From: Boqun Feng <boqun.feng@gmail.com>
To: Alice Ryhl <aliceryhl@google.com>
Cc: "Miguel Ojeda" <ojeda@kernel.org>,
"Matthew Wilcox" <willy@infradead.org>,
"Al Viro" <viro@zeniv.linux.org.uk>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Kees Cook" <keescook@chromium.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Wedson Almeida Filho" <wedsonaf@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <benno.lossin@proton.me>,
"Andreas Hindborg" <a.hindborg@samsung.com>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Arve Hjønnevåg" <arve@android.com>,
"Todd Kjos" <tkjos@android.com>,
"Martijn Coenen" <maco@android.com>,
"Joel Fernandes" <joel@joelfernandes.org>,
"Carlos Llamas" <cmllamas@google.com>,
"Suren Baghdasaryan" <surenb@google.com>,
"Arnd Bergmann" <arnd@arndb.de>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
rust-for-linux@vger.kernel.org,
"Christian Brauner" <brauner@kernel.org>
Subject: Re: [PATCH v3 1/4] rust: uaccess: add userspace pointers
Date: Mon, 18 Mar 2024 12:33:32 -0700 [thread overview]
Message-ID: <ZfiXDA7mhW17_ed7@boqun-archlinux> (raw)
In-Reply-To: <CAH5fLghs7=V2hHYBnQE-h=xpQYKX5ZxrV1iVdB4ybt7pAXFMWQ@mail.gmail.com>
On Mon, Mar 18, 2024 at 08:12:27PM +0100, Alice Ryhl wrote:
> On Mon, Mar 18, 2024 at 7:59 PM Boqun Feng <boqun.feng@gmail.com> wrote:
> >
> > On Mon, Mar 11, 2024 at 10:47:13AM +0000, Alice Ryhl wrote:
> > > +
> > > + /// Reads raw data from the user slice into a raw kernel buffer.
> > > + ///
> > > + /// Fails with `EFAULT` if the read encounters a page fault.
> > > + ///
> > > + /// # Safety
> > > + ///
> > > + /// The `out` pointer must be valid for writing `len` bytes.
> > > + pub unsafe fn read_raw(&mut self, out: *mut u8, len: usize) -> Result {
> >
> > I don't think we want to promote the pub usage of this unsafe function,
> > right? We can provide a safe version:
> >
> > pub fn read_slice(&mut self, to: &[u8]) -> Result
> >
> > and all users can just use the safe version (with the help of
> > slice::from_raw_parts_mut() if necessary).
>
> Personally, I think having the function be unsafe is plenty discouragement.
>
> Also, this method would need an &mut [u8], which opens the can of
> worms related to uninitialized memory. The _raw version of this method
make it a `&mut [MayUninit<u8>]` then? If that works, then _raw version
is not more powerful therefore no need to pub it.
> is strictly more powerful.
>
> I don't think I actually use it directly in Binder, so I can make it
> private if you think that's important. It needs to be pub(crate),
I might be too picky, but avoiding pub unsafe functions if not necessary
could help us reduce unnecessary unsafe code ;-)
Regards,
Boqun
> though, since it is used in `Page`.
>
> Alice
next prev parent reply other threads:[~2024-03-18 19:33 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-11 10:47 [PATCH v3 0/4] Memory management patches needed by Rust Binder Alice Ryhl
2024-03-11 10:47 ` [PATCH v3 1/4] rust: uaccess: add userspace pointers Alice Ryhl
2024-03-16 14:16 ` Benno Lossin
2024-03-18 18:59 ` Boqun Feng
2024-03-18 19:12 ` Alice Ryhl
2024-03-18 19:33 ` Boqun Feng [this message]
2024-03-18 20:10 ` Alice Ryhl
2024-03-18 21:07 ` Boqun Feng
2024-03-20 2:27 ` Boqun Feng
2024-03-20 18:39 ` Boqun Feng
2024-03-11 10:47 ` [PATCH v3 2/4] uaccess: always export _copy_[from|to]_user with CONFIG_RUST Alice Ryhl
2024-03-18 21:16 ` Boqun Feng
2024-03-11 10:47 ` [PATCH v3 3/4] rust: uaccess: add typed accessors for userspace pointers Alice Ryhl
2024-03-16 14:56 ` Benno Lossin
2024-03-19 19:32 ` Boqun Feng
2024-03-11 10:47 ` [PATCH v3 4/4] rust: add abstraction for `struct page` Alice Ryhl
2024-03-11 10:50 ` Alice Ryhl
2024-03-15 8:16 ` Andreas Hindborg
2024-03-16 15:30 ` Matthew Wilcox
2024-03-16 20:39 ` Benno Lossin
2024-03-20 8:46 ` Alice Ryhl
2024-03-21 13:15 ` Benno Lossin
2024-03-21 13:42 ` Alice Ryhl
2024-03-21 13:56 ` Benno Lossin
2024-03-21 14:11 ` Alice Ryhl
2024-03-21 14:16 ` Alice Ryhl
2024-03-21 14:19 ` Benno Lossin
2024-03-19 22:16 ` Boqun Feng
2024-03-19 22:28 ` Benno Lossin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZfiXDA7mhW17_ed7@boqun-archlinux \
--to=boqun.feng@gmail.com \
--cc=a.hindborg@samsung.com \
--cc=akpm@linux-foundation.org \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=arnd@arndb.de \
--cc=arve@android.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=brauner@kernel.org \
--cc=cmllamas@google.com \
--cc=gary@garyguo.net \
--cc=gregkh@linuxfoundation.org \
--cc=joel@joelfernandes.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=maco@android.com \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=surenb@google.com \
--cc=tkjos@android.com \
--cc=viro@zeniv.linux.org.uk \
--cc=wedsonaf@gmail.com \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.