Re: [PATCH 2/3] rust: add typed accessors for userspace pointers

From: Alice Ryhl
Date: Thu Jan 25 2024 - 07:37:32 EST

Next message: Krzysztof Kozlowski: "Re: [PATCH v2] riscv: dts: sophgo: add watchdog dt node for CV1800"
Previous message: Krzysztof Kozlowski: "Re: [PATCH 1/6] dt-bindings: PCI: qcom,pcie-sm8550: move SM8550 to dedicated schema"
In reply to: Arnd Bergmann: "Re: [PATCH 2/3] rust: add typed accessors for userspace pointers"
Next in thread: Arnd Bergmann: "Re: [PATCH 2/3] rust: add typed accessors for userspace pointers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jan 25, 2024 at 1:27 PM Arnd Bergmann <arnd@xxxxxxxx> wrote:
>
> On Wed, Jan 24, 2024, at 12:20, Alice Ryhl wrote:
> > +unsigned long
> > rust_helper_copy_from_user_unsafe_skip_check_object_size(void *to,
> > const void __user *from, unsigned long n)
> > +{
> > + unsigned long res;
> > +
> > + might_fault();
> > + instrument_copy_from_user_before(to, from, n);
> > + if (should_fail_usercopy())
> > + return n;
> > + res = raw_copy_from_user(to, from, n);
> > + instrument_copy_from_user_after(to, from, n, res);
> > + return res;
> > +}
> > +EXPORT_SYMBOL_GPL(rust_helper_copy_from_user_unsafe_skip_check_object_size);
> > +
> > +unsigned long
> > rust_helper_copy_to_user_unsafe_skip_check_object_size(void __user *to,
> > const void *from, unsigned long n)
> > +{
> > + might_fault();
> > + if (should_fail_usercopy())
> > + return n;
> > + instrument_copy_to_user(to, from, n);
> > + return raw_copy_to_user(to, from, n);
> > +}
> > +EXPORT_SYMBOL_GPL(rust_helper_copy_to_user_unsafe_skip_check_object_size);
>
> These functions are almost identical to the ones in
> lib/usercopy.c for !defined(INLINE_COPY_TO_USER).
>
> That version has an extra memset() after a partial
> copy_from_user(), and you probably want to have the
> same thing here for consistency.
>
> I think ideally we should only have one out-of-line copy
> of these two functions and have that one shared between
> rust and architectures that want the C version out of line
> as well.

I had a bit of trouble figuring out all of the copy_[to/from]_user
methods that are available. I was hoping that a better solution would
be available, and it sounds like one is. Is _copy_from_user always
available as an exported symbol? If it's always available and skips
the check, then I can just use that. I don't think the memset matters
for my case.

Otherwise, I can add a helper in rust/helpers.c that wraps
_copy_from_user only when INLINE_COPY_FROM_USER is defined, and call
the helper in those cases, and otherwise call the exported symbol
directly. (I need an exported symbol to call into C from Rust.)

Would that make sense?

Alice

Next message: Krzysztof Kozlowski: "Re: [PATCH v2] riscv: dts: sophgo: add watchdog dt node for CV1800"
Previous message: Krzysztof Kozlowski: "Re: [PATCH 1/6] dt-bindings: PCI: qcom,pcie-sm8550: move SM8550 to dedicated schema"
In reply to: Arnd Bergmann: "Re: [PATCH 2/3] rust: add typed accessors for userspace pointers"
Next in thread: Arnd Bergmann: "Re: [PATCH 2/3] rust: add typed accessors for userspace pointers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]