| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7c4916ff-db34-4c9c-af1c-837c206842aa@nvidia.com> Date: Thu, 23 Oct 2025 17:50:42 -0400 From: Joel Fernandes <joelagnelf@...dia.com> To: Beata Michalska <beata.michalska@....com> Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "rust-for-linux@...r.kernel.org" <rust-for-linux@...r.kernel.org>, "dri-devel@...ts.freedesktop.org" <dri-devel@...ts.freedesktop.org>, "dakr@...nel.org" <dakr@...nel.org>, Alexandre Courbot <acourbot@...dia.com>, Alistair Popple <apopple@...dia.com>, Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>, "bjorn3_gh@...tonmail.com" <bjorn3_gh@...tonmail.com>, Benno Lossin <lossin@...nel.org>, Andreas Hindborg <a.hindborg@...nel.org>, Alice Ryhl <aliceryhl@...gle.com>, Trevor Gross <tmgross@...ch.edu>, David Airlie <airlied@...il.com>, Simona Vetter <simona@...ll.ch>, Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>, Maxime Ripard <mripard@...nel.org>, Thomas Zimmermann <tzimmermann@...e.de>, John Hubbard <jhubbard@...dia.com>, Timur Tabi <ttabi@...dia.com>, "joel@...lfernandes.org" <joel@...lfernandes.org>, Elle Rhumsaa <elle@...thered-steel.dev>, Yury Norov <yury.norov@...il.com>, Daniel Almeida <daniel.almeida@...labora.com>, Andrea Righi <arighi@...dia.com>, "nouveau@...ts.freedesktop.org" <nouveau@...ts.freedesktop.org> Subject: Re: [PATCH v6 4/5] rust: Move register and bitfield macros out of Nova On 10/23/2025 5:47 PM, Joel Fernandes wrote: >>>> Finally, for runtime values such as indexes, it could be useful to verify >>>> once and then allow infallible reads/writes through some kind access token. >>> Why? The verification is already done at compile-time AFAICS. >> Well, that's the point. Those are runtime values, and as of now, the only >> support for those is for arrays of registers when one, when using try_xxx >> methods, ends up with check being performed each time the method is called. >> Ah for this part of your email, you are referring to try accessors. For the > fixed sizes regions at least, to avoid the runtime check, it will be possible to > accept BoundedInt [1] in the future. That type actually came up for the exact > same reason (keeping the checking light). This cleverly moves the checking to > the caller side which could be done in a slow path. If the size of the IO region > is fixed, then you don’t need to use try accessors at all if you use BoundedInt > whenever we have it. To clarify, BoundedInt is supposed to bound the values passed to the APIs, not the address. Perhaps we can add additional types for the offsets as well. thanks, - Joel
Powered by blists - more mailing lists