: "Daniel Almeida" <daniel.almeida@...labora.com>, "Caleb Sander Mateos"
<csander@...estorage.com>, "Miguel Ojeda" <ojeda@...nel.org>, "Arnd
Bergmann" <arnd@...db.de>, "Jens Axboe" <axboe@...nel.dk>, "Greg
Kroah-Hartman" <gregkh@...uxfoundation.org>,
<rust-for-linux@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
<io-uring@...r.kernel.org>
Subject: Re: [RFC PATCH v2 2/4] rust: io_uring: introduce rust abstraction
for io-uring cmd
On Fri Aug 8, 2025 at 11:43 AM CEST, Sidong Yang wrote:
> On Fri, Aug 08, 2025 at 10:49:14AM +0200, Benno Lossin wrote:
>> On Fri Aug 8, 2025 at 8:56 AM CEST, Sidong Yang wrote:
>> > On Wed, Aug 06, 2025 at 03:38:24PM +0200, Benno Lossin wrote:
>> >> On Wed Aug 6, 2025 at 2:38 PM CEST, Daniel Almeida wrote:
>> >> > Hi Benno,
>> >> >
>> >> >> On 2 Aug 2025, at 07:52, Benno Lossin <lossin@...nel.org> wrote:
>> >> >>
>> >> >> On Fri Aug 1, 2025 at 3:48 PM CEST, Daniel Almeida wrote:
>> >> >>>> On 27 Jul 2025, at 12:03, Sidong Yang <sidong.yang@...iosa.ai> wrote:
>> >> >>>> + #[inline]
>> >> >>>> + pub fn pdu(&mut self) -> &mut MaybeUninit<[u8; 32]> {
>> >> >>>
>> >> >>> Why MaybeUninit? Also, this is a question for others, but I don´t think
>> >> >>> that `u8`s can ever be uninitialized as all byte values are valid for `u8`.
>> >> >>
>> >> >> `u8` can be uninitialized. Uninitialized doesn't just mean "can take any
>> >> >> bit pattern", but also "is known to the compiler as being
>> >> >> uninitialized". The docs of `MaybeUninit` explain it like this:
>> >> >>
>> >> >> Moreover, uninitialized memory is special in that it does not have a
>> >> >> fixed value ("fixed" meaning "it won´t change without being written
>> >> >> to"). Reading the same uninitialized byte multiple times can give
>> >> >> different results.
>> >> >>
>> >> >> But the return type probably should be `&mut [MaybeUninit<u8>; 32]`
>> >> >> instead.
>> >> >
>> >> >
>> >> > Right, but I guess the question then is why would we ever need to use
>> >> > MaybeUninit here anyways.
>> >> >
>> >> > It's a reference to a C array. Just treat that as initialized.
>> >>
>> >> AFAIK C uninitialized memory also is considered uninitialized in Rust.
>> >> So if this array is not properly initialized on the C side, this would
>> >> be the correct type. If it is initialized, then just use `&mut [u8; 32]`.
>> >
>> > pdu field is memory chunk for driver can use it freely. The driver usually
>> > saves a private data and read or modify it on the other context. using
>> > just `&mut [u8;32]` would be simple and easy to use.
>>
>> Private data is usually handled using `ForeignOwnable` in Rust. What
>> kind of data would be stored there? If it's a pointer, then `&mut [u8;
>> 32]` would not be the correct choice.
>
> Most driver uses `io_uring_cmd_to_pdu` macro that casts address of pdu to
> private data type. It seems that all driver use this macro has it's own
> struct type. How about make 2 function for pdu? like store_pdu(), borrow_pdu().
We'd need to ensure that `borrow_pdu` can only be called if `store_pdu`
has been called before. Is there any way we can just ensure that pdu is
always initialized? Like a callback that's called once, before the value
is used at all?
---
Cheers,
Benno
Powered by blists - more mailing lists