lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251220101401.25361-1-riccioadami@gmail.com>
Date: Sat, 20 Dec 2025 10:14:01 +0000
From: Riccardo <riccioadami@...il.com>
To: rust-for-linux@...r.kernel.org
Cc: linux-kernel@...r.kernel.org,
	Riccardo Adami <riccioadami@...il.com>
Subject: [PATCH] rust: document safety requirements for fmt::Arguments dereference

From: Riccardo Adami <riccioadami@...il.com>

This patch documents the safety requirements for dereferencing
`fmt::Arguments` in the kernel's `vsnprintf` formatting path. This
clarifies why it is safe to perform the unsafe dereference in
`rust_fmt_argument` and helps future maintainers understand the
invariants, reducing the risk of incorrect modifications.

---
 rust/kernel/print.rs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/rust/kernel/print.rs b/rust/kernel/print.rs
index 899bed9c08fd..5f54be97a6a0 100644
--- a/rust/kernel/print.rs
+++ b/rust/kernel/print.rs
@@ -25,10 +25,10 @@
     // SAFETY: The C contract guarantees that `buf` is valid if it's less than `end`.
     let mut w = unsafe { RawFormatter::from_ptrs(buf.cast(), end.cast()) };
     //SAFETY: `ptr` is provided by the kernel formatting path for the `%pA`
-// specifier during `vsnprintf` processing and always points to a valid
-// `fmt::Arguments` value created by the caller. The value lives at least
-// for the duration of this call and is only read here. It is not stored
-// or accessed after returning, so dereferencing it is safe.
+    // specifier during `vsnprintf` processing and always points to a valid
+    // `fmt::Arguments` value created by the caller. The value lives at least
+    // for the duration of this call and is only read here. It is not stored
+    // or accessed after returning, so dereferencing it is safe.
 
     let _ = w.write_fmt(unsafe { *ptr.cast::<fmt::Arguments<'_>>() });
     w.pos().cast()
-- 
2.52.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ