| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <518143d5-b273-48df-94f0-664116358665@gmail.com>
Date: Sat, 20 Dec 2025 14:26:54 +0100
From: Dirk Behme <dirk.behme@...il.com>
To: Riccardo <riccioadami@...il.com>, rust-for-linux@...r.kernel.org
Cc: linux-kernel@...r.kernel.org
Subject: Re: [PATCH] rust: document safety requirements for fmt::Arguments
dereference
Hi Riccardo,
On 20.12.25 14:00, Riccardo wrote:
> From: Riccardo Adami <riccioadami@...il.com>
If you configure your mail tool to use `Riccardo Adami
<riccioadami@...il.com>` automatically in the `From: ...` (instead
of`Riccardo <riccioadami@...il.com>` which is there at the moment)
there is no need to add this `From: ...` manually here.
> This patch documents the safety requirements for dereferencing
> `fmt::Arguments` in the kernel's `vsnprintf` formatting path. This
> clarifies why it is safe to perform the unsafe dereference in
> `rust_fmt_argument` and helps future maintainers understand the
> invariants, reducing the risk of incorrect modifications.
Empty line between the description and the Signed-off-by please.
> Signed-off-by: Riccardo <riccioadami@...il.com>
Please use your "full" name here. Like you have done in the manually
added `From: ...` above: Riccardo Adami <riccioadami@...il.com>
> ---
If you send newer versions of your patch please use some versioning
v2, v3 etc. This has to go into the subject e.g. `[PATCH v2] ...` and
needs a change log here below the `---` e.g.
v2: Add Signed-off-by ....
Maybe you like to have a look to existing patches like
https://lore.kernel.org/rust-for-linux/20251218-inline-lock-unlock-v2-1-fbadac8bd61b@google.com/
> rust/kernel/print.rs | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/rust/kernel/print.rs b/rust/kernel/print.rs
> index 899bed9c08fd..5f54be97a6a0 100644
> --- a/rust/kernel/print.rs
> +++ b/rust/kernel/print.rs
> @@ -25,10 +25,10 @@
> // SAFETY: The C contract guarantees that `buf` is valid if it's less than `end`.
> let mut w = unsafe { RawFormatter::from_ptrs(buf.cast(), end.cast()) };
> //SAFETY: `ptr` is provided by the kernel formatting path for the `%pA`
> -// specifier during `vsnprintf` processing and always points to a valid
> -// `fmt::Arguments` value created by the caller. The value lives at least
> -// for the duration of this call and is only read here. It is not stored
> -// or accessed after returning, so dereferencing it is safe.
> + // specifier during `vsnprintf` processing and always points to a valid
> + // `fmt::Arguments` value created by the caller. The value lives at least
> + // for the duration of this call and is only read here. It is not stored
> + // or accessed after returning, so dereferencing it is safe.
I have some difficulties matching the description in the commit
message above with this change. For me it looks like you just fix the
indentation but haven't changed anything on the SAFETY comment itself?
Looking at the original file
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/rust/kernel/print.rs?h=v6.19-rc1#n27
I wonder if in the end you want to update the `// SAFETY: TODO.`
there? What would match the commit description? But that isn't done
here. So if this is the case you might want to check if you sent an
intermediate version of you work?
Thanks for working on this!
Dirk
Powered by blists - more mailing lists