| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0797f8e8-ea3c-413d-b782-84dd97919ea9@proton.me>
Date: Sun, 18 Aug 2024 16:16:50 +0000
From: Benno Lossin <benno.lossin@...ton.me>
To: Andrew Lunn <andrew@...n.ch>
Cc: FUJITA Tomonori <fujita.tomonori@...il.com>, netdev@...r.kernel.org, rust-for-linux@...r.kernel.org, tmgross@...ch.edu, miguel.ojeda.sandonis@...il.com, aliceryhl@...gle.com
Subject: Re: [PATCH net-next v4 6/6] net: phy: add Applied Micro QT2025 PHY driver
On 18.08.24 17:44, Andrew Lunn wrote:
> On Sat, Aug 17, 2024 at 09:34:13PM +0000, Benno Lossin wrote:
>> On 17.08.24 20:51, Andrew Lunn wrote:
>>>> + fn read_status(dev: &mut phy::Device) -> Result<u16> {
>>>> + dev.genphy_read_status::<C45>()
>>>> + }
>>>
>>> Probably a dumb Rust question. Shouldn't this have a ? at the end? It
>>> can return a negative error code.
>>
>> `read_status` returns a `Result<u16>` and `Device::genphy_read_status`
>> also returns a `Result<u16>`. In the function body we just delegate to
>> the latter, so no `?` is needed. We just return the entire result.
>>
>> Here is the equivalent pseudo-C code:
>>
>> int genphy_read_status(struct phy_device *dev);
>>
>> int read_status(struct phy_device *dev)
>> {
>> return genphy_read_status(dev);
>> }
>>
>> There you also don't need an if for the negative error code, since it's
>> just propagated.
>
> O.K, it seems to work. But one of the things we try to think about in
> the kernel is avoiding future bugs. Say sometime in the future i
> extend it:
>
> fn read_status(dev: &mut phy::Device) -> Result<u16> {
> dev.genphy_read_status::<C45>()
>
> dev.genphy_read_foo()
> }
>
> By forgetting to add the ? to dev.genphy_read_status, have i just
> introduced a bug? Could i have avoided that by always having the ?
> even when it is not needed?
The above code will not compile, since there is a missing `;` in the
second line. If you try to do it with the semicolon:
fn read_status(dev: &mut phy::Device) -> Result<u16> {
dev.genphy_read_status::<C45>();
dev.genphy_read_foo()
}
Then you get this error:
error: unused `core::result::Result` that must be used
--> drivers/net/phy/qt2025.rs:88:9
|
88 | dev.genphy_read_status::<C45>();
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
= note: this `Result` may be an `Err` variant, which should be handled
= note: `-D unused-must-use` implied by `-D warnings`
= help: to override `-D warnings` add `#[allow(unused_must_use)]`
help: use `let _ = ...` to ignore the resulting value
|
88 | let _ = dev.genphy_read_status::<C45>();
| +++++++
If you want to use `?` regardless, you will have to do this:
fn read_status(dev: &mut phy::Device) -> Result<u16> {
Ok(dev.genphy_read_status::<C45>()?)
}
In my opinion this does not add significant protection for the scenario
that you outlined and is a lot more verbose. But if you're not used to
Rust, this might be different, since the code below looks more wrong:
fn read_status(dev: &mut phy::Device) -> Result<u16> {
Ok(dev.genphy_read_status::<C45>()?);
dev.genphy_read_foo()
}
But I would keep it the way it currently is.
---
Cheers,
Benno
Powered by blists - more mailing lists