From: Benno Lossin <lossin@kernel.org>
To: "Greg KH" <gregkh@linuxfoundation.org>,
"Simona Vetter" <simona.vetter@ffwll.ch>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <lossin@kernel.org>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Danilo Krummrich" <dakr@kernel.org>
Cc: rust-for-linux@vger.kernel.org
Subject: [PATCH v4 0/4] Untrusted Data API
Date: Thu, 14 Aug 2025 14:44:12 +0200 [thread overview]
Message-ID: <20250814124424.516191-1-lossin@kernel.org> (raw)
I didn't have too much time to spend on this API, so this is mostly a
resend of v3. There are some changes in the last commit, updating to the
latest version of Alice's iov_iter patche series [1] & rebasing on top
of v6.17-rc1.
I think we should just merge the first two patches this cycle in order
to get the initial, bare-bones API into the kernel and have people
experiment with it. The validation logic in the third patch still needs
some work and I'd need to find some time to work on that (no idea when I
find it though).
I also think that field projections are necessary to make `Untrusted`
reasonably useful, but I'm open to adding a stop gap solution in the
meantime. There has been some movement at upstream rust on field
projections. I submitted a project goal for 2025H2 [2] and it most
likely will be accpeted. I also opened a tracking issue [3] for the
language experiment that will drive the design of the feature.
---
Cheers,
Benno
[1]: https://lore.kernel.org/all/20250813-iov-iter-v4-0-c4f1932b05ef@google.com
[2]: https://rust-lang.github.io/rust-project-goals/2025h2/field-projections.html
[3]: https://github.com/rust-lang/rust/issues/145383
Changelog
=========
* v3: https://lore.kernel.org/all/20250421134909.464405-1-benno.lossin@proton.me
- properly mark RFC patches
- fix doctests
- rebase onto v6.17-rc1
- use Alice's latest iov_iter patch series: https://lore.kernel.org/all/20250813-iov-iter-v4-0-c4f1932b05ef@google.com
* v2: https://lore.kernel.org/all/20240925205244.873020-1-benno.lossin@proton.me
- split introduction patch into the minimum API needed + the
validation API
* v1: https://lore.kernel.org/rust-for-linux/20240913112643.542914-1-benno.lossin@proton.me/
- split `Untrusted` into `Untrusted` and `Unvalidated` (great suggestion
by Simona Vetter)
- remove `validate_bytes`, `untrusted*` (Simona Vetter)
- rename `Validator` -> `Validate`
- change `Validator::Input` to an generic parameter (Fiona Behrens)
- remove `Validator::Output` and change return type to
`Result<Self, Self::Err>` (Simona Vetter)
- use the new API on the `uaccess` module (Simona Vetter)
- add support for in-place validation (Simona Vetter)
Benno Lossin (4):
rust: transmute: add `cast_slice[_mut]` functions
rust: create basic untrusted data API
rust: validate: add `Validate` trait
rust: iov: use untrusted data API
rust/kernel/iov.rs | 30 +++--
rust/kernel/lib.rs | 1 +
rust/kernel/transmute.rs | 60 +++++++++
rust/kernel/validate.rs | 210 +++++++++++++++++++++++++++++++
samples/rust/rust_misc_device.rs | 5 +-
5 files changed, 293 insertions(+), 13 deletions(-)
create mode 100644 rust/kernel/validate.rs
base-commit: 8f5ae30d69d7543eee0d70083daf4de8fe15d585
prerequisite-patch-id: 9fbbd51a9c098c1e99a9c69337e0053d2ee45cc3
prerequisite-patch-id: e5b7d90b63f091fe3f250ec1f4bfac461a5a60a3
prerequisite-patch-id: 356376695c1e5bda36dd4bd08f1c1d18775f580f
prerequisite-patch-id: 4ec65ef345b03c1664af2c475e002f3fcfb59086
--
2.50.1
next reply other threads:[~2025-08-14 12:44 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-14 12:44 Benno Lossin [this message]
2025-08-14 12:44 ` [PATCH v4 1/4] rust: transmute: add `cast_slice[_mut]` functions Benno Lossin
2025-08-14 12:44 ` [PATCH v4 2/4] rust: create basic untrusted data API Benno Lossin
2025-08-29 5:23 ` Dirk Behme
2025-08-14 12:44 ` [RFC PATCH v4 3/4] rust: validate: add `Validate` trait Benno Lossin
2025-09-04 6:48 ` Dirk Behme
2025-08-14 12:44 ` [RFC PATCH v4 4/4] rust: iov: use untrusted data API Benno Lossin
2025-08-14 14:37 ` [PATCH v4 0/4] Untrusted Data API Greg KH
2025-08-14 15:22 ` Benno Lossin
2025-08-14 15:42 ` Greg KH
2025-08-14 17:23 ` Benno Lossin
2025-08-14 18:26 ` Greg KH
2025-08-15 7:28 ` Benno Lossin
2025-08-15 14:19 ` Greg KH
2025-08-16 10:22 ` Benno Lossin
2025-08-17 6:00 ` Greg KH
2026-05-16 13:21 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250814124424.516191-1-lossin@kernel.org \
--to=lossin@kernel.org \
--cc=a.hindborg@kernel.org \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=gary@garyguo.net \
--cc=gregkh@linuxfoundation.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=simona.vetter@ffwll.ch \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.