| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251231-rwonce-v1-3-702a10b85278@google.com>
Date: Wed, 31 Dec 2025 12:22:27 +0000
From: Alice Ryhl <aliceryhl@...gle.com>
To: Boqun Feng <boqun.feng@...il.com>, Will Deacon <will@...nel.org>,
Peter Zijlstra <peterz@...radead.org>
Cc: Richard Henderson <richard.henderson@...aro.org>, Matt Turner <mattst88@...il.com>,
Magnus Lindholm <linmag7@...il.com>, Catalin Marinas <catalin.marinas@....com>,
Miguel Ojeda <ojeda@...nel.org>, Gary Guo <gary@...yguo.net>,
"Björn Roy Baron" <bjorn3_gh@...tonmail.com>, Benno Lossin <lossin@...nel.org>,
Andreas Hindborg <a.hindborg@...nel.org>, Trevor Gross <tmgross@...ch.edu>,
Danilo Krummrich <dakr@...nel.org>, Mark Rutland <mark.rutland@....com>,
FUJITA Tomonori <fujita.tomonori@...il.com>, Frederic Weisbecker <frederic@...nel.org>,
Lyude Paul <lyude@...hat.com>, Thomas Gleixner <tglx@...utronix.de>,
Anna-Maria Behnsen <anna-maria@...utronix.de>, John Stultz <jstultz@...gle.com>,
Stephen Boyd <sboyd@...nel.org>, Alexander Viro <viro@...iv.linux.org.uk>,
Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>, linux-kernel@...r.kernel.org,
linux-alpha@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
rust-for-linux@...r.kernel.org, linux-fsdevel@...r.kernel.org,
Alice Ryhl <aliceryhl@...gle.com>
Subject: [PATCH 3/5] rust: sync: support using bool with READ_ONCE
Normally it is undefined behavior for a bool to take any value other
than 0 or 1. However, in the case of READ_ONCE(some_bool) is used, this
UB seems dangerous and unnecessary. I can easily imagine some Rust code
that looks like this:
if READ_ONCE(&raw const (*my_c_struct).my_bool_field) {
...
}
And by making an analogy to what the equivalent C code is, anyone
writing this probably just meant to treat any non-zero value as true.
For WRITE_ONCE no special logic is required.
Signed-off-by: Alice Ryhl <aliceryhl@...gle.com>
---
rust/kernel/sync/rwonce.rs | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/rust/kernel/sync/rwonce.rs b/rust/kernel/sync/rwonce.rs
index a1660e43c9ef94011812d1816713cf031a73de1d..73477f53131926996614df573b2d50fff98e624f 100644
--- a/rust/kernel/sync/rwonce.rs
+++ b/rust/kernel/sync/rwonce.rs
@@ -163,6 +163,7 @@ unsafe fn write_once(ptr: *mut Self, val: Self) {
// sizes, so picking the wrong helper should lead to a build error.
impl_rw_once_type! {
+ bool, read_once_bool, write_once_1;
u8, read_once_1, write_once_1;
i8, read_once_1, write_once_1;
u16, read_once_2, write_once_2;
@@ -186,3 +187,21 @@ unsafe fn write_once(ptr: *mut Self, val: Self) {
usize, read_once_8, write_once_8;
isize, read_once_8, write_once_8;
}
+
+/// Read an integer as a boolean once.
+///
+/// Returns `true` if the value behind the pointer is non-zero. Otherwise returns `false`.
+///
+/// # Safety
+///
+/// It must be safe to `READ_ONCE` the `ptr` with type `u8`.
+#[inline(always)]
+#[track_caller]
+unsafe fn read_once_bool(ptr: *const bool) -> bool {
+ // Implement `read_once_bool` in terms of `read_once_1`. The arch-specific logic is inside
+ // of `read_once_1`.
+ //
+ // SAFETY: It is safe to `READ_ONCE` the `ptr` with type `u8`.
+ let byte = unsafe { read_once_1(ptr.cast::<u8>()) };
+ byte != 0u8
+}
--
2.52.0.351.gbe84eed79e-goog
Powered by blists - more mailing lists