From: Alice Ryhl <aliceryhl@google.com>
To: Alexandre Courbot <acourbot@nvidia.com>
Cc: "Matthew Maurer" <mmaurer@google.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <lossin@kernel.org>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Trevor Gross" <tmgross@umich.edu>,
"Danilo Krummrich" <dakr@kernel.org>,
rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 2/3] rust: Add support for deriving `AsBytes` and `FromBytes`
Date: Thu, 18 Dec 2025 08:26:33 +0000 [thread overview]
Message-ID: <aUO6uUbGGtwXlrAT@google.com> (raw)
In-Reply-To: <DF15V0W5G9K5.KCPM8M4BZVOE@nvidia.com>
On Thu, Dec 18, 2025 at 04:23:43PM +0900, Alexandre Courbot wrote:
> On Thu Dec 18, 2025 at 3:01 AM JST, Matthew Maurer wrote:
> > On Tue, Dec 16, 2025 at 7:12 PM Alexandre Courbot <acourbot@nvidia.com> wrote:
> >> > +/// Implements `FromBytes` for a struct.
> >> > +///
> >> > +/// It will fail compilation if the struct you are deriving on cannot be determined to implement
> >> > +/// `FromBytes` safely. It may still fail for some types which would be safe to implement
> >> > +/// `FromBytes` for, in which case you will need to write the implementation and justification
> >> > +/// yourself.
> >> > +///
> >> > +/// Main reasons your type may be rejected:
> >> > +/// * Not a `struct`
> >> > +/// * One of the fields is not `FromBytes`
> >> > +///
> >> > +/// # Examples
> >> > +///
> >> > +/// ```
> >> > +/// #[derive(FromBytes)]
> >> > +/// #[repr(C)]
> >> > +/// struct Foo {
> >> > +/// x: u32,
> >> > +/// y: u16,
> >> > +/// z: u16,
> >> > +/// }
> >> > +/// ```
> >>
> >> One thing I have noticed is that I could sucessfully derive `FromBytes`
> >> on a struct that is not `repr(C)`... Is that something we want to
> >> disallow?
> >>
> >
> > Why should we disallow this? I can enforce it very easily if we want
> > it, but the only difference between `#[repr(C)]` and `#[repr(Rust)]`
> > is whether we can statically predict their layout. In theory you can
> > use this to elide the padding check for `#[repr(C)]` structs (and
> > `zerocopy` does this), but it's significantly more complicated.
> >
> > The only argument I see in favor of disallowing `#[repr(Rust)]` here
> > is that if it's not a struct that also supports `AsBytes`, there's a
> > question about where you're getting the bytes to load from.
> >
> > I will point out that we probably don't *just* want to restrict to
> > `#[repr(C)]` because `#[repr(transparent)]` and `#[repr(packed)]` are
> > also great use cases.
>
> Yeah it's probably correct as it is. I am not sure why we would want to
> use it on types without a predictable layout, but also cannot say this
> is fundamentally broken.
At the very least such types can roundtrip to/from byte arrays. Or you
could pass them to the randomness pool:
https://lore.kernel.org/all/20251216-add-entropy-v2-1-4d866f251474@google.com/
Alice
next prev parent reply other threads:[~2025-12-18 8:26 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-16 0:44 [PATCH v2 0/3] Support more safe `AsBytes`/`FromBytes` usage Matthew Maurer
2025-12-16 0:44 ` [PATCH v2 1/3] rust: transmute: Support transmuting slices of AsBytes/FromBytes types Matthew Maurer
2025-12-17 16:51 ` Daniel Almeida
2025-12-26 20:27 ` Matthew Maurer
2025-12-16 0:44 ` [PATCH v2 2/3] rust: Add support for deriving `AsBytes` and `FromBytes` Matthew Maurer
2025-12-17 3:12 ` Alexandre Courbot
2025-12-17 18:01 ` Matthew Maurer
2025-12-17 19:14 ` Daniel Almeida
2025-12-18 7:23 ` Alexandre Courbot
2025-12-18 8:26 ` Alice Ryhl [this message]
2025-12-17 17:35 ` Daniel Almeida
2025-12-17 17:57 ` Matthew Maurer
2025-12-17 19:11 ` Daniel Almeida
2025-12-16 0:44 ` [PATCH v2 3/3] rust: Support deriving `AsBytes`/`FromBytes` on bindgen types Matthew Maurer
2025-12-17 3:15 ` Alexandre Courbot
2025-12-17 18:26 ` Matthew Maurer
2025-12-17 19:26 ` Daniel Almeida
2025-12-17 19:33 ` Matthew Maurer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aUO6uUbGGtwXlrAT@google.com \
--to=aliceryhl@google.com \
--cc=a.hindborg@kernel.org \
--cc=acourbot@nvidia.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=gary@garyguo.net \
--cc=linux-kernel@vger.kernel.org \
--cc=lossin@kernel.org \
--cc=mmaurer@google.com \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.