| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <29a1e16a-e50b-4d69-a6fd-41d11ca9e393@nvidia.com>
Date: Thu, 22 Jan 2026 16:17:55 -0500
From: Joel Fernandes <joelagnelf@...dia.com>
To: Zhi Wang <zhiw@...dia.com>
Cc: rust-for-linux@...r.kernel.org, linux-pci@...r.kernel.org,
linux-kernel@...r.kernel.org, dakr@...nel.org, aliceryhl@...gle.com,
jgg@...dia.com
Subject: Re: [PATCH v2 1/2] rust: introduce abstractions for fwctl
On Thu, Jan 22, 2026 at 10:42:30PM +0200, Zhi Wang wrote:
> + /// Called when a userspace RPC request is received.
> + fn fw_rpc(
> + uctx: &mut UserCtx<Self::UserCtx>,
> + scope: u32,
> + rpc_in: &mut [u8],
> + out_len: *mut usize,
> + ) -> Result<Option<KVec<u8>>, Error>;
Exposing a raw pointer in the trait API means drivers that want to "reuse input
buffer" need to write unsafe code right?
unsafe { *out_len = ... };
I believe the unsafe code should be confined to the abstraction layer instead,
not in the driver.
How about using using an enum return type instead to properly wrap inplace
versus driver allocated outputs?
pub enum RpcOutput {
Allocated(KVec<u8>),
InPlace(usize),
}
fn fw_rpc(
uctx: &mut UserCtx<Self::UserCtx>,
scope: u32,
rpc_in: &mut [u8],
) -> Result<RpcOutput, Error>;
Then the abstraction handles the pointer write:
match T::fw_rpc(ctx, scope, rpc_in_slice) {
Ok(RpcOutput::Allocated(kvec)) => {
...
}
Ok(RpcOutput::InPlace(len)) => {
unsafe { *out_len = len };
...
}
}
fw_rpc() as a bonus also gets 1 less function parameter and cleaner return
signature.
--
Joel Fernandes
Powered by blists - more mailing lists