| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aNqlPzZn9jUjSKfE@yury> Date: Mon, 29 Sep 2025 11:26:55 -0400 From: Yury Norov <yury.norov@...il.com> To: Miguel Ojeda <miguel.ojeda.sandonis@...il.com> Cc: Joel Fernandes <joelagnelf@...dia.com>, linux-kernel@...r.kernel.org, rust-for-linux@...r.kernel.org, dri-devel@...ts.freedesktop.org, dakr@...nel.org, acourbot@...dia.com, Alistair Popple <apopple@...dia.com>, Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>, bjorn3_gh@...tonmail.com, Benno Lossin <lossin@...nel.org>, Andreas Hindborg <a.hindborg@...nel.org>, Alice Ryhl <aliceryhl@...gle.com>, Trevor Gross <tmgross@...ch.edu>, David Airlie <airlied@...il.com>, Simona Vetter <simona@...ll.ch>, Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>, Maxime Ripard <mripard@...nel.org>, Thomas Zimmermann <tzimmermann@...e.de>, John Hubbard <jhubbard@...dia.com>, Timur Tabi <ttabi@...dia.com>, joel@...lfernandes.org, Elle Rhumsaa <elle@...thered-steel.dev>, Daniel Almeida <daniel.almeida@...labora.com>, nouveau@...ts.freedesktop.org Subject: Re: [PATCH v4 6/6] rust: bitfield: Use 'as' operator for setter type conversion On Mon, Sep 29, 2025 at 03:59:32PM +0200, Miguel Ojeda wrote: > On Sat, Sep 20, 2025 at 8:23 PM Joel Fernandes <joelagnelf@...dia.com> wrote: > > > > The bitfield macro's setter currently uses the From trait for type > > conversion, which is overly restrictive and prevents use cases such as > > narrowing conversions (e.g., u32 storage size to u8 field size) which > > aren't supported by From. > > Being restrictive is a good thing -- it would be nice to know more > context about this change, like Alexandre points out. > > In particular, the line: > > .set_nibble(0x12345678_u32) // truncated to 0x8 > > sounds fairly alarming, and not what we usually want. Why cannot the > caller cast on their side, if they really want that? It was my suggestion to relax the type requirement. The reasoning is as follows. Consider a bitfield bf with bits 5:3 described as field1. The storage for bf is u8, but the type is u32. This is OK, because storage and representation are simply different matters. And no matter how you declare the field inside the bitfield, you can't prevent overflow followed by silent truncation by just syntax measures. I suggested to relax the requirement that field representation must match (not exceed in fact) storage type, and instead bring explicit check in the setter. With the check, if user tries to overflow the field, we either throw a warning, or panic if hardening is enabled, or do nothing in performance-critical builds. As far as I can say, Joel scheduled this in v5. Thanks, Yury
Powered by blists - more mailing lists