From: Valentin Obst <kernel@valentinobst.de>
To: aliceryhl@google.com
Cc: a.hindborg@samsung.com, akpm@linux-foundation.org,
alex.gaynor@gmail.com, arnd@arndb.de, arve@android.com,
benno.lossin@proton.me, bjorn3_gh@protonmail.com,
boqun.feng@gmail.com, brauner@kernel.org, cmllamas@google.com,
gary@garyguo.net, gregkh@linuxfoundation.org,
joel@joelfernandes.org, keescook@chromium.org,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
maco@android.com, ojeda@kernel.org,
rust-for-linux@vger.kernel.org, surenb@google.com,
tkjos@android.com, viro@zeniv.linux.org.uk, wedsonaf@gmail.com,
Valentin Obst <kernel@valentinobst.de>
Subject: Re: [PATCH v2 3/4] rust: uaccess: add typed accessors for userspace pointers
Date: Thu, 8 Feb 2024 23:57:48 +0100 [thread overview]
Message-ID: <20240208225748.12031-1-kernel@valentinobst.de> (raw)
In-Reply-To: <20240208-alice-mm-v2-3-d821250204a6@google.com>
> +/// If a struct implements this trait, then it is okay to copy it byte-for-byte
> +/// to userspace. This means that it should not have any padding, as padding
> +/// bytes are uninitialized. Reading uninitialized memory is not just undefined
> +/// behavior, it may even lead to leaking sensitive information on the stack to
> +/// userspace.
This feels a bit too restrictive to me. Isn't it okay to copy types with
padding if it is ensured that the padding is always initialized?
I recall that in C one occasionally does a `memset` for structs that are
copied to user space. I imagine that one could have a Rust
abstraction/macro that makes it easy to define custom types that can
always guarantee that all padding bytes are initialized. Such types
would then qualify for being copied to user space if all field do so as
well.
This could be a significant quality-of-life improvement for drivers
as it can be tedious to define struct without padding.
- Best Valentin
next prev parent reply other threads:[~2024-02-08 22:58 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-08 15:47 [PATCH v2 0/4] Memory management patches needed by Rust Binder Alice Ryhl
2024-02-08 15:47 ` [PATCH v2 1/4] rust: uaccess: add userspace pointers Alice Ryhl
2024-02-08 22:54 ` Valentin Obst
2024-02-09 11:15 ` Alice Ryhl
2024-02-21 11:47 ` Alice Ryhl
2024-02-27 10:05 ` Carlos López
2024-02-27 13:12 ` Alice Ryhl
2024-02-08 15:47 ` [PATCH v2 2/4] uaccess: always export _copy_[from|to]_user with CONFIG_RUST Alice Ryhl
2024-02-08 22:56 ` Valentin Obst
2024-02-09 14:41 ` Arnd Bergmann
2024-02-09 16:45 ` Valentin Obst
2024-02-10 0:15 ` Kees Cook
2024-02-10 11:07 ` Arnd Bergmann
2024-02-14 10:51 ` Alice Ryhl
2024-02-08 15:47 ` [PATCH v2 3/4] rust: uaccess: add typed accessors for userspace pointers Alice Ryhl
2024-02-08 22:57 ` Valentin Obst [this message]
2024-02-09 10:40 ` Alice Ryhl
2024-02-09 17:18 ` Valentin Obst
2024-02-08 15:47 ` [PATCH v2 4/4] rust: add abstraction for `struct page` Alice Ryhl
2024-02-10 4:23 ` Martin Rodriguez Reboredo
2024-02-12 9:36 ` Alice Ryhl
2024-02-12 18:11 ` Martin Rodriguez Reboredo
2024-02-27 8:32 ` Andreas Hindborg
2024-02-27 15:37 ` Matthew Wilcox
2024-02-27 15:56 ` Alice Ryhl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240208225748.12031-1-kernel@valentinobst.de \
--to=kernel@valentinobst.de \
--cc=a.hindborg@samsung.com \
--cc=akpm@linux-foundation.org \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=arnd@arndb.de \
--cc=arve@android.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=brauner@kernel.org \
--cc=cmllamas@google.com \
--cc=gary@garyguo.net \
--cc=gregkh@linuxfoundation.org \
--cc=joel@joelfernandes.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=maco@android.com \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=surenb@google.com \
--cc=tkjos@android.com \
--cc=viro@zeniv.linux.org.uk \
--cc=wedsonaf@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).