| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJ-ks9kDoD8yXpLAm4K9V9+SzKC7+zd+Rg1eMrPMbz9Yr2uzeA@mail.gmail.com>
Date: Tue, 3 Feb 2026 10:14:35 -0500
From: Tamir Duberstein <tamird@...nel.org>
To: Gary Guo <gary@...nel.org>
Cc: Miguel Ojeda <ojeda@...nel.org>, Boqun Feng <boqun@...nel.org>, Gary Guo <gary@...yguo.net>,
Björn Roy Baron <bjorn3_gh@...tonmail.com>,
Benno Lossin <lossin@...nel.org>, Andreas Hindborg <a.hindborg@...nel.org>,
Alice Ryhl <aliceryhl@...gle.com>, Trevor Gross <tmgross@...ch.edu>,
Danilo Krummrich <dakr@...nel.org>, Panagiotis Foliadis <pfoliadis@...teo.net>,
Shankari Anand <shankari.ak0208@...il.com>, FUJITA Tomonori <fujita.tomonori@...il.com>,
kernel test robot <lkp@...el.com>, rust-for-linux@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 2/2] rust: disallow use of `CStr::as_ptr` and `CStr::from_ptr`
On Tue, Feb 3, 2026 at 8:08 AM Gary Guo <gary@...nel.org> wrote:
>
> From: Gary Guo <gary@...yguo.net>
>
> As kernel always use unsigned char and not the platform ABI's default, an
> user should always use `as_char_ptr` provided via `CStrExt` instead.
> Therefore configure `disallow-methods` feature of clippy to catch incorrect
> usage.
>
> Similarly, the dual `from_ptr` is also disallowed.
>
> Signed-off-by: Gary Guo <gary@...yguo.net>
Reviewed-by: Tamir Duberstein <tamird@...nel.org>
> ---
> Changes since v2:
> - Also disallow `CStr::from_ptr`
> ---
> .clippy.toml | 10 ++++++++++
> rust/kernel/str.rs | 3 +++
> 2 files changed, 13 insertions(+)
>
> diff --git a/.clippy.toml b/.clippy.toml
> index 137f41d203de..a51de9a46380 100644
> --- a/.clippy.toml
> +++ b/.clippy.toml
> @@ -9,3 +9,13 @@ disallowed-macros = [
> # it here, see: https://github.com/rust-lang/rust-clippy/issues/11303.
> { path = "kernel::dbg", reason = "the `dbg!` macro is intended as a debugging tool", allow-invalid = true },
> ]
> +
> +[[disallowed-methods]]
> +path = "core::ffi::CStr::as_ptr"
> +replacement = "kernel::prelude::CStrExt::as_char_ptr"
> +reason = "kernel's `char` is always unsigned, use `as_char_ptr` instead"
> +
> +[[disallowed-methods]]
> +path = "core::ffi::CStr::from_ptr"
> +replacement = "kernel::prelude::CStrExt::from_char_ptr"
> +reason = "kernel's `char` is always unsigned, use `from_char_ptr` instead"
> diff --git a/rust/kernel/str.rs b/rust/kernel/str.rs
> index fa87779d2253..97bf9427af59 100644
> --- a/rust/kernel/str.rs
> +++ b/rust/kernel/str.rs
> @@ -189,6 +189,7 @@ macro_rules! b_str {
> //
> // - error[E0379]: functions in trait impls cannot be declared const
> #[inline]
> +#[expect(clippy::disallowed_methods, reason = "internal implementation")]
> pub const fn as_char_ptr_in_const_context(c_str: &CStr) -> *const c_char {
> c_str.as_ptr().cast()
> }
> @@ -319,6 +320,7 @@ unsafe fn to_bytes_mut(s: &mut CStr) -> &mut [u8] {
>
> impl CStrExt for CStr {
> #[inline]
> + #[expect(clippy::disallowed_methods, reason = "internal implementation")]
> unsafe fn from_char_ptr<'a>(ptr: *const c_char) -> &'a Self {
> // SAFETY: The safety preconditions are the same as for `CStr::from_ptr`.
> unsafe { CStr::from_ptr(ptr.cast()) }
> @@ -334,6 +336,7 @@ unsafe fn from_bytes_with_nul_unchecked_mut(bytes: &mut [u8]) -> &mut Self {
> }
>
> #[inline]
> + #[expect(clippy::disallowed_methods, reason = "internal implementation")]
> fn as_char_ptr(&self) -> *const c_char {
> self.as_ptr().cast()
> }
> --
> 2.51.2
>
Powered by blists - more mailing lists