rust/kernel/uaccess.rs | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)
Simplifies error handling by replacing the manual check
of the return value with the `to_result` helper.
Signed-off-by: Onur Özkan <work@onurozkan.dev>
---
rust/kernel/uaccess.rs | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/rust/kernel/uaccess.rs b/rust/kernel/uaccess.rs
index a8fb4764185a..9992eece2694 100644
--- a/rust/kernel/uaccess.rs
+++ b/rust/kernel/uaccess.rs
@@ -7,7 +7,7 @@
use crate::{
alloc::{Allocator, Flags},
bindings,
- error::Result,
+ error::{to_result, Result},
ffi::{c_char, c_void},
prelude::*,
transmute::{AsBytes, FromBytes},
@@ -495,9 +495,7 @@ fn raw_strncpy_from_user(dst: &mut [MaybeUninit<u8>], src: UserPtr) -> Result<us
)
};
- if res < 0 {
- return Err(Error::from_errno(res as i32));
- }
+ to_result(res as i32)?;
#[cfg(CONFIG_RUST_OVERFLOW_CHECKS)]
assert!(res <= len);
--
2.50.0
On Thu, Aug 21, 2025 at 12:19:39PM +0300, Onur Özkan wrote:
> Simplifies error handling by replacing the manual check
> of the return value with the `to_result` helper.
>
> Signed-off-by: Onur Özkan <work@onurozkan.dev>
> ---
> rust/kernel/uaccess.rs | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/rust/kernel/uaccess.rs b/rust/kernel/uaccess.rs
> index a8fb4764185a..9992eece2694 100644
> --- a/rust/kernel/uaccess.rs
> +++ b/rust/kernel/uaccess.rs
> @@ -7,7 +7,7 @@
> use crate::{
> alloc::{Allocator, Flags},
> bindings,
> - error::Result,
> + error::{to_result, Result},
> ffi::{c_char, c_void},
> prelude::*,
> transmute::{AsBytes, FromBytes},
> @@ -495,9 +495,7 @@ fn raw_strncpy_from_user(dst: &mut [MaybeUninit<u8>], src: UserPtr) -> Result<us
> )
> };
>
> - if res < 0 {
> - return Err(Error::from_errno(res as i32));
> - }
> + to_result(res as i32)?;
>
> #[cfg(CONFIG_RUST_OVERFLOW_CHECKS)]
> assert!(res <= len);
> --
> 2.50.0
Reviewed-by: Elle Rhumsaa <elle@weathered-steel.dev>
On Thu, Aug 21, 2025 at 11:19 AM Onur Özkan <work@onurozkan.dev> wrote:
>
> Simplifies error handling by replacing the manual check
> of the return value with the `to_result` helper.
>
> Signed-off-by: Onur Özkan <work@onurozkan.dev>
> ---
> rust/kernel/uaccess.rs | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/rust/kernel/uaccess.rs b/rust/kernel/uaccess.rs
> index a8fb4764185a..9992eece2694 100644
> --- a/rust/kernel/uaccess.rs
> +++ b/rust/kernel/uaccess.rs
> @@ -7,7 +7,7 @@
> use crate::{
> alloc::{Allocator, Flags},
> bindings,
> - error::Result,
> + error::{to_result, Result},
> ffi::{c_char, c_void},
> prelude::*,
> transmute::{AsBytes, FromBytes},
> @@ -495,9 +495,7 @@ fn raw_strncpy_from_user(dst: &mut [MaybeUninit<u8>], src: UserPtr) -> Result<us
> )
> };
>
> - if res < 0 {
> - return Err(Error::from_errno(res as i32));
> - }
> + to_result(res as i32)?;
This is wrong. The type of `res` is isize, and casting a positive
isize to i32 can result in a negative number and incorrectly trigger
this error. For example: 2147483650i64 as i32 is -2147483646.
Alice
On Thu, 21 Aug 2025 13:04:18 +0200
Alice Ryhl <aliceryhl@google.com> wrote:
> On Thu, Aug 21, 2025 at 11:19 AM Onur Özkan <work@onurozkan.dev>
> wrote:
> >
> > Simplifies error handling by replacing the manual check
> > of the return value with the `to_result` helper.
> >
> > Signed-off-by: Onur Özkan <work@onurozkan.dev>
> > ---
> > rust/kernel/uaccess.rs | 6 ++----
> > 1 file changed, 2 insertions(+), 4 deletions(-)
> >
> > diff --git a/rust/kernel/uaccess.rs b/rust/kernel/uaccess.rs
> > index a8fb4764185a..9992eece2694 100644
> > --- a/rust/kernel/uaccess.rs
> > +++ b/rust/kernel/uaccess.rs
> > @@ -7,7 +7,7 @@
> > use crate::{
> > alloc::{Allocator, Flags},
> > bindings,
> > - error::Result,
> > + error::{to_result, Result},
> > ffi::{c_char, c_void},
> > prelude::*,
> > transmute::{AsBytes, FromBytes},
> > @@ -495,9 +495,7 @@ fn raw_strncpy_from_user(dst: &mut
> > [MaybeUninit<u8>], src: UserPtr) -> Result<us )
> > };
> >
> > - if res < 0 {
> > - return Err(Error::from_errno(res as i32));
> > - }
> > + to_result(res as i32)?;
>
> This is wrong. The type of `res` is isize, and casting a positive
> isize to i32 can result in a negative number and incorrectly trigger
> this error. For example: 2147483650i64 as i32 is -2147483646.
>
> Alice
Nice catch. I could use `try_into().unwrap_or(0)` but that feels a bit
iffy since it would silently avoid the error if `isize` happens to be
much smaller than what `i32` can handle (though I am not sure if it's
possible in practice in the kernel codebase). Let's just ignore this
patch.
Thanks,
Onur
On Fri, Aug 22, 2025 at 7:03 AM Onur Özkan <work@onurozkan.dev> wrote:
>
> Nice catch. I could use `try_into().unwrap_or(0)` but that feels a bit
> iffy since it would silently avoid the error if `isize` happens to be
> much smaller than what `i32` can handle (though I am not sure if it's
> possible in practice in the kernel codebase). Let's just ignore this
> patch.
`isize` is at least 32-bit, but I am not sure that would be more readable.
If we want to make all these cases go through a `to_result`-like
function, then we may want to have variants of that and so on instead
-- Onur created this related Zulip thread:
https://rust-for-linux.zulipchat.com/#narrow/channel/288089-General/topic/returning.20.60Ok.28c_int.29.60.20instead.20of.20.60Ok.28.28.29.29.60.20on.20.60to_result.60/near/535616940
Similarly, we also may want to have a function or similar that allows
to perform such infallible casts (that are not infallible in general
Rust but are in the kernel); for reference, a similar recent
discussion at:
https://lore.kernel.org/rust-for-linux/CANiq72nW=XuUFqOB-6XavOPXtpbkHsagEkYvcD2JfCEiopYo=Q@mail.gmail.com/
Thanks!
Cheers,
Miguel
© 2016 - 2025 Red Hat, Inc.