From: Danilo Krummrich <dakr@kernel.org>
To: Alice Ryhl <aliceryhl@google.com>
Cc: "Miguel Ojeda" <ojeda@kernel.org>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <benno.lossin@proton.me>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Trevor Gross" <tmgross@umich.edu>,
rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 1/2] uaccess: rust: add strncpy_from_user
Date: Tue, 29 Apr 2025 12:11:20 +0200 [thread overview]
Message-ID: <aBClyLz4y7a15WMg@pollux> (raw)
In-Reply-To: <20250429-strncpy-from-user-v2-1-7e6facac0bf0@google.com>
On Tue, Apr 29, 2025 at 09:02:22AM +0000, Alice Ryhl wrote:
> This patch adds a direct wrapper around the C function of the same name.
> It's not really intended for direct use by Rust code since
> strncpy_from_user has a somewhat unfortunate API where it only
> nul-terminates the buffer if there's space for the nul-terminator. This
> means that a direct Rust wrapper around it could not return a &CStr
> since the buffer may not be a cstring. However, we still add the method
> to build more convenient APIs on top of it, which will happen in
> subsequent patches.
If we can't think of a use-case to be built upon outside of
rust/kernel/uaccess.rs, I'd make it private. We can still make it public should
we find a use-case later on. If we have one already, it's fine of course.
With that,
Reviewed-by: Danilo Krummrich <dakr@kernel.org>
> Signed-off-by: Alice Ryhl <aliceryhl@google.com>
> ---
> rust/kernel/uaccess.rs | 34 +++++++++++++++++++++++++++++++++-
> 1 file changed, 33 insertions(+), 1 deletion(-)
>
> diff --git a/rust/kernel/uaccess.rs b/rust/kernel/uaccess.rs
> index 80a9782b1c6e98ed6eae308ade8551afa7adc188..acb703f074a30e60d42a222dd26aed80d8bdb76a 100644
> --- a/rust/kernel/uaccess.rs
> +++ b/rust/kernel/uaccess.rs
> @@ -8,7 +8,7 @@
> alloc::{Allocator, Flags},
> bindings,
> error::Result,
> - ffi::c_void,
> + ffi::{c_char, c_void},
> prelude::*,
> transmute::{AsBytes, FromBytes},
> };
> @@ -369,3 +369,35 @@ pub fn write<T: AsBytes>(&mut self, value: &T) -> Result {
> Ok(())
> }
> }
> +
> +/// Reads a nul-terminated string into `buf` and returns the length.
> +///
> +/// This reads from userspace until a NUL byte is encountered, or until `buf.len()` bytes have been
> +/// read. Fails with [`EFAULT`] if a read happens on a bad address. When the end of the buffer is
> +/// encountered, no NUL byte is added, so the string is *not* guaranteed to be NUL-terminated when
> +/// `Ok(buf.len())` is returned.
> +///
> +/// # Guarantees
> +///
> +/// When this function returns `Ok(len)`, it is guaranteed that the first `len` of `buf` bytes are
> +/// initialized and non-zero. Furthermore, if `len < buf.len()`, then `buf[len]` is a NUL byte.
> +/// Unsafe code may rely on these guarantees.
> +#[inline]
> +pub fn raw_strncpy_from_user(ptr: UserPtr, buf: &mut [MaybeUninit<u8>]) -> Result<usize> {
> + // CAST: Slice lengths are guaranteed to be `<= isize::MAX`.
> + let len = buf.len() as isize;
> +
> + // SAFETY: `buf` is valid for writing `buf.len()` bytes.
> + let res = unsafe {
> + bindings::strncpy_from_user(buf.as_mut_ptr().cast::<c_char>(), ptr as *const c_char, len)
> + };
> +
> + if res < 0 {
> + return Err(Error::from_errno(res as i32));
> + }
> +
> + #[cfg(CONFIG_RUST_OVERFLOW_CHECKS)]
> + assert!(res <= len);
> +
> + Ok(res as usize)
> +}
>
> --
> 2.49.0.901.g37484f566f-goog
>
next prev parent reply other threads:[~2025-04-29 10:11 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-29 9:02 [PATCH v2 0/2] strncpy_from_user for Rust Alice Ryhl
2025-04-29 9:02 ` [PATCH v2 1/2] uaccess: rust: add strncpy_from_user Alice Ryhl
2025-04-29 10:11 ` Danilo Krummrich [this message]
2025-04-29 10:30 ` Alice Ryhl
2025-04-29 11:04 ` Greg Kroah-Hartman
2025-04-29 15:09 ` Alice Ryhl
2025-04-29 17:30 ` Boqun Feng
2025-04-29 20:28 ` John Hubbard
2025-04-29 20:31 ` Boqun Feng
2025-04-29 9:02 ` [PATCH v2 2/2] uaccess: rust: add UserSliceReader::strcpy_into_buf Alice Ryhl
2025-04-29 10:36 ` Danilo Krummrich
2025-04-29 11:09 ` Greg Kroah-Hartman
2025-04-29 11:38 ` Danilo Krummrich
2025-04-29 11:48 ` Greg Kroah-Hartman
2025-04-29 15:15 ` Alice Ryhl
2025-04-29 15:50 ` Greg Kroah-Hartman
2025-04-30 10:58 ` Alice Ryhl
2025-04-30 11:04 ` Greg Kroah-Hartman
2025-04-29 18:02 ` Boqun Feng
2025-04-29 18:26 ` Boqun Feng
2025-04-29 19:29 ` Alice Ryhl
2025-04-29 19:47 ` Boqun Feng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aBClyLz4y7a15WMg@pollux \
--to=dakr@kernel.org \
--cc=a.hindborg@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=aliceryhl@google.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=gary@garyguo.net \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=tmgross@umich.edu \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.