From: Kees Cook <keescook@chromium.org>
To: Miguel Ojeda <ojeda@kernel.org>
Cc: "Linus Torvalds" <torvalds@linux-foundation.org>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org, patches@lists.linux.dev,
"Jarkko Sakkinen" <jarkko@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Geoffrey Thomas" <geofft@ldpreload.com>,
"Wedson Almeida Filho" <wedsonaf@google.com>,
"Sven Van Asbroeck" <thesven73@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Maciej Falkowski" <m.falkowski@samsung.com>,
"Wei Liu" <wei.liu@kernel.org>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>
Subject: Re: [PATCH v9 06/27] rust: add C helpers
Date: Wed, 17 Aug 2022 12:44:41 -0700 [thread overview]
Message-ID: <202208171240.8B10053B9D@keescook> (raw)
In-Reply-To: <20220805154231.31257-7-ojeda@kernel.org>
On Fri, Aug 05, 2022 at 05:41:51PM +0200, Miguel Ojeda wrote:
> This source file contains forwarders to C macros and inlined
> functions.
Perhaps:
"Introduce the source file that will contain forwarders to common C
macros as inlined Rust functions. Initially this only contains type
size asserts, but will gain more helpers in subsequent patches."
>
> Co-developed-by: Alex Gaynor <alex.gaynor@gmail.com>
> Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
> Co-developed-by: Geoffrey Thomas <geofft@ldpreload.com>
> Signed-off-by: Geoffrey Thomas <geofft@ldpreload.com>
> Co-developed-by: Wedson Almeida Filho <wedsonaf@google.com>
> Signed-off-by: Wedson Almeida Filho <wedsonaf@google.com>
> Co-developed-by: Sven Van Asbroeck <thesven73@gmail.com>
> Signed-off-by: Sven Van Asbroeck <thesven73@gmail.com>
> Co-developed-by: Gary Guo <gary@garyguo.net>
> Signed-off-by: Gary Guo <gary@garyguo.net>
> Co-developed-by: Boqun Feng <boqun.feng@gmail.com>
> Signed-off-by: Boqun Feng <boqun.feng@gmail.com>
> Co-developed-by: Maciej Falkowski <m.falkowski@samsung.com>
> Signed-off-by: Maciej Falkowski <m.falkowski@samsung.com>
> Co-developed-by: Wei Liu <wei.liu@kernel.org>
> Signed-off-by: Wei Liu <wei.liu@kernel.org>
> Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
> ---
> rust/helpers.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 51 insertions(+)
> create mode 100644 rust/helpers.c
>
> diff --git a/rust/helpers.c b/rust/helpers.c
> new file mode 100644
> index 000000000000..b4f15eee2ffd
> --- /dev/null
> +++ b/rust/helpers.c
> @@ -0,0 +1,51 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Non-trivial C macros cannot be used in Rust. Similarly, inlined C functions
> + * cannot be called either. This file explicitly creates functions ("helpers")
> + * that wrap those so that they can be called from Rust.
> + *
> + * Even though Rust kernel modules should never use directly the bindings, some
> + * of these helpers need to be exported because Rust generics and inlined
> + * functions may not get their code generated in the crate where they are
> + * defined. Other helpers, called from non-inline functions, may not be
> + * exported, in principle. However, in general, the Rust compiler does not
> + * guarantee codegen will be performed for a non-inline function either.
> + * Therefore, this file exports all the helpers. In the future, this may be
> + * revisited to reduce the number of exports after the compiler is informed
> + * about the places codegen is required.
> + *
> + * All symbols are exported as GPL-only to guarantee no GPL-only feature is
> + * accidentally exposed.
> + */
> +
> +#include <linux/bug.h>
> +#include <linux/build_bug.h>
> +
> +__noreturn void rust_helper_BUG(void)
> +{
> + BUG();
> +}
> +EXPORT_SYMBOL_GPL(rust_helper_BUG);
Given the distaste for ever using BUG()[1], why does this helper exist?
> +
> +/*
> + * We use `bindgen`'s `--size_t-is-usize` option to bind the C `size_t` type
> + * as the Rust `usize` type, so we can use it in contexts where Rust
> + * expects a `usize` like slice (array) indices. `usize` is defined to be
> + * the same as C's `uintptr_t` type (can hold any pointer) but not
> + * necessarily the same as `size_t` (can hold the size of any single
> + * object). Most modern platforms use the same concrete integer type for
> + * both of them, but in case we find ourselves on a platform where
> + * that's not true, fail early instead of risking ABI or
> + * integer-overflow issues.
> + *
> + * If your platform fails this assertion, it means that you are in
> + * danger of integer-overflow bugs (even if you attempt to remove
> + * `--size_t-is-usize`). It may be easiest to change the kernel ABI on
> + * your platform such that `size_t` matches `uintptr_t` (i.e., to increase
> + * `size_t`, because `uintptr_t` has to be at least as big as `size_t`).
> + */
> +static_assert(
> + sizeof(size_t) == sizeof(uintptr_t) &&
> + __alignof__(size_t) == __alignof__(uintptr_t),
> + "Rust code expects C `size_t` to match Rust `usize`"
> +);
-Kees
[1] https://docs.kernel.org/process/deprecated.html#bug-and-bug-on
--
Kees Cook
next prev parent reply other threads:[~2022-08-17 19:44 UTC|newest]
Thread overview: 102+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-05 15:41 [PATCH v9 00/27] Rust support Miguel Ojeda
2022-08-05 15:41 ` [PATCH v9 01/27] kallsyms: use `sizeof` instead of hardcoded size Miguel Ojeda
2022-08-05 16:48 ` Geert Stappers
2022-08-05 18:46 ` Miguel Ojeda
2022-08-05 22:40 ` Konstantin Shelekhin
2022-08-17 19:36 ` Kees Cook
2022-08-18 9:03 ` Konstantin Shelekhin
2022-08-18 16:03 ` Kees Cook
2022-09-27 12:48 ` Miguel Ojeda
2022-08-05 15:41 ` [PATCH v9 02/27] kallsyms: avoid hardcoding buffer size Miguel Ojeda
2022-08-17 19:37 ` Kees Cook
2022-08-18 16:50 ` Geert Stappers
2022-08-05 15:41 ` [PATCH v9 03/27] kallsyms: add static relationship between `KSYM_NAME_LEN{,_BUFFER}` Miguel Ojeda
2022-08-17 19:39 ` Kees Cook
2022-08-17 19:50 ` Boqun Feng
2022-08-17 20:31 ` Kees Cook
2022-08-17 20:45 ` Miguel Ojeda
2022-08-05 15:41 ` [PATCH v9 04/27] kallsyms: support "big" kernel symbols Miguel Ojeda
2022-08-05 15:41 ` [PATCH v9 05/27] kallsyms: increase maximum kernel symbol length to 512 Miguel Ojeda
2022-08-05 15:41 ` [PATCH v9 06/27] rust: add C helpers Miguel Ojeda
2022-08-17 19:44 ` Kees Cook [this message]
2022-08-17 20:22 ` Miguel Ojeda
2022-08-17 20:34 ` Kees Cook
2022-08-17 21:44 ` Miguel Ojeda
2022-08-17 23:56 ` Kees Cook
2022-08-18 16:03 ` Miguel Ojeda
2022-08-18 16:08 ` Kees Cook
2022-08-18 17:01 ` Miguel Ojeda
2022-08-05 15:41 ` [PATCH v9 08/27] rust: adapt `alloc` crate to the kernel Miguel Ojeda
2022-08-05 15:41 ` [PATCH v9 09/27] rust: add `compiler_builtins` crate Miguel Ojeda
2022-08-17 20:08 ` Kees Cook
2022-08-22 23:55 ` Nick Desaulniers
2022-08-24 18:38 ` Nick Desaulniers
2022-08-29 17:11 ` Gary Guo
2022-08-05 15:41 ` [PATCH v9 10/27] rust: add `macros` crate Miguel Ojeda
2022-08-05 15:41 ` [PATCH v9 11/27] rust: add `bindings` crate Miguel Ojeda
2022-08-05 15:41 ` [PATCH v9 12/27] rust: add `kernel` crate Miguel Ojeda
2022-08-06 10:24 ` Konstantin Shelekhin
2022-08-06 11:22 ` Miguel Ojeda
2022-08-06 12:15 ` Konstantin Shelekhin
2022-08-06 14:57 ` Matthew Wilcox
2022-09-19 14:07 ` Wedson Almeida Filho
2022-09-19 16:09 ` Linus Torvalds
2022-09-19 17:20 ` Linus Torvalds
2022-09-19 18:05 ` Wedson Almeida Filho
2022-09-19 20:42 ` Linus Torvalds
2022-09-19 22:35 ` Wedson Almeida Filho
2022-09-19 23:39 ` Linus Torvalds
2022-09-19 23:50 ` Alex Gaynor
2022-09-19 23:58 ` Linus Torvalds
2022-09-20 0:15 ` Linus Torvalds
2022-09-20 15:55 ` Eric W. Biederman
2022-09-20 22:39 ` Gary Guo
2022-09-21 6:42 ` comex
2022-09-21 14:19 ` Boqun Feng
2022-10-03 2:03 ` comex
2022-09-20 0:40 ` Boqun Feng
2022-10-03 4:17 ` Kyle Strand
2022-09-20 0:41 ` Wedson Almeida Filho
2022-09-21 11:23 ` Konstantin Shelekhin
2022-09-21 11:46 ` Greg KH
2022-08-05 15:41 ` [PATCH v9 13/27] rust: export generated symbols Miguel Ojeda
2022-08-17 20:11 ` Kees Cook
2022-08-05 15:41 ` [PATCH v9 14/27] vsprintf: add new `%pA` format specifier Miguel Ojeda
2022-08-05 15:42 ` [PATCH v9 15/27] scripts: checkpatch: diagnose uses of `%pA` in the C side as errors Miguel Ojeda
2022-08-05 15:42 ` [PATCH v9 16/27] scripts: checkpatch: enable language-independent checks for Rust Miguel Ojeda
2022-08-17 20:12 ` Kees Cook
2022-08-05 15:42 ` [PATCH v9 17/27] scripts: decode_stacktrace: demangle Rust symbols Miguel Ojeda
2022-08-05 15:42 ` [PATCH v9 18/27] scripts: add `generate_rust_analyzer.py` Miguel Ojeda
2022-08-17 20:13 ` Kees Cook
2022-08-05 15:42 ` [PATCH v9 19/27] scripts: add `generate_rust_target.rs` Miguel Ojeda
2022-08-17 20:14 ` Kees Cook
2022-08-05 15:42 ` [PATCH v9 20/27] scripts: add `rust_is_available.sh` Miguel Ojeda
2022-08-17 20:18 ` Kees Cook
2022-08-17 20:40 ` Miguel Ojeda
2022-08-22 20:09 ` Nick Desaulniers
2022-08-23 12:12 ` Miguel Ojeda
2022-08-23 12:16 ` Miguel Ojeda
2022-08-05 15:42 ` [PATCH v9 21/27] scripts: add `is_rust_module.sh` Miguel Ojeda
2022-08-17 20:19 ` Kees Cook
2022-08-05 15:42 ` [PATCH v9 22/27] rust: add `.rustfmt.toml` Miguel Ojeda
2022-08-17 20:19 ` Kees Cook
2022-08-05 15:42 ` [PATCH v9 23/27] Kbuild: add Rust support Miguel Ojeda
2022-08-17 20:26 ` Kees Cook
2022-08-17 20:56 ` Miguel Ojeda
2022-08-22 22:35 ` Nick Desaulniers
2022-09-12 16:07 ` Masahiro Yamada
2022-09-12 16:18 ` Miguel Ojeda
2022-09-13 6:37 ` Masahiro Yamada
2022-08-05 15:42 ` [PATCH v9 24/27] docs: add Rust documentation Miguel Ojeda
2022-08-05 15:42 ` [PATCH v9 25/27] x86: enable initial Rust support Miguel Ojeda
2022-08-17 20:27 ` Kees Cook
2022-08-05 15:42 ` [PATCH v9 26/27] samples: add first Rust examples Miguel Ojeda
2022-08-06 13:14 ` Konstantin Shelekhin
2022-08-17 21:02 ` Miguel Ojeda
2022-08-18 9:04 ` Konstantin Shelekhin
2022-08-17 20:28 ` Kees Cook
2022-08-05 15:42 ` [PATCH v9 27/27] MAINTAINERS: Rust Miguel Ojeda
2022-08-17 20:28 ` Kees Cook
2022-08-17 20:43 ` Miguel Ojeda
[not found] ` <20220805154231.31257-8-ojeda@kernel.org>
2022-08-17 20:07 ` [PATCH v9 07/27] rust: import upstream `alloc` crate Kees Cook
2022-08-17 21:00 ` Miguel Ojeda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202208171240.8B10053B9D@keescook \
--to=keescook@chromium.org \
--cc=alex.gaynor@gmail.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=gary@garyguo.net \
--cc=geofft@ldpreload.com \
--cc=gregkh@linuxfoundation.org \
--cc=jarkko@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=m.falkowski@samsung.com \
--cc=ojeda@kernel.org \
--cc=patches@lists.linux.dev \
--cc=rust-for-linux@vger.kernel.org \
--cc=thesven73@gmail.com \
--cc=torvalds@linux-foundation.org \
--cc=wedsonaf@google.com \
--cc=wei.liu@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).