lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGSQo02ASwf3Wn21jgB804LMLi3qivhtZuo7SmmD9O4m5O_Qfw@mail.gmail.com>
Date: Fri, 3 Oct 2025 16:12:11 -0700
From: Matthew Maurer <mmaurer@...gle.com>
To: Danilo Krummrich <dakr@...nel.org>
Cc: gregkh@...uxfoundation.org, rafael@...nel.org, ojeda@...nel.org, 
	alex.gaynor@...il.com, boqun.feng@...il.com, gary@...yguo.net, 
	bjorn3_gh@...tonmail.com, lossin@...nel.org, a.hindborg@...nel.org, 
	aliceryhl@...gle.com, tmgross@...ch.edu, rust-for-linux@...r.kernel.org, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 4/7] rust: debugfs: support blobs from smart pointers

On Fri, Oct 3, 2025 at 3:27 PM Danilo Krummrich <dakr@...nel.org> wrote:
>
> Extend Rust debugfs binary support to allow exposing data stored in
> common smart pointers and heap-allocated collections.
>
> - Implement BinaryWriter for Box<T>, Pin<Box<T>>, Arc<T>, and Vec<T>.
> - Introduce BinaryReaderMut for mutable binary access with outer locks.
> - Implement BinaryReaderMut for Box<T>, Vec<T>, and base types.
> - Update BinaryReader to delegate to BinaryReaderMut for Mutex<T>,
>   Box<T>, Pin<Box<T>> and Arc<T>.
>
> This enables debugfs files to directly expose or update data stored
> inside heap-allocated, reference-counted, or lock-protected containers
> without manual dereferencing or locking.
>
> Signed-off-by: Danilo Krummrich <dakr@...nel.org>
> ---
>  rust/kernel/debugfs.rs        |   2 +-
>  rust/kernel/debugfs/traits.rs | 145 +++++++++++++++++++++++++++++++++-
>  2 files changed, 144 insertions(+), 3 deletions(-)
>
> diff --git a/rust/kernel/debugfs.rs b/rust/kernel/debugfs.rs
> index b1a3adca7fd4..3c3bbcc126ef 100644
> --- a/rust/kernel/debugfs.rs
> +++ b/rust/kernel/debugfs.rs
> @@ -21,7 +21,7 @@
>  use core::ops::Deref;
>
>  mod traits;
> -pub use traits::{BinaryReader, BinaryWriter, Reader, Writer};
> +pub use traits::{BinaryReader, BinaryReaderMut, BinaryWriter, Reader, Writer};
>
>  mod callback_adapters;
>  use callback_adapters::{FormatAdapter, NoWriter, WritableAdapter};
> diff --git a/rust/kernel/debugfs/traits.rs b/rust/kernel/debugfs/traits.rs
> index 60a6ee6c6b58..bcd0a9db3cc9 100644
> --- a/rust/kernel/debugfs/traits.rs
> +++ b/rust/kernel/debugfs/traits.rs
> @@ -3,11 +3,14 @@
>
>  //! Traits for rendering or updating values exported to DebugFS.
>
> +use crate::alloc::Allocator;
>  use crate::prelude::*;
> +use crate::sync::Arc;
>  use crate::sync::Mutex;
>  use crate::transmute::{AsBytes, FromBytes};
>  use crate::uaccess::{UserSliceReader, UserSliceWriter};
>  use core::fmt::{self, Debug, Formatter};
> +use core::ops::{Deref, DerefMut};
>  use core::str::FromStr;
>  use core::sync::atomic::{
>      AtomicI16, AtomicI32, AtomicI64, AtomicI8, AtomicIsize, AtomicU16, AtomicU32, AtomicU64,
> @@ -50,12 +53,14 @@ pub trait BinaryWriter {
>      fn write_to_slice(&self, writer: &mut UserSliceWriter, offset: usize) -> Result<usize>;
>  }
>
> +// Base implementation for any `T: AsBytes`.
>  impl<T: AsBytes> BinaryWriter for T {
>      fn write_to_slice(&self, writer: &mut UserSliceWriter, offset: usize) -> Result<usize> {
>          writer.write_slice_partial(self.as_bytes(), offset)
>      }
>  }
>
> +// Delegate for `Mutex<T>`: Support a `T` with an outer mutex.
>  impl<T: BinaryWriter> BinaryWriter for Mutex<T> {
>      fn write_to_slice(&self, writer: &mut UserSliceWriter, offset: usize) -> Result<usize> {
>          let guard = self.lock();
> @@ -64,6 +69,56 @@ fn write_to_slice(&self, writer: &mut UserSliceWriter, offset: usize) -> Result<
>      }
>  }
>
> +// Delegate for `Box<T, A>`: Support a `Box<T, A>` with no lock or an inner lock.
> +impl<T, A> BinaryWriter for Box<T, A>
> +where
> +    T: BinaryWriter,
> +    A: Allocator,
> +{
> +    fn write_to_slice(&self, writer: &mut UserSliceWriter, offset: usize) -> Result<usize> {
> +        self.deref().write_to_slice(writer, offset)
> +    }
> +}
> +
> +// Delegate for `Pin<Box<T, A>>`: Support a `Pin<Box<T, A>>` with no lock or an inner lock.
> +impl<T, A> BinaryWriter for Pin<Box<T, A>>
> +where
> +    T: BinaryWriter,
> +    A: Allocator,
> +{
> +    fn write_to_slice(&self, writer: &mut UserSliceWriter, offset: usize) -> Result<usize> {
> +        self.deref().write_to_slice(writer, offset)
> +    }
> +}
> +
> +// Delegate for `Arc<T>`: Support a `Arc<T>` with no lock or an inner lock.
> +impl<T> BinaryWriter for Arc<T>
> +where
> +    T: BinaryWriter,
> +{
> +    fn write_to_slice(&self, writer: &mut UserSliceWriter, offset: usize) -> Result<usize> {
> +        self.deref().write_to_slice(writer, offset)
> +    }
> +}

For `Box`, `Pin<Box<`, and `Arc`, where the only operation being
performed is to deref, is there a reason that we couldn't have the
`File` object be *inside* the object, thus avoiding any need for
these? I can't see them causing trouble, but

```
Box<File<T>>
Pin<Box<File<T>>>
Arc<File<T>>
```

seem like they'd usually be fine. The one caveat I can think of is
that if you had other functions that wanted to take an `&Arc<T>` for
operations on the Arc, then having an `Arc<File<T>>` would be
suboptimal. Am I missing something?

Depending on the use case I'm missing, would a blanket implementation
for `T: Deref` in this case and `DerefMut` later on make more sense?
That should contract these into a single definition and generalize to
e.g. `ListArc` without further code.

> +
> +// Delegate for `Vec<T, A>`.
> +impl<T, A> BinaryWriter for Vec<T, A>
> +where
> +    T: AsBytes,
> +    A: Allocator,
> +{
> +    fn write_to_slice(&self, writer: &mut UserSliceWriter, offset: usize) -> Result<usize> {
> +        let slice = self.as_slice();
> +
> +        // SAFETY: `T: AsBytes` allows us to treat `&[T]` as `&[u8]`.
> +        let buffer = unsafe {
> +            core::slice::from_raw_parts(slice.as_ptr().cast(), core::mem::size_of_val(slice))
> +        };
> +
> +        writer.write_slice_partial(buffer, offset)
> +    }
> +}
> +
>  /// A trait for types that can be updated from a user slice.
>  ///
>  /// This works similarly to `FromStr`, but operates on a `UserSliceReader` rather than a &str.
> @@ -92,6 +147,70 @@ fn read_from_slice(&self, reader: &mut UserSliceReader) -> Result {
>  }
>
>  /// Trait for types that can be constructed from a binary representation.
> +///
> +/// See also [`BinaryReader`] for interior mutability.
> +pub trait BinaryReaderMut {
> +    /// Reads the binary form of `self` from `reader`.
> +    ///
> +    /// Same as [`BinaryReader::read_from_slice`], but takes a mutable reference.
> +    ///
> +    /// `offset` is the requested offset into the binary representation of `self`.
> +    ///
> +    /// On success, returns the number of bytes read from `reader`.
> +    fn read_from_slice_mut(&mut self, reader: &mut UserSliceReader, offset: usize)
> +        -> Result<usize>;
> +}
> +
> +// Base implementation for any `T: AsBytes + FromBytes`.
> +impl<T: AsBytes + FromBytes> BinaryReaderMut for T {
> +    fn read_from_slice_mut(
> +        &mut self,
> +        reader: &mut UserSliceReader,
> +        offset: usize,
> +    ) -> Result<usize> {
> +        reader.read_slice_partial(self.as_bytes_mut(), offset)
> +    }
> +}
> +
> +// Delegate for `Box<T, A>`: Support a `Box<T, A>` with an outer lock.
> +impl<T: ?Sized + BinaryReaderMut, A: Allocator> BinaryReaderMut for Box<T, A> {
> +    fn read_from_slice_mut(
> +        &mut self,
> +        reader: &mut UserSliceReader,
> +        offset: usize,
> +    ) -> Result<usize> {
> +        self.deref_mut().read_from_slice_mut(reader, offset)
> +    }
> +}
> +
> +// Delegate for `Vec<T, A>`: Support a `Vec<T, A>` with an outer lock.
> +impl<T, A> BinaryReaderMut for Vec<T, A>
> +where
> +    T: AsBytes + FromBytes,
> +    A: Allocator,
> +{
> +    fn read_from_slice_mut(
> +        &mut self,
> +        reader: &mut UserSliceReader,
> +        offset: usize,
> +    ) -> Result<usize> {
> +        let slice = self.as_mut_slice();
> +

Nit: This is safe, but it also requires `FromBytes`, and is &mut, &mut

> +        // SAFETY: `T: AsBytes` allows us to treat `&[T]` as `&[u8]`.
> +        let buffer = unsafe {
> +            core::slice::from_raw_parts_mut(
> +                slice.as_mut_ptr().cast(),
> +                core::mem::size_of_val(slice),
> +            )
> +        };
> +
> +        reader.read_slice_partial(buffer, offset)
> +    }
> +}
> +
> +/// Trait for types that can be constructed from a binary representation.
> +///
> +/// See also [`BinaryReaderMut`] for the mutable version.
>  pub trait BinaryReader {
>      /// Reads the binary form of `self` from `reader`.
>      ///
> @@ -101,11 +220,33 @@ pub trait BinaryReader {
>      fn read_from_slice(&self, reader: &mut UserSliceReader, offset: usize) -> Result<usize>;
>  }
>
> -impl<T: AsBytes + FromBytes> BinaryReader for Mutex<T> {
> +// Delegate for `Mutex<T>`: Support a `T` with an outer `Mutex`.
> +impl<T: BinaryReaderMut> BinaryReader for Mutex<T> {
>      fn read_from_slice(&self, reader: &mut UserSliceReader, offset: usize) -> Result<usize> {
>          let mut this = self.lock();
>
> -        reader.read_slice_partial(this.as_bytes_mut(), offset)
> +        this.read_from_slice_mut(reader, offset)
> +    }
> +}
> +
> +// Delegate for `Box<T, A>`: Support a `Box<T, A>` with an inner lock.
> +impl<T: ?Sized + BinaryReader, A: Allocator> BinaryReader for Box<T, A> {
> +    fn read_from_slice(&self, reader: &mut UserSliceReader, offset: usize) -> Result<usize> {
> +        self.deref().read_from_slice(reader, offset)
> +    }
> +}
> +
> +// Delegate for `Pin<Box<T, A>>`: Support a `Pin<Box<T, A>>` with an inner lock.
> +impl<T: ?Sized + BinaryReader, A: Allocator> BinaryReader for Pin<Box<T, A>> {
> +    fn read_from_slice(&self, reader: &mut UserSliceReader, offset: usize) -> Result<usize> {
> +        self.deref().read_from_slice(reader, offset)
> +    }
> +}
> +
> +// Delegate for `Arc<T>`: Support an `Arc<T>` with an inner lock.
> +impl<T: ?Sized + BinaryReader> BinaryReader for Arc<T> {
> +    fn read_from_slice(&self, reader: &mut UserSliceReader, offset: usize) -> Result<usize> {
> +        self.deref().read_from_slice(reader, offset)
>      }
>  }
>
> --
> 2.51.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ