lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <DD7I3NGT6DHI.114KADERSQ8VG@nvidia.com>
Date: Thu, 02 Oct 2025 12:03:15 +0900
From: "Alexandre Courbot" <acourbot@...dia.com>
To: "Joel Fernandes" <joelagnelf@...dia.com>, "Alexandre Courbot"
 <acourbot@...dia.com>, "Yury Norov" <yury.norov@...il.com>, "Danilo
 Krummrich" <dakr@...nel.org>, "Miguel Ojeda" <ojeda@...nel.org>
Cc: <rust-for-linux@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: Re: [RFC PATCH 0/2] rust: bounded integer types and use in register
 macro

On Thu Oct 2, 2025 at 7:07 AM JST, Joel Fernandes wrote:
> Hi Alex,
>
> Nice!
>
> On 10/1/2025 11:03 AM, Alexandre Courbot wrote:
>> For convenience, this PoC is based on drm-rust-next. If we decide to
>> proceed with it, we would do it after the patchset extracting and moving
>> the bitfield logic [3] lands, as the two would conflict heavily.
>
> I would strongly prefer this as well, to avoid conflicts. On initial look, this
> seems to be in the right direction and solves the pain points we were seeing.
>
> -            .set_sec(if sec { 1 } else { 0 });
> +            .set_sec_bounded(BoundedInt::new(if sec { 1 } else { 0 }));
>
> Here, I would prefer if we did not add _bounded, since the idea is to solve the
> problems in the macro's setters itself (make it infallible, not panicking etc).
> So we can just modify those?

Oh absolutely, the and goal is to replace the existing accessors. For
this RFC I went the lazy way and added new ones, otherwise I would have
had to update more call sites in nova-core.

>
> Also, BoundedInt sounds like a good name to me IMO.
>
> Also, since TryFrom trait is implemented in the first patch, then in nova we can
> just do the following?
>   .set_foo(value.try_into()?);

Yes! That does work indeed and is more concise. And we can also make
things less verbose on the caller side by adding a new generic setter in
the form of:

    fn try_set_field<T: TryInto<BoundedInt<..>>(self, value:T) -> Result

This setter could try to perform the conversion itself and return an
error as needed, and the caller would just need to call e.g.

    .try_set_foo(value)?;

instead of building the BoundedInt themselves.

There are also many other improvements that can be done, like having
fields with a round number of bits be represented by the relevant
primitive directly instead of a BoundedInt, but that will requires some
more macro magic.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ