1. Patchew
  2. linux
  3. View series

[PATCH 0/3] Support more safe `AsBytes`/`FromBytes` usage

Matthew Maurer posted 3 patches 1 day, 2 hours ago 
rust/Makefile                        | 19 +++++++--
rust/bindgen_parameters              |  8 ++++
rust/bindings/lib.rs                 |  1 +
rust/kernel/lib.rs                   |  3 +-
rust/macros/lib.rs                   | 80 ++++++++++++++++++++++++++++++++++++
rust/macros/transmute.rs             | 60 +++++++++++++++++++++++++++
rust/traits/lib.rs                   |  6 +++
rust/{kernel => traits}/transmute.rs | 72 ++++++++++++++++++++++++++++++++
rust/uapi/lib.rs                     |  1 +
9 files changed, 245 insertions(+), 5 deletions(-)
[PATCH 0/3] Support more safe `AsBytes`/`FromBytes` usage
Posted by Matthew Maurer 1 day, 2 hours ago 
Currently:
* Slices of `AsBytes`/`FromBytes` types cannot be synthesized from
  bytes slices (without unsafe).
* Users must use `unsafe impl` to assert that structs are `AsBytes` or
  `FromBytes` and write appropriate justifications.
* Bindgen-generated types cannot implement `AsBytes` or `FromBytes`,
  meaning that casting them to or from bytes involves assumptions in the
  `unsafe impl` that could easily go out of sync if the underlying
  header is edited or an assumption is invalid on a platform the author
  did not consider.

This series seeks to address all there of these by:
1. Adding slice cast functions to `FromBytes`
2. Adding a derive for `AsBytes` and `FromBytes`, for now restricted to
   the simple case of structs.
3. Refactoring the crate structure to allow the derives added in 2 to be
   used on bindgen definitions.

1 or 2 can be taken independently, 3 requires 2.

1 and 2 I think are in pretty goood shape. 3 I'm throwing out their to
sketch out what a potential solution to this problem could look like.

Options for #3 that I can see:
* Common types/traits crate (what's done in this patch), maybe bikeshed
  name to something other than `traits`.
* Move `bindings` from being its own crate to being source-included into
  the `kernel` crate.
* Import `zerocopy` instead, and move off providing our own
  `AsBytes`/`FromBytes`. This would lose our special-casing of pointers
  as not supporting byte-casting, and require importing yet more
  third-party code, but would solve the problems I enumerated.

Signed-off-by: Matthew Maurer <mmaurer@google.com>
---
Matthew Maurer (3):
      rust: transmute: Support transmuting slices of AsBytes/FromBytes types
      rust: Add support for deriving `AsBytes` and `FromBytes`
      rust: Support deriving `AsBytes`/`FromBytes` on bindgen types

 rust/Makefile                        | 19 +++++++--
 rust/bindgen_parameters              |  8 ++++
 rust/bindings/lib.rs                 |  1 +
 rust/kernel/lib.rs                   |  3 +-
 rust/macros/lib.rs                   | 80 ++++++++++++++++++++++++++++++++++++
 rust/macros/transmute.rs             | 60 +++++++++++++++++++++++++++
 rust/traits/lib.rs                   |  6 +++
 rust/{kernel => traits}/transmute.rs | 72 ++++++++++++++++++++++++++++++++
 rust/uapi/lib.rs                     |  1 +
 9 files changed, 245 insertions(+), 5 deletions(-)
---
base-commit: 008d3547aae5bc86fac3eda317489169c3fda112
change-id: 20251212-transmute-8ab6076700a8

Best regards,
-- 
Matthew Maurer <mmaurer@google.com>

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.