From: Benno Lossin <benno.lossin@proton.me>
To: Alice Ryhl <aliceryhl@google.com>
Cc: "Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Wedson Almeida Filho" <wedsonaf@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Andreas Hindborg" <a.hindborg@samsung.com>,
"Peter Zijlstra" <peterz@infradead.org>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
"Christian Brauner" <brauner@kernel.org>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Arve Hjønnevåg" <arve@android.com>,
"Todd Kjos" <tkjos@android.com>,
"Martijn Coenen" <maco@android.com>,
"Joel Fernandes" <joel@joelfernandes.org>,
"Carlos Llamas" <cmllamas@google.com>,
"Suren Baghdasaryan" <surenb@google.com>,
"Dan Williams" <dan.j.williams@intel.com>,
"Kees Cook" <keescook@chromium.org>,
"Matthew Wilcox" <willy@infradead.org>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Daniel Xu" <dxu@dxuuu.xyz>,
linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH v2 3/7] rust: security: add abstraction for secctx
Date: Fri, 08 Dec 2023 16:22:48 +0000 [thread overview]
Message-ID: <bynTQw4ZTfXBA0m3PYPL50jFnGQIzZnONT_L0TUNuWGtLwJhk6m0jeYQktfEIRmcVZIvKX9MOHwu4RgLWuH3nm5E_AiWNDKuKt_D2HSqsQw=@proton.me> (raw)
In-Reply-To: <20231206-alice-file-v2-3-af617c0d9d94@google.com>
On 12/6/23 12:59, Alice Ryhl wrote:
> +impl SecurityCtx {
> + /// Get the security context given its id.
> + pub fn from_secid(secid: u32) -> Result<Self> {
> + let mut secdata = core::ptr::null_mut();
> + let mut seclen = 0u32;
> + // SAFETY: Just a C FFI call. The pointers are valid for writes.
> + unsafe {
> + to_result(bindings::security_secid_to_secctx(
> + secid,
> + &mut secdata,
> + &mut seclen,
> + ))?;
> + }
Can you move the `unsafe` block inside of the `to_result` call? That way
we only have the unsafe operation in the unsafe block. Additionally, on
my side it fits perfectly into 100 characters.
> + // INVARIANT: If the above call did not fail, then we have a valid security context.
> + Ok(Self {
> + secdata,
> + seclen: seclen as usize,
> + })
> + }
[...]
> + /// Returns the bytes for this security context.
> + pub fn as_bytes(&self) -> &[u8] {
> + let ptr = self.secdata;
> + if ptr.is_null() {
> + // We can't pass a null pointer to `slice::from_raw_parts` even if the length is zero.
> + debug_assert_eq!(self.seclen, 0);
Would this be interesting enough to emit some kind of log message when
this fails?
> + return &[];
> + }
> +
> + // SAFETY: The call to `security_secid_to_secctx` guarantees that the pointer is valid for
> + // `seclen` bytes. Furthermore, if the length is zero, then we have ensured that the
> + // pointer is not null.
> + unsafe { core::slice::from_raw_parts(ptr.cast(), self.seclen) }
> + }
> +}
> +
> +impl Drop for SecurityCtx {
> + fn drop(&mut self) {
> + // SAFETY: This frees a pointer that came from a successful call to
> + // `security_secid_to_secctx` and has not yet been destroyed by `security_release_secctx`.
> + unsafe {
> + bindings::security_release_secctx(self.secdata, self.seclen as u32);
> + }
If you move the `;` to the outside of the `unsafe` block this also fits
on a single line.
--
Cheers,
Benno
> + }
> +}
next prev parent reply other threads:[~2023-12-08 16:23 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-06 11:59 [PATCH v2 0/7] File abstractions needed by Rust Binder Alice Ryhl
2023-12-06 11:59 ` [PATCH v2 1/7] rust: file: add Rust abstraction for `struct file` Alice Ryhl
2023-12-08 9:48 ` Benno Lossin
2023-12-11 15:34 ` Alice Ryhl
2023-12-06 11:59 ` [PATCH v2 2/7] rust: cred: add Rust abstraction for `struct cred` Alice Ryhl
2023-12-08 16:13 ` Benno Lossin
2023-12-11 15:34 ` Alice Ryhl
2023-12-11 1:19 ` Boqun Feng
2023-12-11 15:34 ` Alice Ryhl
2023-12-11 17:35 ` Boqun Feng
2023-12-11 19:30 ` Benno Lossin
2023-12-12 9:40 ` Alice Ryhl
2023-12-06 11:59 ` [PATCH v2 3/7] rust: security: add abstraction for secctx Alice Ryhl
2023-12-08 16:22 ` Benno Lossin [this message]
2023-12-11 15:34 ` Alice Ryhl
2023-12-06 11:59 ` [PATCH v2 4/7] rust: file: add `FileDescriptorReservation` Alice Ryhl
2023-12-08 7:37 ` Benno Lossin
2023-12-08 7:43 ` Alice Ryhl
2023-12-11 15:34 ` Alice Ryhl
2023-12-06 11:59 ` [PATCH v2 5/7] rust: file: add `Kuid` wrapper Alice Ryhl
2023-12-06 12:34 ` Peter Zijlstra
2023-12-06 12:57 ` Alice Ryhl
2023-12-06 13:40 ` Peter Zijlstra
2023-12-06 13:50 ` Alice Ryhl
2023-12-06 16:49 ` Nick Desaulniers
2023-12-08 16:31 ` Miguel Ojeda
2023-12-08 16:57 ` Peter Zijlstra
2023-12-08 18:18 ` Kees Cook
2023-12-08 20:45 ` Peter Zijlstra
2023-12-08 20:57 ` Kees Cook
2023-12-11 21:13 ` Kent Overstreet
2023-12-08 16:40 ` Benno Lossin
2023-12-08 16:43 ` Boqun Feng
2023-12-11 15:58 ` Kent Overstreet
2023-12-11 17:04 ` Benno Lossin
2023-12-11 15:34 ` Alice Ryhl
2023-12-06 11:59 ` [PATCH v2 6/7] rust: file: add `DeferredFdCloser` Alice Ryhl
2023-12-08 17:39 ` Benno Lossin
2023-12-11 15:34 ` Alice Ryhl
2023-12-11 17:23 ` Benno Lossin
2023-12-12 9:35 ` Alice Ryhl
2023-12-12 16:50 ` Benno Lossin
2023-12-11 17:41 ` Boqun Feng
2023-12-12 1:25 ` Boqun Feng
2023-12-12 20:57 ` Boqun Feng
2023-12-13 11:04 ` Alice Ryhl
2023-12-06 11:59 ` [PATCH v2 7/7] rust: file: add abstraction for `poll_table` Alice Ryhl
2023-12-08 17:53 ` Benno Lossin
2023-12-12 9:59 ` Alice Ryhl
2023-12-12 17:01 ` Benno Lossin
2023-12-13 1:35 ` Boqun Feng
2023-12-13 9:12 ` Benno Lossin
2023-12-13 10:09 ` Alice Ryhl
2023-12-13 17:05 ` Boqun Feng
2023-12-13 11:02 ` Alice Ryhl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='bynTQw4ZTfXBA0m3PYPL50jFnGQIzZnONT_L0TUNuWGtLwJhk6m0jeYQktfEIRmcVZIvKX9MOHwu4RgLWuH3nm5E_AiWNDKuKt_D2HSqsQw=@proton.me' \
--to=benno.lossin@proton.me \
--cc=a.hindborg@samsung.com \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=arve@android.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=brauner@kernel.org \
--cc=cmllamas@google.com \
--cc=dan.j.williams@intel.com \
--cc=dxu@dxuuu.xyz \
--cc=gary@garyguo.net \
--cc=gregkh@linuxfoundation.org \
--cc=joel@joelfernandes.org \
--cc=keescook@chromium.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maco@android.com \
--cc=ojeda@kernel.org \
--cc=peterz@infradead.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=surenb@google.com \
--cc=tglx@linutronix.de \
--cc=tkjos@android.com \
--cc=viro@zeniv.linux.org.uk \
--cc=wedsonaf@gmail.com \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).