From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5275EC47258 for ; Thu, 25 Jan 2024 12:37:22 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D6CD28D0016; Thu, 25 Jan 2024 07:37:21 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id CEF408D000C; Thu, 25 Jan 2024 07:37:21 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B42628D0016; Thu, 25 Jan 2024 07:37:21 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id A06D58D000C for ; Thu, 25 Jan 2024 07:37:21 -0500 (EST) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 6F2D0160340 for ; Thu, 25 Jan 2024 12:37:21 +0000 (UTC) X-FDA: 81717783882.13.263F624 Received: from mail-vs1-f53.google.com (mail-vs1-f53.google.com [209.85.217.53]) by imf08.hostedemail.com (Postfix) with ESMTP id B5951160018 for ; Thu, 25 Jan 2024 12:37:19 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=gKlasdfJ; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf08.hostedemail.com: domain of aliceryhl@google.com designates 209.85.217.53 as permitted sender) smtp.mailfrom=aliceryhl@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1706186239; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=w/8P03y0gIOgiGCcOtW8CKbm2M0HUIblwn8rbFoZDFY=; b=HThEh24kqMvT2TXeJ0gnqUUwsYCOVDgi4OcTkDPvpy6gjQU6BsPLrUt42xCgptrjaO4FDH zG7znXdMkvvHlH6jKVf46Z1hl3AMfhu2GcSKHLp3KInSFGsKDxE+g3QKF5svmQgxblq5TK /C8vi0OHzymy3zPohkJmHvjcB4VQvGQ= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=gKlasdfJ; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf08.hostedemail.com: domain of aliceryhl@google.com designates 209.85.217.53 as permitted sender) smtp.mailfrom=aliceryhl@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706186239; a=rsa-sha256; cv=none; b=PCIudsVERQgciTPgtD0Am6iVrAW/lMMSP3sIXlQaP43uUcWnFVF+sWqFEc+ybLcirF/UyH +atqEKYbaj8IAt9AYYnbUAByUQlRQ1baFCdSIqsqlnM5B1KwUL8NQLo/HlRX/7ZGP+kwKO ucIktniehgSNJgC4oExfQGCHY/6LzSI= Received: by mail-vs1-f53.google.com with SMTP id ada2fe7eead31-46b0ca27b74so544848137.3 for ; Thu, 25 Jan 2024 04:37:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1706186239; x=1706791039; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=w/8P03y0gIOgiGCcOtW8CKbm2M0HUIblwn8rbFoZDFY=; b=gKlasdfJ7bll7qnXwfGslWUOw3qkb+EQZmT03SzQDzybTYrMQFrtwGWcbdw3Ahw3X4 vkc9fC19kBx5nV+RQgDnw9iERP92sLTyfvHpd9mvV5heqxrYDQBNhhi/nolfZeJiSif3 P8SPzKyLsGzhQMD0UDHR25kfgj61FssYunup3kq//ellIbRxzlyj64KRbJqSGHbWEqiW 4dsqkXxOwRCjrNS0J+g8kcBkNEM8FPT4DYmyGenHWdmtz85zgA1SBZNMLZ+6GzspdTtd qjNoUQsBQO/HbN1wfZVRemOvyC/f4cUkQaMZjzeVh+1B2mcIDgDtqw7gUynBjAR0O1v7 jgqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706186239; x=1706791039; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=w/8P03y0gIOgiGCcOtW8CKbm2M0HUIblwn8rbFoZDFY=; b=oX+Kzbq1iKMVCMNOOEjIES6PaRe1dyGukyiCMcl+RsCwynJ85tQefY7qN4+Gvcpe+Y DiJ0CzcU+e65s2K3em2XmhPx8IJe0fIiRSW3THBjqYRET9LMsQp8OKQcPK3y9ROL07X+ hCpaxZWTAq8HIdDZl442ahkPYc25z4Ldr/Q4fx7L/Sw3mNdu0glEiovn585snXxmzYNJ I1SIpnzLmbZrjrycSkcQmvUgMSP+KQW8JWyp2wwKqzUB5HyTjyg2ZKp3uwJU1AYcAgYK 3EKvJxgObeuHMH+zcNJUOA3x4B0qHoNlP8hg4zbDcmvcTuXgwaL1O1GNyL3qWHk8cr0E oNZA== X-Gm-Message-State: AOJu0Yycjt0zqKCHXHzs9IUT1yrJf4rTVBJiR/+E9sVnW+s1LZzIt53F dRYl152yAGZ+z0xtA6qV8Nqrf10oGKyfQ2cr9DwTyKuda5jR3zWPGliq97aXXJOhW5CfIc5Xbuc QGHfgKW+nunpRFC5DFbgu0z1Hjt4KSkl/I7aD X-Google-Smtp-Source: AGHT+IFqI2jU/TuA2KsCbcNM1uIUyYNWtYEd44hxAhnlN41+z9ie0Kx+EGlwgTlHDfim/JfM538IlIEQM+1VVQT9H2Q= X-Received: by 2002:a67:b906:0:b0:46a:efb9:8d16 with SMTP id q6-20020a67b906000000b0046aefb98d16mr511164vsn.64.1706186238360; Thu, 25 Jan 2024 04:37:18 -0800 (PST) MIME-Version: 1.0 References: <20240124-alice-mm-v1-0-d1abcec83c44@google.com> <20240124-alice-mm-v1-2-d1abcec83c44@google.com> <070574cb-8d7f-4fe7-9826-cec6110168ff@app.fastmail.com> In-Reply-To: <070574cb-8d7f-4fe7-9826-cec6110168ff@app.fastmail.com> From: Alice Ryhl Date: Thu, 25 Jan 2024 13:37:07 +0100 Message-ID: Subject: Re: [PATCH 2/3] rust: add typed accessors for userspace pointers To: Arnd Bergmann Cc: Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , =?UTF-8?Q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Kees Cook , Alexander Viro , Andrew Morton , Greg Kroah-Hartman , =?UTF-8?B?QXJ2ZSBIasO4bm5ldsOlZw==?= , Todd Kjos , Martijn Coenen , Joel Fernandes , Carlos Llamas , Suren Baghdasaryan , linux-mm@kvack.org, linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org, Christian Brauner Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Stat-Signature: zf5mhjj8p6iz184onq3aeqj8hqm3drbq X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: B5951160018 X-HE-Tag: 1706186239-839164 X-HE-Meta: U2FsdGVkX18tcza4s7oalEOOGyPa+FLyEtxZYwUK0i7w5EOpQhnr1aKqtSEItFZgdK9Wx/BWliLxTM6m2/MMoqmLTF21HT31Zd2l/9pFUC2Qxc9RBc9z3OTqXyHsg1WTqU0vuxiwB8z6FpTaOFtR0wFzTIjO3F/Jz3lo/RcMmwQrXXO9M8JDx3J/OomUY3aP31inhTyasZKetq5JCyZe23qBSPamwA8jnr6A/cGNd1KMxr7dZXSPnYwcpJ1HGn0pxC8+gAGvSTi4f8MNnN0lUAPh/wZqQu/8WocSBX3K/txNWVoYd5jW2jcmaa5kKLAtabChJV+Pdh+eT61jpj1xNXPSDjaKw2sJ+J6nk9ohCJlMEoaew/7b6LG5W/qNk69hN9/qC4WxEzwJspVx78x+0Wcm7iGRh1VwYV0o2NPBzqULltQZSo1HGSD0N0RxTuTiS1M/qIoh+UwihyqrAntJkNOQsmZg48tdBf8KiJnGhoZgNwZztPIxtYrutORD2JuRXEme8+bfuTm3KkZa+BGnT+3ljWuCwziPcSIN40OYUy+Wl94E/UV+Wf0R64+AlP9nFpB7fEnBBIV0OMZIgrpr3nKveDH3wl+nZYJgPv6KPcCs5YxhD2FZX8/XirPhuITXxGdqukPbgspiqjPW2WT/7WjrAOfT+PekV2AR/aX1dUUbeT39tuH6dD1RC8F3EHvhUc4ViJ1zrRzD/7B0FA6q8j5DUlA4CQGGf4v3nSvUFx47Ee4QAe56SNQNGwSqI3/WZ5w3KC8mMI/g3Yl2FVIJ+kJYiQ8xeaxX0lqgloZl4IbBisG28RZVHokRD+LWdfBDuw+zI0KZ2q0ecAuIE5QUqrzNobB+oWyfKWrusJZpGeZ3+VB2ztnuubEorUeTWvF1Sli91o5P+mBhbjhXQzt0nMMu2jEmErgKjBGYB7zpdtWjS7i6Li3Sya94nKbXDqD2OkQfX3lYDR33xLOQs0e s94Z61Qg vqwVkzievRnueZuLEZlt9vo2zmadSk0Y7ZTkEt4trq75yJC2BNnxKsQtf4o6S484zVAkW2PI5fohSy1HdA4aPny2Szl/myweK8VozmZ0xMVj4s7llPXE0KSsy4BuEtf8/rPPdaUxMWP6R9g75H6Y+x1r+zDNB3zQA7KC/M1pW/txmCSbx8KAT5rw2S12UnIhE0mckVvCfCyUvqsn2TpJ1nsenJFToFGoU0WPoECe8PeqUlWMA9HufJwX7CW+Hnu2mQqgl X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Jan 25, 2024 at 1:27=E2=80=AFPM Arnd Bergmann wrote= : > > On Wed, Jan 24, 2024, at 12:20, Alice Ryhl wrote: > > +unsigned long > > rust_helper_copy_from_user_unsafe_skip_check_object_size(void *to, > > const void __user *from, unsigned long n) > > +{ > > + unsigned long res; > > + > > + might_fault(); > > + instrument_copy_from_user_before(to, from, n); > > + if (should_fail_usercopy()) > > + return n; > > + res =3D raw_copy_from_user(to, from, n); > > + instrument_copy_from_user_after(to, from, n, res); > > + return res; > > +} > > +EXPORT_SYMBOL_GPL(rust_helper_copy_from_user_unsafe_skip_check_object_= size); > > + > > +unsigned long > > rust_helper_copy_to_user_unsafe_skip_check_object_size(void __user *to, > > const void *from, unsigned long n) > > +{ > > + might_fault(); > > + if (should_fail_usercopy()) > > + return n; > > + instrument_copy_to_user(to, from, n); > > + return raw_copy_to_user(to, from, n); > > +} > > +EXPORT_SYMBOL_GPL(rust_helper_copy_to_user_unsafe_skip_check_object_si= ze); > > These functions are almost identical to the ones in > lib/usercopy.c for !defined(INLINE_COPY_TO_USER). > > That version has an extra memset() after a partial > copy_from_user(), and you probably want to have the > same thing here for consistency. > > I think ideally we should only have one out-of-line copy > of these two functions and have that one shared between > rust and architectures that want the C version out of line > as well. I had a bit of trouble figuring out all of the copy_[to/from]_user methods that are available. I was hoping that a better solution would be available, and it sounds like one is. Is _copy_from_user always available as an exported symbol? If it's always available and skips the check, then I can just use that. I don't think the memset matters for my case. Otherwise, I can add a helper in rust/helpers.c that wraps _copy_from_user only when INLINE_COPY_FROM_USER is defined, and call the helper in those cases, and otherwise call the exported symbol directly. (I need an exported symbol to call into C from Rust.) Would that make sense? Alice