From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 10FFAC04FF8 for ; Thu, 18 Apr 2024 13:18:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8027E6B0088; Thu, 18 Apr 2024 09:18:07 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7A4DE6B008C; Thu, 18 Apr 2024 09:18:07 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5AAAC6B0093; Thu, 18 Apr 2024 09:18:07 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id DE85A6B0088 for ; Thu, 18 Apr 2024 09:18:06 -0400 (EDT) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 9055D12139D for ; Thu, 18 Apr 2024 13:18:06 +0000 (UTC) X-FDA: 82022705772.16.CB93DC3 Received: from mail-yw1-f176.google.com (mail-yw1-f176.google.com [209.85.128.176]) by imf04.hostedemail.com (Postfix) with ESMTP id A158C40010 for ; Thu, 18 Apr 2024 13:18:04 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=BdtFress; spf=pass (imf04.hostedemail.com: domain of aliceryhl@google.com designates 209.85.128.176 as permitted sender) smtp.mailfrom=aliceryhl@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1713446284; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=TNRbWAZ6Q5MqN+iLHn0qNU1jdPOPQHBoqFwuo6lZ8Oc=; b=fA7uiAZt4fT8gPSOdPvzErPr+C1KlUD7GQ07FFq/Ey1Xui68HfYPOtnAu5Gmag1OXVwyFf A4/KclFLAhJ3FcUld9lL3a+cDS4o4OliYFfLn7qQw5CjLCVYmrq15/cUuIcQ7YWDFCwCkR eVsmjzEvH1ZbSo39ci+uUHGanqK2FxI= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=BdtFress; spf=pass (imf04.hostedemail.com: domain of aliceryhl@google.com designates 209.85.128.176 as permitted sender) smtp.mailfrom=aliceryhl@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1713446284; a=rsa-sha256; cv=none; b=O6OSKAGkaXqDPergNcNdcuRl7ZurjzcsmeMLQtTFeSuOU8YCkTRa5VV5wF0F4yT65rMxii lJjFHWughT/9K6X0z7f0lsgQ1yU9n5nJWbVwUxrIANOhn4/fT1GT+4gl9Fc8tKLEV12+kh GD8VQ8sgUYd9V+2Vp4SxGu2sS4W53Tk= Received: by mail-yw1-f176.google.com with SMTP id 00721157ae682-6157c30fbc9so7841077b3.0 for ; Thu, 18 Apr 2024 06:18:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1713446284; x=1714051084; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=TNRbWAZ6Q5MqN+iLHn0qNU1jdPOPQHBoqFwuo6lZ8Oc=; b=BdtFressTdSCTPx8/IJ3fPay8VmhHxDvs33GkUr3da4OlFZCS0nK1UR8e9tXQpBmmC Q7ePoSsOOtaAE1CO0yw7lpQb9OGE32XU4jvsSVDi3jxsMjfMf91Dc/3KpS+y7f4ght7W It1LLusJobaInYVb7Ig+/1BtJCi5K+GNcbtz7PkpAevSinHni6p3+E9ZEtdjP33ZAnoq mAc14opy+flgx+HAJTBtis0ZhIlhSaD/KX6DRwE/+7N/CYZ9ZW7Xnbu4907yfnMMytZ5 4zbptG3J6AzbwdaI28oY/BkFL4SM+03dqkYThoUnROTBeCNCeZPFtQDXkG4FBwkHLndt fbUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713446284; x=1714051084; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TNRbWAZ6Q5MqN+iLHn0qNU1jdPOPQHBoqFwuo6lZ8Oc=; b=XTEAcSklX3OC3jzPtfIuT4/owHCJuZPkpwKjCZcIRxeCyweLtYyLWOQZ6l25Z2Db5D SGEa75Nk36S/GaT1dLVe6imKI/BMfE38+egZKmzaO2Ak78UmnpXBsFMp0cHXMHf8zQNl hGQ6wIH7EPmxbnFDMGQeaySqKplfpm1t8aoK8oMqBRg3MCEs5DceNB5iceeVOpyMNrJ0 FyTnTWItueq7wRiO6lSIPkd26cYNWqWcc2KAKU/BDTT/RjkEEPIfWVxVZr1FXcKMIHnr J1wq4RXwTYxhI3QDXKp7LJKfCyGh/lFy/feBz65QjfUsqEFeqkjbM2DKgfg/cITE6Hxx zh2A== X-Forwarded-Encrypted: i=1; AJvYcCUwZDBdcKqvtfZ/32oUfqVL21KqAuRn4CA97R1JdFZ7UyqUYCt5L/qtxvLzidDJRUT1EF9Z4nwwYVCrKxZgg8cOh3w= X-Gm-Message-State: AOJu0Yyynj/XdDCYpKl67upWXLrTceYHE603nINmCY/kLkap4xXiA+nl MHdxxamoARNRsEVH4Z0ZPBPy2Hgj3jZsKYndlSM/4gJY9Yox9pIgygDv1mQNrkZEkXxt627Sa3L gveJJK0ox/YWe2ftOFsBC/f/cHnDGMr6OjQcS X-Google-Smtp-Source: AGHT+IE2p3Omlwm3EzGg+l2X0TwISReBp7wfKSeqHifZGecA9H/wvlgdStZ8NcRwsmoz0C14lmxeng8EglXkjwSno5E= X-Received: by 2002:a05:690c:6206:b0:61b:1be9:bbcb with SMTP id hl6-20020a05690c620600b0061b1be9bbcbmr3057153ywb.44.1713446283553; Thu, 18 Apr 2024 06:18:03 -0700 (PDT) MIME-Version: 1.0 References: <20240418-alice-mm-v6-0-cb8f3e5d688f@google.com> <20240418-alice-mm-v6-3-cb8f3e5d688f@google.com> <5fd684d8-d46d-4009-bcf8-134dab342322@proton.me> In-Reply-To: <5fd684d8-d46d-4009-bcf8-134dab342322@proton.me> From: Alice Ryhl Date: Thu, 18 Apr 2024 15:17:51 +0200 Message-ID: Subject: Re: [PATCH v6 3/4] rust: uaccess: add typed accessors for userspace pointers To: Benno Lossin Cc: Miguel Ojeda , Matthew Wilcox , Al Viro , Andrew Morton , Kees Cook , Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , =?UTF-8?Q?Bj=C3=B6rn_Roy_Baron?= , Andreas Hindborg , Greg Kroah-Hartman , =?UTF-8?B?QXJ2ZSBIasO4bm5ldsOlZw==?= , Todd Kjos , Martijn Coenen , Joel Fernandes , Carlos Llamas , Suren Baghdasaryan , Arnd Bergmann , Trevor Gross , linux-mm@kvack.org, linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org, Christian Brauner Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Stat-Signature: tmysxmnu7zzr8544sswoh7fxyaffmr8a X-Rspamd-Queue-Id: A158C40010 X-Rspamd-Server: rspam10 X-Rspam-User: X-HE-Tag: 1713446284-128200 X-HE-Meta: U2FsdGVkX18o0G6TtRYfi/2fSYNzeELc7Wb6QFKyLMGl7Fgvn3lFiEeKSr1XV7Qmo84u2WXlA+PsEfO83f6au5RHIFuYAlEKG3ezD/lMOSfuq8t4pK+0jcaYqU0+pQWAbQR9T5pQKPE9gnoO/YQfh6updXw4GBmsvf/7CPovfpeA5kcGDObrChRY1SHANcee12sLv7N8v5gZiogArLY4fejLouKNip5B6zlKwG1E/ATlGie0l9CmX6lzvT+VXiRfIRUlFVVGhbXW4QyiVPhH5Vz3/QcP51sDdnvRPht2ilbkd5yhXNG+9Y1trCtjsTE6ue1Hs49r5rGeNvmsMjLpHFF1aVI81LnF2SDUsXnEe+iReuBfASa5GFYnTgHhrmjyz4egXE18gYLE/DCfKc1KNQDY6gkwqBkVeWRZ/bwDl/jdA44hICvBWzT1aPUMvHaKlBJVE1k0tX3cICeT7j6YWQ9C4ssrcGcIz6/MEIRKxYNYx/+IjnbSH/y2R5rDD7freGiy/ONiH+rXvHZf1x2W76PgAwR9kil68/h0Ax0NLlaYFQe0+wAFHVwsnYgGcCWvnvtEWPFvB0nNFvfHl3WgwLMvxOPHbB4HQPgUMYwNURsZqwQOudnUjaCqYtn4JyjOx6hpkiNoAAR/HfsZZZaxon3OnSJfCB9fcCeuqROgYtfAQXBAPO91tMT5sK0Z0BE/dbvjERM75HLEYVO4NKmzaP6a234o4id0H3q0Bitm/2/1vBSutP/exwQ9pkYCdqNPhNzFUnlQ2ZTGtbBQQAKBxBwt6bVzfjftb2+cYInywsx1RFngJ2uUIaaXAbSUl21Z+KomcXNaLGrrJfaqTKT21ciSiVYt5kfHn+fzLwEg4s5DpBLAAY40vOhSd8rNbmJvBLOosGVYO9rSnegmD2+4dtjaF/HGuwspAaQ+2Iocv1RC3z6oJaODoXzTCRVW91A67KYRr+Kic7rK5yYwfpD tg+DxTrS xxxFJVWf0mV8D189PYbUZc5YDOILbbtDXkwl40zMvXcueG1kY/FwEz2I1eyK10vdxJbVoU/VZW6YBqywF6Cz5hsDA0zD3GVUVyrVmidZ+SJGVSfs75GJk4nNn6EiUbmxMJFVmwkYU1qm9AGAyyUwGWq8h/5qbCjBxB8/el8q8azg1FucLC2t/ko4j0qEfYnZUVyrUeg4g/pIeV3B92jzNSrUtofrn2a2B4Er/aEvbu14VfiJhNPYQd/kNylfOyZUascD83uFpAN/PQMfTqmOvNFXB5eA4ntDyN/mVNvnsFf/vI74= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000001, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Apr 18, 2024 at 3:02=E2=80=AFPM Benno Lossin wrote: > > On 18.04.24 10:59, Alice Ryhl wrote: > > diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs > > index 8fad61268465..9c57c6c75553 100644 > > --- a/rust/kernel/types.rs > > +++ b/rust/kernel/types.rs > > @@ -409,3 +409,67 @@ pub enum Either { > > /// Constructs an instance of [`Either`] containing a value of typ= e `R`. > > Right(R), > > } > > + > > +/// Types for which any bit pattern is valid. > > +/// > > +/// Not all types are valid for all values. For example, a `bool` must= be either zero or one, so > > +/// reading arbitrary bytes into something that contains a `bool` is n= ot okay. > > +/// > > +/// It's okay for the type to have padding, as initializing those byte= s has no effect. > > +/// > > +/// # Safety > > +/// > > +/// All bit-patterns must be valid for this type. This type must not h= ave interior mutability. > > What is the reason for disallowing interior mutability here? I agree > that it is necessary for `AsBytes`, but I don't think we need it here. > For example it is fine to convert `u8` to `UnsafeCell`. Niches also > should not be a problem, since eg `Option>>` > already fails the "All bit-patterns must be valid for this type". If T: FromBytes allows transmuting &[u8; size_of::] into &T, then it would be a problem as you could then use it to modify the original &[u8]. Alice