| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJ-ks9mT7nTv-1yLFuGGgxRY5XhAEC3tyC348MwTSjT2ypJOKg@mail.gmail.com>
Date: Wed, 21 Jan 2026 15:01:51 -0500
From: Tamir Duberstein <tamird@...nel.org>
To: Gary Guo <gary@...yguo.net>
Cc: Miguel Ojeda <ojeda@...nel.org>, Boqun Feng <boqun.feng@...il.com>,
Björn Roy Baron <bjorn3_gh@...tonmail.com>,
Benno Lossin <lossin@...nel.org>, Andreas Hindborg <a.hindborg@...nel.org>,
Alice Ryhl <aliceryhl@...gle.com>, Trevor Gross <tmgross@...ch.edu>,
Danilo Krummrich <dakr@...nel.org>, rust-for-linux@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] rust: disallow use of `CStr::as_ptr`
On Wed, Jan 21, 2026 at 3:01 PM Gary Guo <gary@...yguo.net> wrote:
>
> On Wed Jan 21, 2026 at 7:45 PM GMT, Tamir Duberstein wrote:
> > On Wed, Jan 21, 2026 at 2:38 PM Gary Guo <gary@...yguo.net> wrote:
> >>
> >> On Wed Jan 21, 2026 at 5:55 PM GMT, Tamir Duberstein wrote:
> >> > On Wed, Jan 21, 2026 at 11:58 AM Gary Guo <gary@...nel.org> wrote:
> >> >>
> >> >> From: Gary Guo <gary@...yguo.net>
> >> >>
> >> >> As kernel always use unsigned char and not the platform ABI's default, an
> >> >> user should always use `as_char_ptr` provided via `CStrExt` instead.
> >> >> Therefore configure `disallow-methods` feature of clippy to catch incorrect
> >> >> usage.
> >> >>
> >> >> Signed-off-by: Gary Guo <gary@...yguo.net>
> >> >> ---
> >> >> .clippy.toml | 5 +++++
> >> >> rust/kernel/str.rs | 2 ++
> >> >> 2 files changed, 7 insertions(+)
> >> >>
> >> >> diff --git a/.clippy.toml b/.clippy.toml
> >> >> index 137f41d203de..fd934bc04242 100644
> >> >> --- a/.clippy.toml
> >> >> +++ b/.clippy.toml
> >> >> @@ -9,3 +9,8 @@ disallowed-macros = [
> >> >> # it here, see: https://github.com/rust-lang/rust-clippy/issues/11303.
> >> >> { path = "kernel::dbg", reason = "the `dbg!` macro is intended as a debugging tool", allow-invalid = true },
> >> >> ]
> >> >> +
> >> >> +[[disallowed-methods]]
> >> >> +path = "core::ffi::CStr::as_ptr"
> >> >> +replacement = "kernel::prelude::CStrExt::as_char_ptr"
> >> >> +reason = "Kernel's `char` is always unsigned. Use `as_char_ptr` instead."
> >> >
> >> > In the disallowed-macros section above we seem to use sentence
> >> > fragments (no capitalization, no trailing period).
> >>
> >> Ok.
> >>
> >> >
> >> >> diff --git a/rust/kernel/str.rs b/rust/kernel/str.rs
> >> >> index fa87779d2253..08b8e2ebc8ad 100644
> >> >> --- a/rust/kernel/str.rs
> >> >> +++ b/rust/kernel/str.rs
> >> >> @@ -189,6 +189,7 @@ macro_rules! b_str {
> >> >> //
> >> >> // - error[E0379]: functions in trait impls cannot be declared const
> >> >> #[inline]
> >> >> +#[expect(clippy::disallowed_methods, reason = "internal implementation")]
> >> >> pub const fn as_char_ptr_in_const_context(c_str: &CStr) -> *const c_char {
> >> >> c_str.as_ptr().cast()
> >> >> }
> >> >> @@ -334,6 +335,7 @@ unsafe fn from_bytes_with_nul_unchecked_mut(bytes: &mut [u8]) -> &mut Self {
> >> >> }
> >> >>
> >> >> #[inline]
> >> >> + #[expect(clippy::disallowed_methods, reason = "internal implementation")]
> >> >
> >> > Can this be inside the function, on the `as_ptr` call itself?
> >>
> >> You cannot apply attributes on expressions (yet). If this is to be moved into
> >> the function, there needs an additional block, which I think is just
> >> unnecessary.
> >
> > Thought so. Should we add a TODO that links to the relevant upstream
> > issue, or track it in
> > https://github.com/Rust-for-Linux/linux/issues/2?
>
> I don't think we really this need this.
>
> If Miguel thinks this is useful then he can add it to the tracking issue.
Well, what is "it"? Do you know the upstream issue?
>
> Best,
> Gary
>
> >>
> >> >
> >> >> fn as_char_ptr(&self) -> *const c_char {
> >> >> self.as_ptr().cast()
> >> >> }
> >> >>
> >> >> --
> >> >> 2.51.2
> >> >>
> >> >
> >> > Acked-by: Tamir Duberstein <tamird@...nel.org>
> >>
> >>
>
Powered by blists - more mailing lists