From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C50DFC48260 for ; Thu, 8 Feb 2024 22:58:00 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5771E6B0092; Thu, 8 Feb 2024 17:58:00 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 526EA6B0095; Thu, 8 Feb 2024 17:58:00 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3EE6E6B0098; Thu, 8 Feb 2024 17:58:00 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 2F6ED6B0092 for ; Thu, 8 Feb 2024 17:58:00 -0500 (EST) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 724B012027F for ; Thu, 8 Feb 2024 22:57:59 +0000 (UTC) X-FDA: 81770151078.27.2FE154F Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.134]) by imf23.hostedemail.com (Postfix) with ESMTP id 83A5114001D for ; Thu, 8 Feb 2024 22:57:57 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=valentinobst.de header.s=s1-ionos header.b=cIipms13; spf=pass (imf23.hostedemail.com: domain of kernel@valentinobst.de designates 212.227.126.134 as permitted sender) smtp.mailfrom=kernel@valentinobst.de; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1707433077; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:in-reply-to:in-reply-to: references:references:dkim-signature; bh=OIOqwPrgFTFA02t2Tda6kDKo8iIhKtoJ26F4j3hkTSM=; b=cbYk5jQk8Nv+janIFF1/1JRrVnz5M4v6MsFBV4oxn/JdawFMGaHWx2ZOGYxPZqtFZG3Qdu rz9sI/T7ESdBV7uGJUsDgQpSc2zGuTxf9GTG/LpGQYzk3mGRYhEuYdE8LdcPOtFrbcc5gQ MLXX5pL9pk68hwPF+K7y58nBfhKlsDA= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1707433077; a=rsa-sha256; cv=none; b=8deCJJTDUb7WhDGRtSIsPlqdOXhYZFTq4a4tN+x8Nc3wEFreNx6Sc8UwXmCXFmOgsYmFHT 2PxlByLXewlrmKHBW86HyAm+YSeHp0cA97OtNtrLO1qekYUW6grpwuyDkJh7ohtoPfCJqn AVAb/rdqQX4Kw4P7MnA5T3r/ZD6N42g= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=valentinobst.de header.s=s1-ionos header.b=cIipms13; spf=pass (imf23.hostedemail.com: domain of kernel@valentinobst.de designates 212.227.126.134 as permitted sender) smtp.mailfrom=kernel@valentinobst.de; dmarc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=valentinobst.de; s=s1-ionos; t=1707433072; x=1708037872; i=kernel@valentinobst.de; bh=vDtQPHKXvI4tfvO1m2ylW8yoE2nCucmoXqiOvm7GDjI=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:In-Reply-To: References; b=cIipms1356DvPCYNJWOY+ms7RSQjNAk1Oyed2E1GpOCY838UTZ76SEI7PwXTXxfe Aa9b5DS9LkRDnCaFPUvi7b/oW0tzqNMOlvQBwvVLRtGXcY7nly4HtEd6Am0o83kVL gGsFaXqsnpn9NS2AK0G+Dy5c8gprgP8NhrMd3sSlYOLDj1WdA8omHsw6hfhMz4PQ4 KzyAzY+JDTX54EU0kjwsFHPj3IjCf94fo6UmCnUfPyoP8C055wtuNJOJLrCqT0atB iN7Mfp/bcT3UqZCeVcJAD99l3ztsu7Vll9VfyaNn9bij02munsv3e7hqPyfW6TCzT LmXk5ZFaU2R3BAuDWA== X-UI-Sender-Class: 55c96926-9e95-11ee-ae09-1f7a4046a0f6 Received: from localhost.localdomain ([217.149.163.107]) by mrelayeu.kundenserver.de (mreue010 [213.165.67.97]) with ESMTPSA (Nemesis) id 1MK3BO-1rIBYP31tG-00LYDx; Thu, 08 Feb 2024 23:57:51 +0100 From: Valentin Obst To: aliceryhl@google.com Cc: a.hindborg@samsung.com, akpm@linux-foundation.org, alex.gaynor@gmail.com, arnd@arndb.de, arve@android.com, benno.lossin@proton.me, bjorn3_gh@protonmail.com, boqun.feng@gmail.com, brauner@kernel.org, cmllamas@google.com, gary@garyguo.net, gregkh@linuxfoundation.org, joel@joelfernandes.org, keescook@chromium.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, maco@android.com, ojeda@kernel.org, rust-for-linux@vger.kernel.org, surenb@google.com, tkjos@android.com, viro@zeniv.linux.org.uk, wedsonaf@gmail.com, Valentin Obst Subject: Re: [PATCH v2 3/4] rust: uaccess: add typed accessors for userspace pointers Date: Thu, 8 Feb 2024 23:57:48 +0100 Message-ID: <20240208225748.12031-1-kernel@valentinobst.de> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240208-alice-mm-v2-3-d821250204a6@google.com> References: <20240208-alice-mm-v2-3-d821250204a6@google.com> MIME-Version: 1.0 X-Provags-ID: V03:K1:OQenII82s2YbpRIrnGGoCAihMPowFipeN/OhrfJxNwvMlkj/tJY 2FKTaA6coAyQc3dYKSFX/8UAPWeiNcEhu+Il4ZhrR8RrWguuUmcz7DwCVhn6/UbcJXA9vGe 68vcP6fVle3E/g5n+1dlf9Ypwiiszdu4n7l94/kJ1fN00sH66tGNMgR5jau7csD+YjqX7eA ZluteIhxds53pa22VFXnA== UI-OutboundReport: notjunk:1;M01:P0:JeE0MJLO5g4=;QYl3ENKI9UZfpQq/P5YUuUdBhDk CHaqbuWqRbjB/K+gI8E39rZOnEEQaZOiJr1iHfN8YFkIeO2nYgMz/Miol9SXLlv98JMWwROaI pU8wNQSxhNUUBkU1uqvwYa1HNW2Tk0d4hK9Aaa3U0ry0tR3iDEbGSta/vhebSN4Bi489H4sc1 s2tQse4tkYpmihgK2s3UNyRmAkuUtRbeS9DK+GprFtXOEvORBWdAPjuEg5kLIHUfIVPWsAIXD gG5AfMlhYqOe0bHOqBxnkGW3+IFsC0+CMA2j2Wy2ESzlM5sh/EQvmn6aAzOnBg+Vo9sTi88br 3QTvy0+l+RGmu6Z842cJIghRPSOMDcwp0Zb/dawvoYbFl5habYIGJybhNR/MsPIs+l8oNEHW7 wg4NrmbTssxgmTwOH21l+thRZtRzFygZ8VKdPl5Hjo6E80c0ubuG5v2Fv3aGyAr3njOVzTI0T Wj9S9pzH1RL3FDbIrpuJXwyfMLElSNg8SWEd0WMSTTDtbkPO6/ePONogL6yEbZ90z5LSwq1SW FCbsRq7RnOZxFg4Seaa28UT9oN2o/HYkmnRMxt6aXRX9Sm2p2otbFp6KpzYCihymNLcF7SimK XT7mt2xiNBPf2IzQ6Q+P5LWigBNrA4W0Q3ekU1SuBqyvWCLXGtIjx06xZkgYZuIIEdyqafW6q xakPq80+bEGnomh2p9+nNfNx2FwVejkuvPS7emCH4KEh4EItxUpgkmFLcW1SXYAnNY4RrstMg Jblkt3HHcI66NLlI/4upFX9J92a2HYzfHk6SLrB0h71LKJt0ETlfLo= X-Stat-Signature: tb58yc5m5ngump885kuifyi1ikke8418 X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 83A5114001D X-Rspam-User: X-HE-Tag: 1707433077-214821 X-HE-Meta: U2FsdGVkX19EQjLfWq28pWovk6zrK1G/tV+Q0FPiAWW2pICySuVgzsohZzWVGvoOKkdjGr/UvOpSN5I71jFt4/3r2SnhESVUfFHmP9BpZwvmRe9NwMy2wVYP3NBZTc+vmxq3utQWyYYL7/fu/yWhnCIQ5ls4jxhko8oQ1j+K7qS9k4KM/+IdBJCrSoKufX+NIrgLXUsoDonSUTYghJ/nCefbZDzHgbnhujLmFPeQznAq3se+gUXhGIplvuVAFWbFUtUjLGkdhNQfQOOVFXInGOk7jIT/w4mJzrBn/OvfL3/zh50WqJoHEQ51AAbFJoI5Xtu+ASUc4cLDaGlamMwwcdjxiCy5uAGTgNERPbVyrDetEPQ5hWkDz4/KhR9xulBxhH9yl4m7PMOihftS4rfTFkms3nrf4dWoyllo8h++bz8sPZFHWv6JKW7owE/L0BL4GDS7979IaqHVUX5Pf159kykKKH2kROK5xE4jhpWG7QLscRr/opH1o84ilI0MnekQ8LPZMwJE6uME8445gNzrb0FrU0A6daf+tAXussf85ysy8QZoU0fazj0viEEUBUiVJ1CYvXCsG1pQmQQxgzp2/fnXe/a99AWD0KA/TUcQ6YljDG1rb8FuLpgrM5ia5F6rhzvWI+8Qgxx8Rv4TSrarP4eM8kxv8HJPmcyhL2zmpoJ2y1DD88RbsaoibIvuYgSLFQYJ4PtDxhPTLALwvDINFvxP9PZ6nEZpm5+QXkGVT40Fxu0Znxr5B9sICsfNfLemgU6xEhuttwkWjBKjuxJB+tRMpbsCJvL1xqyWhQFRYcu7F6yvL56HbQ1TBPjrBUvj5nC9ZqUp82k6ZmfHBwkAqZYv8YZHzOkdjsyez/oi3/ZnMoiPu0RME4h2nsA4PNJqloV5+uXAWHdmkOLTLpalZ2QFOwb8Wq1d/tH2kHYBdAXXxQ1JsoH6AOq/R7LvKDXFLDyrQvG9vi9FeI0tsYx 1QlalfNb vKa23JioMmygQi1V6GymZtPAIe59kygB6lLBrptSbGLKv6XAcaPVTNX/OTOQ1D/z/joxDGFGz/k69j4W0sOlkirxrMPVHTSM7LmmtNunVTX6zN4YK8Qqi9c9D/gx5hygJtm9tjar4QiVwQk2pTZX+dRVXo7z6LIU42tfuI55Km3XU4SH/RUHCNZLv+1fRunCvPYuTbhiC5n08E/bqHwlyX5Pamw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000045, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: > +/// If a struct implements this trait, then it is okay to copy it byte-for-byte > +/// to userspace. This means that it should not have any padding, as padding > +/// bytes are uninitialized. Reading uninitialized memory is not just undefined > +/// behavior, it may even lead to leaking sensitive information on the stack to > +/// userspace. This feels a bit too restrictive to me. Isn't it okay to copy types with padding if it is ensured that the padding is always initialized? I recall that in C one occasionally does a `memset` for structs that are copied to user space. I imagine that one could have a Rust abstraction/macro that makes it easy to define custom types that can always guarantee that all padding bytes are initialized. Such types would then qualify for being copied to user space if all field do so as well. This could be a significant quality-of-life improvement for drivers as it can be tedious to define struct without padding. - Best Valentin