lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260126215957.541180-2-zhiw@nvidia.com>
Date: Mon, 26 Jan 2026 23:59:56 +0200
From: Zhi Wang <zhiw@...dia.com>
To: <rust-for-linux@...r.kernel.org>, <linux-pci@...r.kernel.org>,
	<linux-kernel@...r.kernel.org>
CC: <dakr@...nel.org>, <aliceryhl@...gle.com>, <bhelgaas@...gle.com>,
	<kwilczynski@...nel.org>, <ojeda@...nel.org>, <alex.gaynor@...il.com>,
	<boqun.feng@...il.com>, <gary@...yguo.net>, <bjorn3_gh@...tonmail.com>,
	<lossin@...nel.org>, <a.hindborg@...nel.org>, <tmgross@...ch.edu>,
	<markus.probst@...teo.de>, <helgaas@...nel.org>, <cjia@...dia.com>,
	<smitra@...dia.com>, <ankita@...dia.com>, <aniketa@...dia.com>,
	<kwankhede@...dia.com>, <targupta@...dia.com>, <acourbot@...dia.com>,
	<joelagnelf@...dia.com>, <jhubbard@...dia.com>, <zhiwang@...nel.org>,
	<daniel.almeida@...labora.com>, Zhi Wang <zhiw@...dia.com>
Subject: [RFC 1/2] pci: Add fallible I/O methods to ConfigSpace

Rust PCI drivers might need to access device configuration space with
runtime bound check. The existing ConfigSpace abstraction only provides
infallible methods (read8/16/32) that use compile-time bounds checking via
io_addr_assert, which cannot handle dynamic offsets.

Add fallible I/O methods to ConfigSpace.

Signed-off-by: Zhi Wang <zhiw@...dia.com>
---
 rust/kernel/pci/io.rs | 34 +++++++++++++++++++++++++++++++---
 1 file changed, 31 insertions(+), 3 deletions(-)

diff --git a/rust/kernel/pci/io.rs b/rust/kernel/pci/io.rs
index 026e7a3b69bd..9fc9af0f9bfc 100644
--- a/rust/kernel/pci/io.rs
+++ b/rust/kernel/pci/io.rs
@@ -112,6 +112,17 @@ macro_rules! call_config_read {
         let _ret = unsafe { bindings::$c_fn($self.pdev.as_raw(), $addr as i32, &mut val) };
         val
     }};
+
+    (fallible, $c_fn:ident, $self:ident, $ty:ty, $addr:expr) => {{
+        let mut val: $ty = 0;
+        // SAFETY: By the type invariant `$self.pdev` is a valid address.
+        let ret = unsafe { bindings::$c_fn($self.pdev.as_raw(), $addr as i32, &mut val) };
+        if ret != 0 {
+            Err(EIO)
+        } else {
+            Ok(val)
+        }
+    }};
 }
 
 /// Internal helper macros used to invoke C PCI configuration space write functions.
@@ -140,6 +151,16 @@ macro_rules! call_config_write {
         // Return value from C function is ignored in infallible accessors.
         let _ret = unsafe { bindings::$c_fn($self.pdev.as_raw(), $addr as i32, $value) };
     };
+
+    (fallible, $c_fn:ident, $self:ident, $ty:ty, $addr:expr, $value:expr) => {{
+        // SAFETY: By the type invariant `$self.pdev` is a valid address.
+        let ret = unsafe { bindings::$c_fn($self.pdev.as_raw(), $addr as i32, $value) };
+        if ret != 0 {
+            Err(EIO)
+        } else {
+            Ok(())
+        }
+    }};
 }
 
 // PCI configuration space supports 8, 16, and 32-bit accesses.
@@ -162,9 +183,7 @@ fn maxsize(&self) -> usize {
         self.pdev.cfg_size().into_raw()
     }
 
-    // PCI configuration space does not support fallible operations.
-    // The default implementations from the Io trait are not used.
-
+    // Infallible methods with compile-time bounds checking
     define_read!(infallible, read8, call_config_read(pci_read_config_byte) -> u8);
     define_read!(infallible, read16, call_config_read(pci_read_config_word) -> u16);
     define_read!(infallible, read32, call_config_read(pci_read_config_dword) -> u32);
@@ -172,6 +191,15 @@ fn maxsize(&self) -> usize {
     define_write!(infallible, write8, call_config_write(pci_write_config_byte) <- u8);
     define_write!(infallible, write16, call_config_write(pci_write_config_word) <- u16);
     define_write!(infallible, write32, call_config_write(pci_write_config_dword) <- u32);
+
+    // Fallible methods with runtime bounds checking
+    define_read!(fallible, try_read8, call_config_read(pci_read_config_byte) -> u8);
+    define_read!(fallible, try_read16, call_config_read(pci_read_config_word) -> u16);
+    define_read!(fallible, try_read32, call_config_read(pci_read_config_dword) -> u32);
+
+    define_write!(fallible, try_write8, call_config_write(pci_write_config_byte) <- u8);
+    define_write!(fallible, try_write16, call_config_write(pci_write_config_word) <- u16);
+    define_write!(fallible, try_write32, call_config_write(pci_write_config_dword) <- u32);
 }
 
 /// Marker trait indicating ConfigSpace has a known size at compile time.
-- 
2.51.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ