lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <DFUH3PDOQCZ2.2QQSIB9IQIFO1@garyguo.net>
Date: Wed, 21 Jan 2026 18:19:34 +0000
From: "Gary Guo" <gary@...yguo.net>
To: "Tamir Duberstein" <tamird@...nel.org>, "Gary Guo" <gary@...yguo.net>
Cc: "Miguel Ojeda" <ojeda@...nel.org>, "Boqun Feng" <boqun.feng@...il.com>,
 Björn Roy Baron <bjorn3_gh@...tonmail.com>, "Benno Lossin"
 <lossin@...nel.org>, "Andreas Hindborg" <a.hindborg@...nel.org>, "Alice
 Ryhl" <aliceryhl@...gle.com>, "Trevor Gross" <tmgross@...ch.edu>, "Danilo
 Krummrich" <dakr@...nel.org>, <rust-for-linux@...r.kernel.org>,
 <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] rust: disallow use of `CStr::as_ptr`

On Wed Jan 21, 2026 at 5:55 PM GMT, Tamir Duberstein wrote:
> On Wed, Jan 21, 2026 at 11:58 AM Gary Guo <gary@...nel.org> wrote:
>>
>> From: Gary Guo <gary@...yguo.net>
>>
>> As kernel always use unsigned char and not the platform ABI's default, an
>> user should always use `as_char_ptr` provided via `CStrExt` instead.
>> Therefore configure `disallow-methods` feature of clippy to catch incorrect
>> usage.
>>
>> Signed-off-by: Gary Guo <gary@...yguo.net>
>> ---
>>  .clippy.toml       | 5 +++++
>>  rust/kernel/str.rs | 2 ++
>>  2 files changed, 7 insertions(+)
>>
>> diff --git a/.clippy.toml b/.clippy.toml
>> index 137f41d203de..fd934bc04242 100644
>> --- a/.clippy.toml
>> +++ b/.clippy.toml
>> @@ -9,3 +9,8 @@ disallowed-macros = [
>>      # it here, see: https://github.com/rust-lang/rust-clippy/issues/11303.
>>      { path = "kernel::dbg", reason = "the `dbg!` macro is intended as a debugging tool", allow-invalid = true },
>>  ]
>> +
>> +[[disallowed-methods]]
>> +path = "core::ffi::CStr::as_ptr"
>> +replacement = "kernel::prelude::CStrExt::as_char_ptr"
>> +reason = "Kernel's `char` is always unsigned. Use `as_char_ptr` instead."
>
> In the disallowed-macros section above we seem to use sentence
> fragments (no capitalization, no trailing period).

Ok.

>
>> diff --git a/rust/kernel/str.rs b/rust/kernel/str.rs
>> index fa87779d2253..08b8e2ebc8ad 100644
>> --- a/rust/kernel/str.rs
>> +++ b/rust/kernel/str.rs
>> @@ -189,6 +189,7 @@ macro_rules! b_str {
>>  //
>>  // - error[E0379]: functions in trait impls cannot be declared const
>>  #[inline]
>> +#[expect(clippy::disallowed_methods, reason = "internal implementation")]
>>  pub const fn as_char_ptr_in_const_context(c_str: &CStr) -> *const c_char {
>>      c_str.as_ptr().cast()
>>  }
>> @@ -334,6 +335,7 @@ unsafe fn from_bytes_with_nul_unchecked_mut(bytes: &mut [u8]) -> &mut Self {
>>      }
>>
>>      #[inline]
>> +    #[expect(clippy::disallowed_methods, reason = "internal implementation")]
>
> Can this be inside the function, on the `as_ptr` call itself?

You cannot apply attributes on expressions (yet). If this is to be moved into
the function, there needs an additional block, which I think is just
unnecessary.

Best,
Gary

>
>>      fn as_char_ptr(&self) -> *const c_char {
>>          self.as_ptr().cast()
>>      }
>>
>> --
>> 2.51.2
>>
>
> Acked-by: Tamir Duberstein <tamird@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ