From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1D757C46CD2 for ; Wed, 24 Jan 2024 23:13:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4C7CB6B007D; Wed, 24 Jan 2024 18:13:12 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 4779B6B007E; Wed, 24 Jan 2024 18:13:12 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 366446B0080; Wed, 24 Jan 2024 18:13:12 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 26BC36B007D for ; Wed, 24 Jan 2024 18:13:12 -0500 (EST) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id EAA90120D94 for ; Wed, 24 Jan 2024 23:13:11 +0000 (UTC) X-FDA: 81715757382.29.9837FF9 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.187]) by imf10.hostedemail.com (Postfix) with ESMTP id 19295C001E for ; Wed, 24 Jan 2024 23:13:09 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=none; spf=pass (imf10.hostedemail.com: domain of kernel@valentinobst.de designates 212.227.126.187 as permitted sender) smtp.mailfrom=kernel@valentinobst.de; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1706137990; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qWV8tnrAg7X5YqYvlRrU34XhSmYtqq7/0X7bjagJUZY=; b=JCVJS4uanXbF2N7C9POK1aZSXLd290H7hnNMEGXAyfIWt3OY/iIkC9p3FlYCKzt92Z4vxC mZ+7oQohF8hDBQt+sSsv5p5RdlWIOWN5l6DVheer2mkGSHFsC0B1NehvZWCyZV5uj1gIDH mQvi++SSJ0pdbgbWugBb3lBRf1DF6+o= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706137990; a=rsa-sha256; cv=none; b=L8Eg9Xrj7jScsp9cOs5PIEuAy90Ixy02kycbSk8oh6ZVFBIy7jO4zpucyf6+NaQ9S1ng/o ioylsDSDi9K8z31NwxpPeitOHe5aTMzL5FO9GSbOmAuCU03K52LHLAUxOiI0MzGGCJJX+5 tVwuz3HVwV1W6eMewscqqEF9u9W8qD0= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=none; spf=pass (imf10.hostedemail.com: domain of kernel@valentinobst.de designates 212.227.126.187 as permitted sender) smtp.mailfrom=kernel@valentinobst.de; dmarc=none Received: from localhost.localdomain ([217.249.70.154]) by mrelayeu.kundenserver.de (mreue009 [213.165.67.97]) with ESMTPSA (Nemesis) id 1MLi4W-1rkRnr1ROC-00Hfn9; Thu, 25 Jan 2024 00:13:03 +0100 From: Valentin Obst To: aliceryhl@google.com Cc: a.hindborg@samsung.com, akpm@linux-foundation.org, alex.gaynor@gmail.com, arnd@arndb.de, arve@android.com, benno.lossin@proton.me, bjorn3_gh@protonmail.com, boqun.feng@gmail.com, brauner@kernel.org, cmllamas@google.com, gary@garyguo.net, gregkh@linuxfoundation.org, joel@joelfernandes.org, keescook@chromium.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, maco@android.com, ojeda@kernel.org, rust-for-linux@vger.kernel.org, surenb@google.com, tkjos@android.com, viro@zeniv.linux.org.uk, wedsonaf@gmail.com, Valentin Obst Subject: Re: [PATCH 1/3] rust: add userspace pointers Date: Thu, 25 Jan 2024 00:12:35 +0100 Message-ID: <20240124231235.6183-1-kernel@valentinobst.de> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240124-alice-mm-v1-1-d1abcec83c44@google.com> References: <20240124-alice-mm-v1-1-d1abcec83c44@google.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K1:/D0DIugkvM4W5K4pXdij6pnL4nCM/dMBAW6u0lFvqJIlZFWq8/Z +VAka/LYfL7oQ0ah5ro1H7CWmHT2JIrPBlg27r70PI2Cslt5bLl+1fF86b0Emh9r8ixIpsR 9uxZ+xZZjzMkvNdFX9lQ8/nj+MG+rKTZXQsTTQgBcPLqKTNUgVjVdq9tm3ETJ7H/VTWp0k/ wxck4tDToQnTmsH2xKm0Q== UI-OutboundReport: notjunk:1;M01:P0:f29DWwXpfyE=;I1MCVoVH7iehyuAN6gh7kinA6E6 zjgAy4XiAQLA6OLLraBfnkxJnnybDI9hU5PYprLRiQEt5kCLLKKfmafd6vmx9o4cuSPrERkjI IuB1J7gngdEebE+a9fQnbxCC/k3EeIs84qM9lfUCG52x4Vw1fRRrFH+Ys8QdopqxVz8wx0Kmx IzfO4vWPyL2cVWdabWJ+CuGDQZWQewpBmXuzPhFQFODC9nZNRt06i538Yz7TperCIXt1BrVPb QpCgpOMSBlZDwSAeDfIwRKuvDEt1P6cpu3EkGFvoIZaP71pYg0iB4mpJMDZ3f4qIrE84FdwLN BQ+tx6XAomHSQ+zy91x0lxW40h7BpPnZ6E9VwcrYg3/igunWFeVT7LXvpfOgLG7LwZAksCcgQ s7Mlx+TUdsUjuKqnIIh8CJ7ZM/p5zqDTF0YVG+dAPIYLwt+ovbLoleWUG55p8lSytJ4FYO1gp /BfIIMfpWgSLhHyKXo0WxtM8dEYE8bFTROgfTT0dYjcYoFNkxQyoiMw7ADGyQm0h0qZZ6gPN9 sKBpHWTJjmSpibHSCUJVe5DpBFwBZEr92BnPjBEjjrse+ih+pXe4QGVYOB4yJ6h7MZNMj9I+p TrIjVTUnowSIniRPpr1E1I8avxUFbz+Pvk9/ItrFLivsBhvKvOUf/6g0qd/wGw3xHkZa23OVN fS97fzgJV9h9vYN9u+DP/jSm6uuhwkFZITe3lb6w0PVJFIZKKExDVDfBJSvjLbCUZbyh0o2CZ itM44KLUls6x5F1x6g5mkRS1x8L+5rP5hNvupATjJQBIEotaHDbCuSUclxXkwSvbE+OMUEPqs oNc+kYtCCqt8DwrStyDfKaoG/GjkC1gOXJbSD3P21LtRvDz1fys6Kk+KmShoGYjlE+RR4w6XF KxOFDSgJ2E8C8NWOQRKmoctRsER+QV/HNZNg= X-Rspamd-Queue-Id: 19295C001E X-Rspam-User: X-Stat-Signature: pgecdox14ydsfb8zw7m5g14snbu183bp X-Rspamd-Server: rspam03 X-HE-Tag: 1706137989-188817 X-HE-Meta: U2FsdGVkX1/9tbqtp6kLvdDpSK0FfRuM007APgbw6wHwl2HLw8Wu7dxll8FNOViBfbbbzSALAmkGT+mrUy0eHUj2wJN6AmKBzgA9VCLKYp4Xv87CJMNR/bzI5XmePYPu5pXMyc6WJVQXHS6t38SsGcLmqdIYnCYo9K2CCz5w8CtnR4N3ho6NCPmUc8fy2eWWhTuwJiHJvx3fhmGxpkmi6PAKsfiSAmlftVbbD5/JEYhvFNRtZPmwH3Jr7a7dvwPd2z+ILBEZax5cu+xLz7m6dQCmw2TOIwiW4/ftL2mnFze65ikbJbQGTrKgkMuP84o6PkgEA0vjuDUOyPYSMKb6cNUPndbhhGFFPSHJMWy47zzmtAZiircvFN0yaYxqTMfwHHeWxxJqxD1YBjMs4L7mYQwmiEBkFBdwm/P7qOGqILcj1J0Li3wIrffaK6VSvBmgv6QqhjMA4cYuuFfzCcQu/dm4Pi5EBEJVGeMKjEeGv/N/yNDR2rP7MU9nm3Gz4rGhaS0IfjmW2MRVl+n5o8waXIU87Bj9qMoh8Kbl0wqSIhLBFQg7eJZGRlhtpMxgSB4AFgglPpYRwNy42UzAvRjF78wZX++YaT1BiY+7ERSn5xpt0WIFgv4f97v+FsRFATtr4y4FR+mC99vLbqJyVwOeNqf71LxjqbnfFL9TYIcWb1SQKyZrbETJtbKeGvbqituOGQlUFro0oOTqnEVb1NeqaFd2nErDn33n8Qa5+TBU1j4YHFdMdviapZeCeNvxt8gXFKdaqWh8pONOtC8nVzRVs+YbNBC4jUGLmscUQMvuJUZY7+RHRRTPDK3HCcGKGcyMX9Lzi7nZeaW7cB1UT+JonYzXO/RChnCye/kkg9pHhtHLJ1J4qCoVUNSsGulPI/YYM96SZpBWBCTcnUoQ9Dm4OoVdBH13sF+u X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: > +//! User pointers. > +//! > +//! C header: [`include/linux/uaccess.h`](../../../../include/linux/uaccess.h) > + nit: could this be using srctree-relative links? > +/// The maximum length of a operation using `copy_[from|to]_user`. nit: 'a' -> 'an' > +/// > +/// If a usize is not greater than this constant, then casting it to `c_ulong` > +/// is guaranteed to be lossless. nit: could this be `usize` or [`usize`]. Maybe would also be clearer to say "... a value of type [`usize`] is smaller than ..." > +/// > +/// These APIs are designed to make it difficult to accidentally write TOCTOU > +/// bugs. Every time you read from a memory location, the pointer is advanced by Maybe makes sense to also introduce the abbreviation TOCTOU in the type documentation when it is first used. > + /// Reads the entirety of the user slice. > + /// > + /// Returns `EFAULT` if the address does not currently point to > + /// mapped, readable memory. > + pub fn read_all(self) -> Result> { > + self.reader().read_all() > + } If I understand it correctly, the function will return `EFAULT` if _any_ address in the interval `[self.0, self.0 + self.1)` does not point to mapped, readable memory. Maybe the docs could be more explicit. > + // Since this is not a pointer to a valid object in our program, > + // we cannot use `add`, which has C-style rules for defined > + // behavior. > + self.0 = self.0.wrapping_add(len); If I understand it correctly, you are using 'valid object' to refer to an 'allocated object' [1] as this is what the `add` method's docs refer to [2]. In that case it might be better to use the latter term as it has a defined meaning. Also see [3] and [4] which are about making it more precise. [1]: https://doc.rust-lang.org/core/ptr/index.html#allocated-object [2]: https://doc.rust-lang.org/core/primitive.pointer.html#method.add [3]: https://github.com/rust-lang/rust/pull/116675 [4]: https://github.com/rust-lang/unsafe-code-guidelines/issues/465