From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7AD73C54E5D
	for <linux-mm@archiver.kernel.org>; Mon, 18 Mar 2024 19:12:42 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id EE75A6B0083; Mon, 18 Mar 2024 15:12:41 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id E96E66B0085; Mon, 18 Mar 2024 15:12:41 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id D85BE6B0087; Mon, 18 Mar 2024 15:12:41 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10])
	by kanga.kvack.org (Postfix) with ESMTP id C995C6B0083
	for <linux-mm@kvack.org>; Mon, 18 Mar 2024 15:12:41 -0400 (EDT)
Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay04.hostedemail.com (Postfix) with ESMTP id 98CE51A078A
	for <linux-mm@kvack.org>; Mon, 18 Mar 2024 19:12:41 +0000 (UTC)
X-FDA: 81911106522.26.2D4E8F0
Received: from mail-vs1-f52.google.com (mail-vs1-f52.google.com [209.85.217.52])
	by imf05.hostedemail.com (Postfix) with ESMTP id CFAFD100015
	for <linux-mm@kvack.org>; Mon, 18 Mar 2024 19:12:39 +0000 (UTC)
Authentication-Results: imf05.hostedemail.com;
	dkim=pass header.d=google.com header.s=20230601 header.b=tmUBWh6x;
	spf=pass (imf05.hostedemail.com: domain of aliceryhl@google.com designates 209.85.217.52 as permitted sender) smtp.mailfrom=aliceryhl@google.com;
	dmarc=pass (policy=reject) header.from=google.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1710789159;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=lIPYiS6AqT1tNRa+kXH/qxTnijO9SB6Y3hbgkaDiv84=;
	b=3454E+2e5eCUHPenrID7F37tXW0wc3HU02yJBHiOnhFYYZVg9lJR9GAMJ8vL+oKNKm2ply
	2eF+GD6Co6DeHJ2uWdmywk6rjxJnb8MTNuXTbB7eBpFnGRrg+l9ZACznYbHN9Iwc9Nqao5
	TLNH8Zl5H6v5UgP94GwfwIeq0XCXfCk=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1710789159; a=rsa-sha256;
	cv=none;
	b=yDW1yjKnZlRZOWrU5UALBTbaQOmAVnokjpbZmKAypd98H8g/6uLKWC8HhVOWI2yzWN5LvW
	MrmokBipDQ//od/z9kpOV/nO5tyY6S2m9/fbdkGX1IMkr4HjnnAuEQuGlALZ4JoT5QT/Lx
	+RGh7Gh3zRFbzp5zHeNuF+2cf6Hiq04=
ARC-Authentication-Results: i=1;
	imf05.hostedemail.com;
	dkim=pass header.d=google.com header.s=20230601 header.b=tmUBWh6x;
	spf=pass (imf05.hostedemail.com: domain of aliceryhl@google.com designates 209.85.217.52 as permitted sender) smtp.mailfrom=aliceryhl@google.com;
	dmarc=pass (policy=reject) header.from=google.com
Received: by mail-vs1-f52.google.com with SMTP id ada2fe7eead31-4765792fc76so990729137.3
        for <linux-mm@kvack.org>; Mon, 18 Mar 2024 12:12:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1710789159; x=1711393959; darn=kvack.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=lIPYiS6AqT1tNRa+kXH/qxTnijO9SB6Y3hbgkaDiv84=;
        b=tmUBWh6xInOcCSxRzyjqObA7uWO6BHgNPixrVC0NHhujJuz6arSESTO9a0JaxxLnQQ
         2L78DhplvsujCOjq+2xkKXpoVnIfO233oPI0T9eUa9CFzRhL5lr77U5s5Qjrl3b2rVuJ
         fy0ZSkkMIAfz0k9y8Ysx7/xAga/HfZQ/VorXQ4euqqhpWo8B2ZQPrfXe1uqVXF/AgqZA
         Mq3TP0WZSUQMigkl9i3pnb/Q6N23M80mWmYI1ItoH+AslHs4giiMl9aGFc6FBAfbqq0E
         0Kl5ml/sx7al2j3DI8wNRkCPFfELL1uFNiCGe3bT5q5c1B5G7XgnITZSN4Y0ej2d32pc
         86Xw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1710789159; x=1711393959;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=lIPYiS6AqT1tNRa+kXH/qxTnijO9SB6Y3hbgkaDiv84=;
        b=H+6vEn5BgGsZGq7hscur7EFKNc/TA1/gUJV8BfyiguXoy/orCldqAE/gVX13NDG1wE
         8NLHTXeFUsMuCzHAodVsSJ5l/8ZfpN+D9n5rawg/oBCFsi99NFmjt1MFr7U9qpDVCcSj
         QaDMSWGpmrvs6ZvbZZMXz/w17EI4/v1cAxz+QQJJ7X90mYnybZMpD9eOthqMM8gSfETi
         HhbHjDoldiNfRJqfYLUv373J4JEZ2FekSfav1ptRjez6oyYys18SKRlk8GiZ8+YLyljb
         EQIEYNlKgF00MnYcp+nz0WKzQBvVR9aKwQ8UfmrlYeM+etWt9X+WWEwm+hv67e3xdZm5
         HJ1w==
X-Forwarded-Encrypted: i=1; AJvYcCXm3UrD6IT7aI/DsNnItEJM/uffot/Swkduj6OXmqknkTQgOWUssxYq3dOVINofAeuBgxSjV0nduicYPeKF7iC7agU=
X-Gm-Message-State: AOJu0YzR2AO+DyW5mxtVnQRlPO/8dLn8d17iJ+wT0iyFj8S5JmkBtiVH
	wVvJ73RF02Q1XVMeNeHG4o4ByuAbryj5rbQKbxnh1+vP6OBd5oXp1xojSGFE9Vnh845S9kX6Qvy
	ffsuFljLB71t6LJM6dc3v3Pi7bRn8kb3lMifV
X-Google-Smtp-Source: AGHT+IFEDnXmFC0T46g4e3RXdTra2OHUDn/F9pxl9qas27NyWz4W8MEV58eyTz1wBY4vhIQxnax9RfgFyGEFnEXlN/4=
X-Received: by 2002:a05:6102:a54:b0:473:ac82:27dd with SMTP id
 i20-20020a0561020a5400b00473ac8227ddmr329639vss.6.1710789158712; Mon, 18 Mar
 2024 12:12:38 -0700 (PDT)
MIME-Version: 1.0
References: <20240311-alice-mm-v3-0-cdf7b3a2049c@google.com>
 <20240311-alice-mm-v3-1-cdf7b3a2049c@google.com> <ZfiPB_iavHr8hNbm@boqun-archlinux>
In-Reply-To: <ZfiPB_iavHr8hNbm@boqun-archlinux>
From: Alice Ryhl <aliceryhl@google.com>
Date: Mon, 18 Mar 2024 20:12:27 +0100
Message-ID: <CAH5fLghs7=V2hHYBnQE-h=xpQYKX5ZxrV1iVdB4ybt7pAXFMWQ@mail.gmail.com>
Subject: Re: [PATCH v3 1/4] rust: uaccess: add userspace pointers
To: Boqun Feng <boqun.feng@gmail.com>
Cc: Miguel Ojeda <ojeda@kernel.org>, Matthew Wilcox <willy@infradead.org>, 
	Al Viro <viro@zeniv.linux.org.uk>, Andrew Morton <akpm@linux-foundation.org>, 
	Kees Cook <keescook@chromium.org>, Alex Gaynor <alex.gaynor@gmail.com>, 
	Wedson Almeida Filho <wedsonaf@gmail.com>, Gary Guo <gary@garyguo.net>, 
	=?UTF-8?Q?Bj=C3=B6rn_Roy_Baron?= <bjorn3_gh@protonmail.com>, 
	Benno Lossin <benno.lossin@proton.me>, Andreas Hindborg <a.hindborg@samsung.com>, 
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>, =?UTF-8?B?QXJ2ZSBIasO4bm5ldsOlZw==?= <arve@android.com>, 
	Todd Kjos <tkjos@android.com>, Martijn Coenen <maco@android.com>, 
	Joel Fernandes <joel@joelfernandes.org>, Carlos Llamas <cmllamas@google.com>, 
	Suren Baghdasaryan <surenb@google.com>, Arnd Bergmann <arnd@arndb.de>, linux-mm@kvack.org, 
	linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org, 
	Christian Brauner <brauner@kernel.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Stat-Signature: 7er5afspqps6u9uxf8k1zokkipi96dxx
X-Rspamd-Server: rspam10
X-Rspamd-Queue-Id: CFAFD100015
X-Rspam-User: 
X-HE-Tag: 1710789159-887504
X-HE-Meta: U2FsdGVkX19D56sIuiVuZV9vTHYjCM3+kofFoIfmpiPrcBTSurgVWy1nOJq15SUOmHrx0fVHt13puxKd9cpqknYC/qpNZPinjkwf+J6QpIMetP6GkiLtywmTwD7Fd9M8u3V2yCQotq2rRejUlW4fb/+JsdJgsRBFL0vEg92Ul0SWKcfG8lu1SNY/2+p1by/T5Jgia/iXOItQP22qmKW1R6G+CilCFLGMgawUM3N9hQw17CdIpzFUY322Dn3VYOVVeNFTxzyCmbKPOMLcSJtm6x4utMgC7bUMDeeZ71NtddzGskuwqSfWRo1ZWuIK3LW2+S4ZuCziGoeW35wJ2mGA7E2S04Zl4jc/PyvHCwKxNLCo0ZV4ofOyEStwu5GRcLPeenPjoPf7zT+bLZNvW9icJScDNNJ4jCedCwWckbyOwem9zY0kJdjybphDO/kYVjoUCtQB8Di/gs3/4foi0qiLM2MHCtfzhpkIGhxgJW19Tq0WECmlBa7rgvDkZ/UQQVw+OkUNYyVu7EnyO0XnZz+BMgG09hkNf4gG3FAtiCPJuCtIhpAKV3y6zEN88i1SUgpikkRTtoYB11IljprO3MMxTvicwIBzjzqat5O5DZhhdajzgNR1UO/99Ad+fHNOYJiRoDK8Gshvhr7l8cI+YMv0z/ngMdIzp3C/wwDlEnRy8nWKH8xfBhOPyB9eth3FYu7UtNRm9PZb1fAbE2dZ87Q1082HH9zfjhj9tduKSI8XxHhKYFJkX7hWZIa3KJNvndx/F4s3AvAznSqePGW1R09h9CJVIp66ZfClBPgDRXxLpJ8+yeZjwH6nUMJASF5kzGIs6MMz6JhfOfPKRwjNYLZ5g+qCBaIOMzApE7PWr3lVJ9gFES2hzCRSHhyAKVVxNkUYlnx6j0e8KSO2GMbG5B6S369mvNebBEKmKBBSprP1Hn16oa6dKQOT/GLiZp9PoQIF/Wa1arENl79U01LGh+X
 H/hqoFEa
 yKMqdPjIjsdkXoZ01oZM3KLPqfSXVvhrkHEqmK6+zUqh/3SpUEOYVpKvtlouTISQoYrCQi85UFSFXPNm4OYzL3vb1zAe1zMLXxxLLywMuYwCRB85607JI5bOgpJTDKp9vxz4IVMT9Qz4XPkSuFcTgQUvlmaD89YzNhRiuuv5Gktlz9JwLjcEDadIn9YX/NdKsIc0OVFi3ZRHN9OwO2xrnN7ov0S+BdH+TLYEXa7QkrI6ticFqMSaHnx4QARhyNO1dLVmXFvKqxK0ZnnEslYA89poT/tBg4SSAwN8a3c1mqWcWhL3/UeknuqWii1sOnWu/irQn
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Mon, Mar 18, 2024 at 7:59=E2=80=AFPM Boqun Feng <boqun.feng@gmail.com> w=
rote:
>
> On Mon, Mar 11, 2024 at 10:47:13AM +0000, Alice Ryhl wrote:
> > +
> > +    /// Reads raw data from the user slice into a raw kernel buffer.
> > +    ///
> > +    /// Fails with `EFAULT` if the read encounters a page fault.
> > +    ///
> > +    /// # Safety
> > +    ///
> > +    /// The `out` pointer must be valid for writing `len` bytes.
> > +    pub unsafe fn read_raw(&mut self, out: *mut u8, len: usize) -> Res=
ult {
>
> I don't think we want to promote the pub usage of this unsafe function,
> right? We can provide a safe version:
>
>         pub fn read_slice(&mut self, to: &[u8]) -> Result
>
> and all users can just use the safe version (with the help of
> slice::from_raw_parts_mut() if necessary).

Personally, I think having the function be unsafe is plenty discouragement.

Also, this method would need an &mut [u8], which opens the can of
worms related to uninitialized memory. The _raw version of this method
is strictly more powerful.

I don't think I actually use it directly in Binder, so I can make it
private if you think that's important. It needs to be pub(crate),
though, since it is used in `Page`.

Alice