From: Dirk Behme <dirk.behme@gmail.com>
To: Ke Sun <sunke@kylinos.cn>, Miguel Ojeda <ojeda@kernel.org>,
Petr Mladek <pmladek@suse.com>,
Steven Rostedt <rostedt@goodmis.org>,
Timur Tabi <ttabi@nvidia.com>, Danilo Krummrich <dakr@kernel.org>,
Benno Lossin <lossin@kernel.org>
Cc: "Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Tamir Duberstein" <tamird@gmail.com>,
"Ke Sun" <sk.alvin.x@gmail.com>,
rust-for-linux@vger.kernel.org
Subject: Re: [PATCH v5 2/4] rust: kernel: Add pointer wrapper types for safe pointer formatting
Date: Fri, 26 Dec 2025 16:10:06 +0100 [thread overview]
Message-ID: <fb0f146c-8d0d-47e0-82ae-e815eb9bd2dc@gmail.com> (raw)
In-Reply-To: <20251226140751.2215563-3-sunke@kylinos.cn>
On 26.12.25 15:07, Ke Sun wrote:
> Add three pointer wrapper types (HashedPtr, RestrictedPtr, RawPtr) to
> rust/kernel/ptr.rs that correspond to C kernel's printk format specifiers
> %p, %pK, and %px. These types provide type-safe pointer formatting that
> matches C kernel patterns.
>
> These wrapper types implement core::fmt::Pointer and delegate to the
> corresponding kernel formatting functions, enabling safe pointer
> formatting in Rust code that prevents information leaks about kernel
> memory layout.
>
> Users can explicitly use these types:
> pr_info!("{:p}\n", HashedPtr::from(ptr));
> pr_info!("{:p}\n", RestrictedPtr::from(ptr));
> pr_info!("{:p}\n", RawPtr::from(ptr));
>
> Signed-off-by: Ke Sun <sunke@kylinos.cn>
> ---
> rust/helpers/fmt.c | 65 +++++++++++
> rust/helpers/helpers.c | 3 +-
> rust/kernel/ptr.rs | 240 ++++++++++++++++++++++++++++++++++++++++-
> 3 files changed, 304 insertions(+), 4 deletions(-)
> create mode 100644 rust/helpers/fmt.c
....
> diff --git a/rust/helpers/helpers.c b/rust/helpers/helpers.c
> index 79c72762ad9c4..b6877fe8dafc0 100644
> --- a/rust/helpers/helpers.c
> +++ b/rust/helpers/helpers.c
> @@ -27,8 +27,9 @@
> #include "dma.c"
> #include "drm.c"
> #include "err.c"
> -#include "irq.c"
> +#include "fmt.c"
> #include "fs.c"
> +#include "irq.c"
> #include "io.c"
> #include "jump_label.c"
> #include "kunit.c"
> diff --git a/rust/kernel/ptr.rs b/rust/kernel/ptr.rs
> index e3893ed04049d..ed5069c954146 100644
> --- a/rust/kernel/ptr.rs
> +++ b/rust/kernel/ptr.rs
> @@ -1,11 +1,22 @@
> // SPDX-License-Identifier: GPL-2.0
>
> //! Types and functions to work with pointers and addresses.
> +//!
> +//! This module provides wrapper types for formatting kernel pointers that correspond to the
> +//! C kernel's printk format specifiers `%p`, `%pK`, and `%px`.
>
> -use core::mem::align_of;
> -use core::num::NonZero;
> +use core::{
> + fmt,
> + fmt::Pointer,
> + mem::align_of,
> + num::NonZero, //
> +};
>
> -use crate::build_assert;
> +use crate::{
> + bindings,
> + build_assert,
> + ffi::c_void, //
> +};
>
> /// Type representing an alignment, which is always a power of two.
> ///
> @@ -225,3 +236,226 @@ fn align_up(self, alignment: Alignment) -> Option<Self> {
> }
>
> impl_alignable_uint!(u8, u16, u32, u64, usize);
> +
> +/// Placeholder string used when pointer hashing is not ready yet.
> +const PTR_PLACEHOLDER: &str = if core::mem::size_of::<*const c_void>() == 8 {
> + "(____ptrval____)"
> +} else {
> + "(ptrval)"
> +};
> +
> +/// Macro to implement common methods for pointer wrapper types.
> +macro_rules! impl_ptr_wrapper {
> + ($($name:ident),* $(,)?) => {
> + $(
> + impl $name {
> + /// Creates a new instance from a raw pointer.
> + #[inline]
> + pub fn from<T>(ptr: *const T) -> Self {
> + Self(ptr.cast())
> + }
> +
> + /// Creates a new instance from a mutable raw pointer.
> + #[inline]
> + pub fn from_mut<T>(ptr: *mut T) -> Self {
> + Self(ptr.cast())
> + }
> +
> + /// Returns the inner raw pointer.
> + #[inline]
> + pub fn as_ptr(&self) -> *const c_void {
> + self.0
> + }
> + }
> +
> + impl<T> From<*const T> for $name {
> + #[inline]
> + fn from(ptr: *const T) -> Self {
> + Self::from(ptr)
> + }
> + }
> +
> + impl<T> From<*mut T> for $name {
> + #[inline]
> + fn from(ptr: *mut T) -> Self {
> + Self::from_mut(ptr)
> + }
> + }
> + )*
> + };
> +}
> +
> +/// Helper function to hash a pointer and format it.
> +///
> +/// Returns `Ok(())` if the hash was successfully computed and formatted,
> +/// or the placeholder string if hashing is not ready yet.
> +fn format_hashed_ptr(ptr: *const c_void, f: &mut fmt::Formatter<'_>) -> fmt::Result {
> + let mut hashval: crate::ffi::c_ulong = 0;
> + // SAFETY: We're calling the kernel's ptr_to_hashval function which handles
> + // hashing. This is safe as long as ptr is a valid pointer value.
> + let ret = unsafe { bindings::ptr_to_hashval(ptr, core::ptr::addr_of_mut!(hashval)) };
> +
> + if ret != 0 {
> + // Hash not ready yet, print placeholder
> + return f.write_str(PTR_PLACEHOLDER);
> + }
> +
> + // Successfully got hash value, format it using Pointer::fmt to preserve
> + // formatting options (width, alignment, padding, etc.)
> + Pointer::fmt(&(hashval as *const c_void), f)
> +}
> +
> +/// A pointer that will be hashed when printed (corresponds to `%p`).
> +///
> +/// This is the default behavior for kernel pointers - they are hashed to prevent
> +/// leaking information about the kernel memory layout.
> +///
> +/// # Example
> +///
> +/// ```
> +/// use kernel::{
> +/// prelude::fmt,
> +/// ptr::HashedPtr,
> +/// str::CString, //
> +/// };
> +///
> +/// let ptr = HashedPtr::from(0x12345678 as *const u8);
> +/// pr_info!("Hashed pointer: {:016p}\n", ptr);
> +///
> +/// // Width option test
> +/// let cstr = CString::try_from_fmt(fmt!("{:30p}", ptr))?;
> +/// let width_30 = cstr.to_str()?;
> +/// assert_eq!(width_30.len(), 30);
> +/// # Ok::<(), kernel::error::Error>(())
> +/// ```
Is this intended?
[ 1.932037] # rust_doctest_kernel_ptr_rs_6.location:
rust/kernel/ptr.rs:315
[ 1.932322] rust_doctests_kernel: Hashed pointer: (____ptrval____)
[ 1.933032] # rust_doctest_kernel_ptr_rs_6: ASSERTION FAILED at
rust/kernel/ptr.rs:329
[ 1.933032] Expected width_30.len() == 30 to be true, but is false
[ 1.933892] not ok 179 rust_doctest_kernel_ptr_rs_6
[ 1.934097] # rust_doctest_kernel_ptr_rs_7.location:
rust/kernel/ptr.rs:353
[ 1.934434] rust_doctests_kernel: Restricted pointer: (____ptrval____)
[ 1.934707] # rust_doctest_kernel_ptr_rs_7: ASSERTION FAILED at
rust/kernel/ptr.rs:367
[ 1.934707] Expected width_30.len() == 30 to be true, but is false
[ 1.935156] not ok 180 rust_doctest_kernel_ptr_rs_7
This is v5 on top of v6.19-rc1 with x86_64_defconfig booting on QEMU.
Cheers
Dirk
next prev parent reply other threads:[~2025-12-26 15:10 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-26 14:07 [PATCH v5 0/4] rust: Add safe pointer formatting support Ke Sun
2025-12-26 14:07 ` [PATCH v5 1/4] lib/vsprintf: Export ptr_to_hashval for Rust use Ke Sun
2025-12-26 14:07 ` [PATCH v5 2/4] rust: kernel: Add pointer wrapper types for safe pointer formatting Ke Sun
2025-12-26 15:10 ` Dirk Behme [this message]
2025-12-27 2:02 ` Ke Sun
2025-12-26 14:07 ` [PATCH v5 3/4] rust: fmt: Default raw pointer formatting to HashedPtr Ke Sun
2025-12-26 14:07 ` [PATCH v5 4/4] docs: rust: Add pointer formatting documentation Ke Sun
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fb0f146c-8d0d-47e0-82ae-e815eb9bd2dc@gmail.com \
--to=dirk.behme@gmail.com \
--cc=a.hindborg@kernel.org \
--cc=aliceryhl@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=gary@garyguo.net \
--cc=lossin@kernel.org \
--cc=ojeda@kernel.org \
--cc=pmladek@suse.com \
--cc=rostedt@goodmis.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=sk.alvin.x@gmail.com \
--cc=sunke@kylinos.cn \
--cc=tamird@gmail.com \
--cc=tmgross@umich.edu \
--cc=ttabi@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.