From: Benno Lossin <benno.lossin@proton.me>
To: "Simona Vetter" <simona.vetter@ffwll.ch>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <benno.lossin@proton.me>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>
Cc: rust-for-linux@vger.kernel.org
Subject: [PATCH v3 0/4] Untrusted Data API
Date: Mon, 21 Apr 2025 13:49:19 +0000 [thread overview]
Message-ID: <20250421134909.464405-1-benno.lossin@proton.me> (raw)
Sorry for taking so long with this, I didn't find enough time to work on
this and when I did, I spent a lot of time on trying to get the
interface into a satisfying state. But I always found something that I
didn't like or something that didn't fit correctly. I blame my lack of
knowledge about "all the ways of reading bytes in the kernel" together
with "how should reading bytes in the kernel look like in Rust" for
that. I think it's best I leave the ivory tower behind and just
implement the part that I'm confident about (it's not a lot :) and then
just roll with the use-cases from there. I should've decided to do that
much earlier.
I did manage to create a very basic validation API that I *think* is on
the correct path, but I still marked it as an RFC just to be sure.
We can & should merge the first two patches, as they allow new APIs to
already use `Untrusted` where possible. (some APIs might of course need
to wait for the validation API)
The first use case is Alice's `struct iov_iter` series [1]. It simply
reads untrusted data and then writes it back into userspace without
looking at it. The RFC patch introducing that can either become a normal
patch or be folded into Alice's series.
@Sima: Since you also were pretty enthusiastic about this patch series,
would you mind giving me some pointers to branches/patch series that
have your use-cases for this API? That way I hope to have a better time
designing the validation part.
[1]: https://lore.kernel.org/all/20250311-iov-iter-v1-0-f6c9134ea824@google.com
---
Cheers,
Benno
Benno Lossin (4):
rust: transmute: add `cast_slice[_mut]` functions
rust: create basic untrusted data API
rust: validate: add `Validate` trait
rust: iov: use untrusted data API
rust/kernel/iov.rs | 25 ++--
rust/kernel/lib.rs | 1 +
rust/kernel/transmute.rs | 41 +++++++
rust/kernel/validate.rs | 201 +++++++++++++++++++++++++++++++
samples/rust/rust_misc_device.rs | 5 +-
5 files changed, 263 insertions(+), 10 deletions(-)
create mode 100644 rust/kernel/validate.rs
base-commit: 80e54e84911a923c40d7bee33a34c1b4be148d7a
--
2.48.1
next reply other threads:[~2025-04-21 13:49 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-21 13:49 Benno Lossin [this message]
2025-04-21 13:49 ` [PATCH v3 1/4] rust: transmute: add `cast_slice[_mut]` functions Benno Lossin
2025-04-21 18:42 ` Tamir Duberstein
2025-04-21 19:25 ` Benno Lossin
2025-04-21 13:49 ` [PATCH v3 2/4] rust: create basic untrusted data API Benno Lossin
2025-04-21 13:49 ` [PATCH v3 3/4] rust: validate: add `Validate` trait Benno Lossin
2025-04-21 16:47 ` Guangbo Cui
2025-04-21 19:23 ` Benno Lossin
2025-04-21 13:50 ` [PATCH v3 4/4] rust: iov: use untrusted data API Benno Lossin
2025-04-21 19:19 ` [PATCH v3 0/4] Untrusted Data API Benno Lossin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250421134909.464405-1-benno.lossin@proton.me \
--to=benno.lossin@proton.me \
--cc=a.hindborg@kernel.org \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=gary@garyguo.net \
--cc=gregkh@linuxfoundation.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=simona.vetter@ffwll.ch \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).