| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aJviUiNhTwCsMbaX@sidongui-MacBookPro.local> Date: Wed, 13 Aug 2025 09:54:42 +0900 From: Sidong Yang <sidong.yang@...iosa.ai> To: Daniel Almeida <daniel.almeida@...labora.com> Cc: Benno Lossin <lossin@...nel.org>, Caleb Sander Mateos <csander@...estorage.com>, Miguel Ojeda <ojeda@...nel.org>, Arnd Bergmann <arnd@...db.de>, Jens Axboe <axboe@...nel.dk>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, rust-for-linux@...r.kernel.org, linux-kernel@...r.kernel.org, io-uring@...r.kernel.org Subject: Re: [RFC PATCH v2 2/4] rust: io_uring: introduce rust abstraction for io-uring cmd On Tue, Aug 12, 2025 at 11:38:51AM -0300, Daniel Almeida wrote: > > > > On 12 Aug 2025, at 05:34, Benno Lossin <lossin@...nel.org> wrote: > > > > On Mon Aug 11, 2025 at 4:50 PM CEST, Sidong Yang wrote: > >> On Mon, Aug 11, 2025 at 09:44:22AM -0300, Daniel Almeida wrote: > >>>> There is `uring_cmd` callback in `file_operation` at c side. `Pin<&mut IoUringCmd>` > >>>> would be create in the callback function. But the callback function could be > >>>> called repeatedly with same `io_uring_cmd` instance as far as I know. > >>>> > >>>> But in c side, there is initialization step `io_uring_cmd_prep()`. > >>>> How about fill zero pdu in `io_uring_cmd_prep()`? And we could assign a byte > >>>> as flag in pdu for checking initialized also we should provide 31 bytes except > >>>> a byte for the flag. > >>>> > >>> > >>> That was a follow-up question of mine. CanĀ“t we enforce zero-initialization > >>> in C to get rid of this MaybeUninit? Uninitialized data is just bad in general. > >>> > >>> Hopefully this can be done as you've described above, but I don't want to over > >>> extend my opinion on something I know nothing about. > >> > >> I need to add a commit that initialize pdu in prep step in next version. > >> I'd like to get a comment from io_uring maintainer Jens. Thanks. > >> > >> If we could initialize (filling zero) in prep step, How about casting issue? > >> Driver still needs to cast array to its private struct in unsafe? > > > > We still would have the casting issue. > > > > Can't we do the following: > > > > * Add a new associated type to `MiscDevice` called `IoUringPdu` that > > has to implement `Default` and have a size of at most 32 bytes. > > * make `IoUringCmd` generic > > * make `MiscDevice::uring_cmd` take `Pin<&mut IoUringCmd<Self::IoUringPdu>>` > > * initialize the private data to be `IoUringPdu::default()` when we > > create the `IoUringCmd` object. > > * provide a `fn pdu(&mut self) -> &mut Pdu` on `IoUringPdu<Pdu>`. > > > > Any thoughts? If we don't want to add a new associated type to > > `MiscDevice` (because not everyone has to declare the `IoUringCmd` > > data), I have a small trait dance that we can do to avoid that: > > > Benno, > > IIUC, and note that I'm not proficient with io_uring in general: > > I think we have to accept that we will need to parse types from and to byte > arrays, and that is inherently unsafe. It is no different from what is going on > in UserSliceReader/UserSliceWriter, and IMHO, we should copy that in as much as > it makes sense. > > I think that the only difference is that all uAPI types de-facto satisfy all > the requirements for FromBytes/AsBytes, as we've discussed previously, whereas > here, drivers have to prove that their types can implement the trait. > > > By the way, Sidong, is this byte array shared with userspace? i.e.: is there > any copy_to/from_user() taking place here? No. pdu array allocated from kernel. I'll use `core::ptr::copy_nonoverlapping`. Thanks, Sidong > > -- Daniel
Powered by blists - more mailing lists