lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <DDPMUZAEIEBR.ORPLOPEERGNB@kernel.org>
Date: Thu, 23 Oct 2025 12:35:00 +0200
From: "Danilo Krummrich" <dakr@...nel.org>
To: "Alice Ryhl" <aliceryhl@...gle.com>
Cc: <gregkh@...uxfoundation.org>, <rafael@...nel.org>, <ojeda@...nel.org>,
 <alex.gaynor@...il.com>, <boqun.feng@...il.com>, <gary@...yguo.net>,
 <bjorn3_gh@...tonmail.com>, <lossin@...nel.org>, <a.hindborg@...nel.org>,
 <tmgross@...ch.edu>, <mmaurer@...gle.com>,
 <rust-for-linux@...r.kernel.org>, <linux-fsdevel@...r.kernel.org>,
 <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v3 05/10] rust: uaccess: add
 UserSliceWriter::write_slice_file()

On Thu Oct 23, 2025 at 10:30 AM CEST, Alice Ryhl wrote:
> On Wed, Oct 22, 2025 at 04:30:39PM +0200, Danilo Krummrich wrote:
>> Add UserSliceWriter::write_slice_file(), which is the same as
>> UserSliceWriter::write_slice_partial() but updates the given
>> file::Offset by the number of bytes written.
>> 
>> This is equivalent to C's `simple_read_from_buffer()` and useful when
>> dealing with file offsets from file operations.
>> 
>> Signed-off-by: Danilo Krummrich <dakr@...nel.org>
>> ---
>>  rust/kernel/uaccess.rs | 24 ++++++++++++++++++++++++
>>  1 file changed, 24 insertions(+)
>> 
>> diff --git a/rust/kernel/uaccess.rs b/rust/kernel/uaccess.rs
>> index 539e77a09cbc..20ea31781efb 100644
>> --- a/rust/kernel/uaccess.rs
>> +++ b/rust/kernel/uaccess.rs
>> @@ -495,6 +495,30 @@ pub fn write_slice_partial(&mut self, data: &[u8], offset: usize) -> Result<usiz
>>              .map_or(Ok(0), |src| self.write_slice(src).map(|()| src.len()))
>>      }
>>  
>> +    /// Writes raw data to this user pointer from a kernel buffer partially.
>> +    ///
>> +    /// This is the same as [`Self::write_slice_partial`] but updates the given [`file::Offset`] by
>> +    /// the number of bytes written.
>> +    ///
>> +    /// This is equivalent to C's `simple_read_from_buffer()`.
>> +    ///
>> +    /// On success, returns the number of bytes written.
>> +    pub fn write_slice_file(&mut self, data: &[u8], offset: &mut file::Offset) -> Result<usize> {
>> +        if offset.is_negative() {
>> +            return Err(EINVAL);
>> +        }
>> +
>> +        let Ok(offset_index) = (*offset).try_into() else {
>> +            return Ok(0);
>> +        };
>> +
>> +        let written = self.write_slice_partial(data, offset_index)?;
>> +
>> +        *offset = offset.saturating_add_usize(written);
>
> This addition should never overflow:

It probably never will (which is why this was a + operation in v1).

> 	offset + written <= data.len() <= isize::MAX <= Offset::MAX

However, this would rely on implementation details you listed, i.e. the
invariant that a slice length should be at most isize::MAX and what's the
maximum size of file::Offset::MAX.

Even though I don't expect any of the above to change any time soon
saturating_add_usize() seems reasonable to me.

> I can't help but think that maybe this should be a + operation instead?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ