From: Greg KH <gregkh@linuxfoundation.org>
To: Benno Lossin <lossin@kernel.org>
Cc: "Simona Vetter" <simona.vetter@ffwll.ch>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Danilo Krummrich" <dakr@kernel.org>,
rust-for-linux@vger.kernel.org
Subject: Re: [PATCH v4 0/4] Untrusted Data API
Date: Thu, 14 Aug 2025 17:42:32 +0200 [thread overview]
Message-ID: <2025081448-creation-timid-b972@gregkh> (raw)
In-Reply-To: <DC295B7454Y8.9RVKVMPORAZ9@kernel.org>
On Thu, Aug 14, 2025 at 05:22:57PM +0200, Benno Lossin wrote:
> On Thu Aug 14, 2025 at 4:37 PM CEST, Greg KH wrote:
> > On Thu, Aug 14, 2025 at 02:44:12PM +0200, Benno Lossin wrote:
> >> I didn't have too much time to spend on this API, so this is mostly a
> >> resend of v3. There are some changes in the last commit, updating to the
> >> latest version of Alice's iov_iter patche series [1] & rebasing on top
> >> of v6.17-rc1.
> >>
> >> I think we should just merge the first two patches this cycle in order
> >> to get the initial, bare-bones API into the kernel and have people
> >> experiment with it. The validation logic in the third patch still needs
> >> some work and I'd need to find some time to work on that (no idea when I
> >> find it though).
> >
> > Nice, thanks for reviving this!
> >
> > And we should at least add an example using it, otherwise it's not going
> > to help out much here. Add it to the misc device driver api?
>
> You mean `rust/kernel/miscdevice.rs`? What parts of that API are
> untrusted?
mmap() is, but you can't do anything about that...
ioctl() is the callback that is taking untrusted data from userspace.
That's one place we have had more kernel buffer overflows then I can
count and ALWAYS needs to be properly verified before anything can be
done with the data there.
And if write() ever gets implemented, that would be as well (but the io
iter stuff should cover that).
thanks,
greg k-h
next prev parent reply other threads:[~2025-08-14 15:42 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-14 12:44 [PATCH v4 0/4] Untrusted Data API Benno Lossin
2025-08-14 12:44 ` [PATCH v4 1/4] rust: transmute: add `cast_slice[_mut]` functions Benno Lossin
2025-08-14 12:44 ` [PATCH v4 2/4] rust: create basic untrusted data API Benno Lossin
2025-08-29 5:23 ` Dirk Behme
2025-08-14 12:44 ` [RFC PATCH v4 3/4] rust: validate: add `Validate` trait Benno Lossin
2025-09-04 6:48 ` Dirk Behme
2025-08-14 12:44 ` [RFC PATCH v4 4/4] rust: iov: use untrusted data API Benno Lossin
2025-08-14 14:37 ` [PATCH v4 0/4] Untrusted Data API Greg KH
2025-08-14 15:22 ` Benno Lossin
2025-08-14 15:42 ` Greg KH [this message]
2025-08-14 17:23 ` Benno Lossin
2025-08-14 18:26 ` Greg KH
2025-08-15 7:28 ` Benno Lossin
2025-08-15 14:19 ` Greg KH
2025-08-16 10:22 ` Benno Lossin
2025-08-17 6:00 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2025081448-creation-timid-b972@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=a.hindborg@kernel.org \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=gary@garyguo.net \
--cc=lossin@kernel.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=simona.vetter@ffwll.ch \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).