lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251208132708.4acbc440.gary@garyguo.net>
Date: Mon, 8 Dec 2025 13:27:08 +0000
From: Gary Guo <gary@...yguo.net>
To: Alexandre Courbot <acourbot@...dia.com>
Cc: Miguel Ojeda <ojeda@...nel.org>, Boqun Feng <boqun.feng@...il.com>,
 Björn Roy Baron <bjorn3_gh@...tonmail.com>, Benno Lossin
 <lossin@...nel.org>, Andreas Hindborg <a.hindborg@...nel.org>, Alice Ryhl
 <aliceryhl@...gle.com>, Trevor Gross <tmgross@...ch.edu>, Danilo Krummrich
 <dakr@...nel.org>, John Hubbard <jhubbard@...dia.com>, Alistair Popple
 <apopple@...dia.com>, Joel Fernandes <joelagnelf@...dia.com>, Timur Tabi
 <ttabi@...dia.com>, Edwin Peer <epeer@...dia.com>,
 <rust-for-linux@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2 1/2] rust: transmute: implement FromBytes and AsBytes
 for ()

On Mon, 08 Dec 2025 18:54:40 +0900
Alexandre Courbot <acourbot@...dia.com> wrote:

> This is useful when using types that may or may not be empty in generic
> code relying on these traits. It is also safe because technically a
> no-op.
> 
> Signed-off-by: Alexandre Courbot <acourbot@...dia.com>
> ---
>  rust/kernel/transmute.rs | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/rust/kernel/transmute.rs b/rust/kernel/transmute.rs
> index be5dbf3829e2..8d78c81e3749 100644
> --- a/rust/kernel/transmute.rs
> +++ b/rust/kernel/transmute.rs
> @@ -170,6 +170,9 @@ macro_rules! impl_frombytes {
>  }
>  
>  impl_frombytes! {
> +    // SAFETY: This type is empty and thus does not consume any data.
> +    (),

I'd avoid use the word "empty" as it has the meaning of uninhabited
types (never type) in type theory. ZSTs that are inhabited are unit
types (or singletons).


Perhaps better to have a justification that applies to all inhabited
ZSTs that don't have special semantics. Something like this?

	// SAFETY: Inhabited ZSTs only have one possible bit pattern.
	(),
	{<T>} PhantomData<T>,

Best,
Gary
	
> +
>      // SAFETY: All bit patterns are acceptable values of the types below.
>      u8, u16, u32, u64, usize,
>      i8, i16, i32, i64, isize,
> @@ -230,6 +233,9 @@ macro_rules! impl_asbytes {
>  }
>  
>  impl_asbytes! {
> +    // SAFETY: This type is empty and thus returns an empty slice.
> +    (),
> +
>      // SAFETY: Instances of the following types have no uninitialized portions.
>      u8, u16, u32, u64, usize,
>      i8, i16, i32, i64, isize,
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ