From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0DAB3C54E58 for ; Mon, 18 Mar 2024 19:33:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6B5026B007B; Mon, 18 Mar 2024 15:33:48 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 665216B0082; Mon, 18 Mar 2024 15:33:48 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4DE396B0083; Mon, 18 Mar 2024 15:33:48 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 396046B007B for ; Mon, 18 Mar 2024 15:33:48 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 124F61A0264 for ; Mon, 18 Mar 2024 19:33:48 +0000 (UTC) X-FDA: 81911159736.19.0342D45 Received: from mail-ot1-f43.google.com (mail-ot1-f43.google.com [209.85.210.43]) by imf30.hostedemail.com (Postfix) with ESMTP id D2B1F80004 for ; Mon, 18 Mar 2024 19:33:45 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=jD1KFdzm; spf=pass (imf30.hostedemail.com: domain of boqun.feng@gmail.com designates 209.85.210.43 as permitted sender) smtp.mailfrom=boqun.feng@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1710790425; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=e/vcR/G2jUCRQOvGxjdpHUEzdMswpJzejJydIrt8p88=; b=HrglDRAIkrwM0a78e0q4eEDjYb3IUmomLrDIxFIYrT8MKjAPknsS2ABDIpjawG9j1wNSxZ BUbnMNNMNKlneFDvCqm3y0KXuZEbOV2ohB3kXP+8ItxQmoLZd4sFlBv6hsGoIzYhbgs8gW QioPNqM0BSJojskWlGaWJfO1Vekhwsc= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=jD1KFdzm; spf=pass (imf30.hostedemail.com: domain of boqun.feng@gmail.com designates 209.85.210.43 as permitted sender) smtp.mailfrom=boqun.feng@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1710790425; a=rsa-sha256; cv=none; b=JpQZnKtvO521QocCU+DDaic81TUqP62K0Q8TPJ+4QwxCuQ5KNQd37boRBHPWCmN71Q1aho lKISdAnusRdby6hlsMIM8RVea/KJ7AIjmN0Z+TYdJ2gG0nQ0avK3VzbtFRprbGzURrdFrb i2AKo6CaQXrQ1Q9pQOeKyVbPmNBsUNE= Received: by mail-ot1-f43.google.com with SMTP id 46e09a7af769-6e67cf739d0so1991610a34.1 for ; Mon, 18 Mar 2024 12:33:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1710790425; x=1711395225; darn=kvack.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :feedback-id:from:to:cc:subject:date:message-id:reply-to; bh=e/vcR/G2jUCRQOvGxjdpHUEzdMswpJzejJydIrt8p88=; b=jD1KFdzmJ1MVjykiEtwEuN+ghL71muQ82nOSPMb7Up3CV7URze4f8Un5Jw089FRSIS 8DzOrHkukALN2ryvKgrvCDnP/ze1CkWYoa+Wok7ukLbHS2v44DFWH/oAJ2Wuf9NYjj5t XmhUKCcdM+JgI07jjAsv3rG4dbHA8bkaoeLUT9IhJXVjppIyb0UlsNRhN75YPBkXCwHc EhlV9rcHFznuwf+cjq09d27GBe30sN3KEbfrC9+Poh0Kt/AThrY0W4shIWliFkiRc23B 8F/3XVI3HnhrKan2xDV6zZQ1Mr2fDSl9AL8nxcngQe3Ev2l8j8y+geB+OCJa3IgL/6XF n2vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710790425; x=1711395225; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :feedback-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=e/vcR/G2jUCRQOvGxjdpHUEzdMswpJzejJydIrt8p88=; b=j9m4C2iNJ6mPPkM/rUJAEYj+ThZErhhJPv+FXgzQZyMKBUC8rG2/uK3G9f1dtlyh91 53sTlbLGb4xXFtGOxmTAV5+XxqzDFvXROiPa19KfPdWzh8Q2/JaIzicErdp5wOy7AvVP VQfy07s6WeLHmbenzaivQ/RFVqvNK2j05cl720hfpCuXl0x8384CxFONcOC1J9RnG3P1 pu6+XVCA15EqIJbI/PhC7JvSqTFPEcejf3/K5e/0wPjTgBhir1LvrXXG7z4CftkCmDIf /Qu/lfowQmpXYfNlSmG1VZhCCymG1HEZHiIKMmqUVy4WM1Zo1p/2oQcxsWRNlxaKj03/ 4WeA== X-Forwarded-Encrypted: i=1; AJvYcCXo7MIHdgmp9IhhVaoZJ3ppwLJWeNLdr5qc5g9mOwvMkCLlzUIr91utXMhRGX6k8ZVqgWg4IFMI2MZTGmcXLSnPKuo= X-Gm-Message-State: AOJu0Yx7fl05kPRZYY0EcayHs1yriRtYpkJNhwhnYUssvlow7eHkcgwE qeKhqvFCxoo0Aq4o+5pAQGFq5qN5bhE+LXqbTjS5Y2zS7CzmIbzK X-Google-Smtp-Source: AGHT+IEV7OSycLt2CYOE+PQTzZDjE/oTijPoZdsYGKrbPPhTdw9WbElQ6iio5Pz/zfZXTii78W5/Fw== X-Received: by 2002:a05:6830:314a:b0:6e6:9847:8ef3 with SMTP id c10-20020a056830314a00b006e698478ef3mr3074103ots.20.1710790425025; Mon, 18 Mar 2024 12:33:45 -0700 (PDT) Received: from fauth1-smtp.messagingengine.com (fauth1-smtp.messagingengine.com. [103.168.172.200]) by smtp.gmail.com with ESMTPSA id g21-20020a37e215000000b00788663d8a1esm1701175qki.112.2024.03.18.12.33.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Mar 2024 12:33:44 -0700 (PDT) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailfauth.nyi.internal (Postfix) with ESMTP id C94171200066; Mon, 18 Mar 2024 15:33:43 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Mon, 18 Mar 2024 15:33:43 -0400 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrkeejgdduvdeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvfevuffkfhggtggugfgjsehtkeertddttdejnecuhfhrohhmpeeuohhq uhhnucfhvghnghcuoegsohhquhhnrdhfvghnghesghhmrghilhdrtghomheqnecuggftrf grthhtvghrnhepvefghfeuveekudetgfevudeuudejfeeltdfhgfehgeekkeeigfdukefh gfegleefnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh epsghoqhhunhdomhgvshhmthhprghuthhhphgvrhhsohhnrghlihhthidqieelvdeghedt ieegqddujeejkeehheehvddqsghoqhhunhdrfhgvnhhgpeepghhmrghilhdrtghomhesfh higihmvgdrnhgrmhgv X-ME-Proxy: Feedback-ID: iad51458e:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 18 Mar 2024 15:33:42 -0400 (EDT) Date: Mon, 18 Mar 2024 12:33:32 -0700 From: Boqun Feng To: Alice Ryhl Cc: Miguel Ojeda , Matthew Wilcox , Al Viro , Andrew Morton , Kees Cook , Alex Gaynor , Wedson Almeida Filho , Gary Guo , =?iso-8859-1?Q?Bj=F6rn?= Roy Baron , Benno Lossin , Andreas Hindborg , Greg Kroah-Hartman , Arve =?iso-8859-1?B?SGr4bm5lduVn?= , Todd Kjos , Martijn Coenen , Joel Fernandes , Carlos Llamas , Suren Baghdasaryan , Arnd Bergmann , linux-mm@kvack.org, linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org, Christian Brauner Subject: Re: [PATCH v3 1/4] rust: uaccess: add userspace pointers Message-ID: References: <20240311-alice-mm-v3-0-cdf7b3a2049c@google.com> <20240311-alice-mm-v3-1-cdf7b3a2049c@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Rspamd-Queue-Id: D2B1F80004 X-Rspam-User: X-Stat-Signature: g15f1shsetk5jkhhxorj6cqp9otcwib4 X-Rspamd-Server: rspam01 X-HE-Tag: 1710790425-849228 X-HE-Meta: U2FsdGVkX1/rlft9+9QjINbO0kvSH5jj3e/zwuZu97gh8tMQiB1eHf1UzDYs5CwxoilwvNBaIn7Zija9NfLIfVZREyU+jGiD4Z3rctQ6UTomegqpu7B3NGAOhjR/42U9lnrLShzwYSHq1exsAdJ9EOJokC3uqH7q7FJF3765p3M2B/it6zjv4MaN61Ra/BkmmN5AdHZbB0RQW834+EVWj8ZQ4p+HzTBhBjN5RBIv7tSL6SBaRcs8QgvDU1T/RSZad3CoYlu3UzE27TqKlc0f7RYtwPM1YFZifltA/OQMU81TB4Wn8Gb/wO4K59MXU2JI95GDC1aJgh7bRU2LKY1PsWq3LBywG61mcU0xuhGIntrkn2++wL0B3qQxlHnkaO6vsEQv0m3CVh1EnmT/b6lg5YdgqLu260Nef6kFvTkd856DOx/4i5sPLmnNYbg/v4T4Txtw7aEiwDkeLaDu9+bAknrGKdGLfW3havmnbSm6RqJRmaszTGRgYj5j5zLX7i+ifMkstHEQ17TmvybCZ6lBrpkaDmXdSbpo45JhfOIhAXzwO+4PCII93JxHrq8i7VOs86neADFpEgIR4MrR36Ehxsk9BvjcaxBzEKwuAQjyHj96rY5AtGgTwbzIAM9hzgwcfRvm1df9v+XttxJybjnLKjj8V4OGOVYrQPZEzlkfD4CzerbCGJRiZ9jvmqBvDbbkK4btXhKAKC4rtaXgdl8IC+Jdd2HiEf8vYZFnHnIiG64NkBF4MstkwYePItShL0Pf573fFM8yc0MM5Oz9yV6DLzCVm0FZgUvpn7hNlf74SpVWkhySQbgT4KR8BzAbdLoSvEBwFVO7rp/gyaBXvq/Gq3qewGDyydVxNYNMvMjqEDiO2c6g2fQFDdtTAssXP2EWz0woreMBTWQev9q9fYh0fz/EG2NjJLVl/zly3BkHXaG9DNTPk7hX+9QD1FM+EBA1DKxp/SLQTx7c24pRsuZ YD8cU2U/ /4z3bTkYvWPjVdpAzDdqTq/zn/r1uYEyX00fQSvyYNJBrjEVcR6W81mZE4CxLiUfWt926Qwn9E51TGDRBpmUmnSQGOjZCbb1EmCPJXZzZhnMgiR0hw4qwkcEJcQm0RmoFrKzwzD3lzsswCa3GnDLqAPxMMLqUrB6Jz8DZSKe+xNTeNZT8SiYnN0ulJLr5Xw08UGEnVrMqt5SnwharZRKMb7C8thIj6RXN9jdb6LDHyKB6zxVHelBEfX5l8aisSvQtkrzohVs7csGQ1w/VLkxqtMP6TwuDyPSpk45lWBgxjEFm5nEEX8JVEuA2oXQ3lhoGjyQLA2uyh8scTFbtdL/+OQwuTTda0NYBYHZ9C4shWfY9DxEs7UC6EcPZxCLk5CML2ITwYFyYWgXb6fSAseoLc/VtVXPoFQHMQsPh+v82fgILEW57nkGN/PPEOZZdLvSP5ZGHLkOL3uxagEsrxYmd9Ox9Q9yN12PXtXudvqIgbr/bjuOQ9NY+Josgz+0QPARlR8WuC+SapAxdeKKmdxCJxCFd4sQSnA29yHnAIvrAw5qZ3MkvwXukoQlpJw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Mar 18, 2024 at 08:12:27PM +0100, Alice Ryhl wrote: > On Mon, Mar 18, 2024 at 7:59 PM Boqun Feng wrote: > > > > On Mon, Mar 11, 2024 at 10:47:13AM +0000, Alice Ryhl wrote: > > > + > > > + /// Reads raw data from the user slice into a raw kernel buffer. > > > + /// > > > + /// Fails with `EFAULT` if the read encounters a page fault. > > > + /// > > > + /// # Safety > > > + /// > > > + /// The `out` pointer must be valid for writing `len` bytes. > > > + pub unsafe fn read_raw(&mut self, out: *mut u8, len: usize) -> Result { > > > > I don't think we want to promote the pub usage of this unsafe function, > > right? We can provide a safe version: > > > > pub fn read_slice(&mut self, to: &[u8]) -> Result > > > > and all users can just use the safe version (with the help of > > slice::from_raw_parts_mut() if necessary). > > Personally, I think having the function be unsafe is plenty discouragement. > > Also, this method would need an &mut [u8], which opens the can of > worms related to uninitialized memory. The _raw version of this method make it a `&mut [MayUninit]` then? If that works, then _raw version is not more powerful therefore no need to pub it. > is strictly more powerful. > > I don't think I actually use it directly in Binder, so I can make it > private if you think that's important. It needs to be pub(crate), I might be too picky, but avoiding pub unsafe functions if not necessary could help us reduce unnecessary unsafe code ;-) Regards, Boqun > though, since it is used in `Page`. > > Alice