| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20240818.073603.398833722324231598.fujita.tomonori@gmail.com>
Date: Sun, 18 Aug 2024 07:36:03 +0000 (UTC)
From: FUJITA Tomonori <fujita.tomonori@...il.com>
To: benno.lossin@...ton.me
Cc: fujita.tomonori@...il.com, netdev@...r.kernel.org,
rust-for-linux@...r.kernel.org, andrew@...n.ch, tmgross@...ch.edu,
miguel.ojeda.sandonis@...il.com, aliceryhl@...gle.com
Subject: Re: [PATCH net-next v4 3/6] rust: net::phy implement
AsRef<kernel::device::Device> trait
On Sun, 18 Aug 2024 06:01:27 +0000
Benno Lossin <benno.lossin@...ton.me> wrote:
>>>> +impl AsRef<kernel::device::Device> for Device {
>>>> + fn as_ref(&self) -> &kernel::device::Device {
>>>> + let phydev = self.0.get();
>>>> + // SAFETY: The struct invariant ensures that we may access
>>>> + // this field without additional synchronization.
>>>
>>> I don't see this invariant on `phy::Device`.
>>
>> You meant that `phy::Device` Invariants says that all methods defined
>> on this struct are safe to call; not about accessing a field so the
>> above SAFETY comment isn't correct, right?
>
> Correct.
Understood.
>>>> + unsafe { kernel::device::Device::as_ref(addr_of_mut!((*phydev).mdio.dev)) }
>>>> + }
>>>> +}
>>
>> SAFETY: A valid `phy_device` always have a valid `mdio.dev`.
>>
>> Better?
>
> It would be nice if you could add this on the invariants on
> `phy::Device` (you will also have to extend the INVAIRANTS comment that
> creates a `&'a mut Device`)
How about the followings?
diff --git a/rust/kernel/net/phy.rs b/rust/kernel/net/phy.rs
index 5e8137a1972f..3e1d6c43ca33 100644
--- a/rust/kernel/net/phy.rs
+++ b/rust/kernel/net/phy.rs
@@ -7,8 +7,7 @@
//! C headers: [`include/linux/phy.h`](srctree/include/linux/phy.h).
use crate::{error::*, prelude::*, types::Opaque};
-
-use core::marker::PhantomData;
+use core::{marker::PhantomData, ptr::addr_of_mut};
/// PHY state machine states.
///
@@ -60,6 +59,7 @@ pub enum DuplexMode {
///
/// Referencing a `phy_device` using this struct asserts that you are in
/// a context where all methods defined on this struct are safe to call.
+/// This struct always has a valid `mdio.dev`.
///
/// [`struct phy_device`]: srctree/include/linux/phy.h
// During the calls to most functions in [`Driver`], the C side (`PHYLIB`) holds a lock that is
@@ -76,9 +76,9 @@ impl Device {
///
/// # Safety
///
- /// For the duration of 'a, the pointer must point at a valid `phy_device`,
- /// and the caller must be in a context where all methods defined on this struct
- /// are safe to call.
+ /// For the duration of 'a, the pointer must point at a valid `phy_device` with
+ /// a valid `mdio.dev`, and the caller must be in a context where all methods
+ /// defined on this struct are safe to call.
unsafe fn from_raw<'a>(ptr: *mut bindings::phy_device) -> &'a mut Self {
// CAST: `Self` is a `repr(transparent)` wrapper around `bindings::phy_device`.
let ptr = ptr.cast::<Self>();
@@ -302,6 +302,14 @@ pub fn genphy_read_abilities(&mut self) -> Result {
}
}
+impl AsRef<kernel::device::Device> for Device {
+ fn as_ref(&self) -> &kernel::device::Device {
+ let phydev = self.0.get();
+ // SAFETY: The struct invariant ensures that `mdio.dev` is valid.
+ unsafe { kernel::device::Device::as_ref(addr_of_mut!((*phydev).mdio.dev)) }
+ }
+}
+
/// Defines certain other features this PHY supports (like interrupts).
///
/// These flag values are used in [`Driver::FLAGS`].
Powered by blists - more mailing lists