mirror of
https://github.com/torvalds/linux.git
synced 2026-03-09 20:36:39 +01:00
60ecf796cd
Currently, Rust code uses a typedef for unsigned long to represent userspace addresses. This is unfortunate because it means that userspace addresses could accidentally be mixed up with other integers. To alleviate that, we introduce a new UserPtr struct that wraps a raw pointer to represent a userspace address. By using a struct, type checking enforces that userspace addresses cannot be mixed up with anything else. This is similar to the __user annotation in C that detects cases where user pointers are mixed with non-user pointers. Note that unlike __user pointers in C, this type is just a pointer without a target type. This means that it can't detect cases such as mixing up which struct this user pointer references. However, that is okay due to the way this is intended to be used - generally, you create a UserPtr in your ioctl callback from the provided usize *before* dispatching on which ioctl is in use, and then after dispatching on the ioctl you pass the UserPtr into a UserSliceReader or UserSliceWriter; selecting the target type does not happen until you have obtained the UserSliceReader/Writer. The UserPtr type is not marked with #[derive(Debug)], which means that it's not possible to print values of this type. This avoids ASLR leakage. The type is added to the prelude as it is a fairly fundamental type similar to c_int. The wrapping_add() method is renamed to wrapping_byte_add() for consistency with the method name found on raw pointers. Reviewed-by: Benno Lossin <lossin@kernel.org> Reviewed-by: Danilo Krummrich <dakr@kernel.org> Reviewed-by: Christian Schrefl <chrisi.schrefl@gmail.com> Reviewed-by: Boqun Feng <boqun.feng@gmail.com> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Alice Ryhl <aliceryhl@google.com> Link: https://lore.kernel.org/r/20250616-userptr-newtype-v3-1-5ff7b2d18d9e@google.com [ Reworded title. - Miguel ] Signed-off-by: Miguel Ojeda <ojeda@kernel.org> |
||
|---|---|---|
| .. | ||
| acrn | ||
| auxdisplay | ||
| binderfs | ||
| bpf | ||
| cgroup | ||
| check-exec | ||
| configfs | ||
| connector | ||
| coresight | ||
| damon | ||
| fanotify | ||
| fprobe | ||
| ftrace | ||
| hid | ||
| hidraw | ||
| hung_task | ||
| hw_breakpoint | ||
| kdb | ||
| kfifo | ||
| kmemleak | ||
| kobject | ||
| kprobes | ||
| landlock | ||
| livepatch | ||
| mei | ||
| nitro_enclaves | ||
| pfsm | ||
| pidfd | ||
| pktgen | ||
| qmi | ||
| rpmsg | ||
| rust | ||
| seccomp | ||
| timers | ||
| trace_events | ||
| trace_printk | ||
| tsm-mr | ||
| uhid | ||
| user_events | ||
| v4l | ||
| vfio-mdev | ||
| vfs | ||
| watch_queue | ||
| watchdog | ||
| Kconfig | ||
| Makefile | ||