Re: [PATCH v3 6/6] rust: use strict provenance APIs
From: Benno Lossin
Date: Sat Mar 15 2025 - 05:35:08 EST
On Fri Mar 14, 2025 at 10:54 PM CET, Boqun Feng wrote:
> On Fri, Mar 14, 2025 at 08:28:10AM -0400, Tamir Duberstein wrote:
> [...]
>> --- a/rust/kernel/alloc.rs
>> +++ b/rust/kernel/alloc.rs
>> @@ -217,7 +217,7 @@ unsafe fn free(ptr: NonNull<u8>, layout: Layout) {
>>
>> /// Returns a properly aligned dangling pointer from the given `layout`.
>> pub(crate) fn dangling_from_layout(layout: Layout) -> NonNull<u8> {
>> - let ptr = layout.align() as *mut u8;
>> + let ptr = crate::with_exposed_provenance_mut(layout.align());
>
> Dangling pointers don't have provenance, neither has its provenance been
> exposed. I think should use `without_provenance_mut()` here:
>
> https://doc.rust-lang.org/std/ptr/fn.without_provenance_mut.html
>
> see also the source of core::ptr::dangling().
Good catch.
> The rest Rust code changes look good to me. Although I would suggest you
> to split this patch into several patches: you can do the conversion from
> "as" pattern to provenance API one file by one file, and this make it
> easier for people to review. And after the conversions are done, you can
> introduce the Makefile changes.
I think it's fine to do several of the `as` conversions in a single
patch, but splitting off the makefile changes is a good idea.
---
Cheers,
Benno