[v3] Support more safe `AsBytes`/`FromBytes` usage

[PATCH v3 0/4] Support more safe `AsBytes`/`FromBytes` usage

Matthew Maurer posted 4 patches 1 month, 1 week ago

Diff against v1 v2
Download series mbox

rust/Makefile                     | 14 ++++---
rust/bindgen_parameters           |  8 ++++
rust/bindings/lib.rs              |  4 ++
rust/{ffi.rs => ffi/lib.rs}       |  5 +++
rust/{kernel => ffi}/transmute.rs | 72 +++++++++++++++++++++++++++++++++
rust/kernel/lib.rs                |  2 +-
rust/macros/lib.rs                | 83 +++++++++++++++++++++++++++++++++++++++
rust/macros/transmute.rs          | 67 +++++++++++++++++++++++++++++++
rust/uapi/lib.rs                  |  4 ++
scripts/generate_rust_analyzer.py |  2 +-
10 files changed, 254 insertions(+), 7 deletions(-)

Expand all Fold all

[PATCH v3 0/4] Support more safe `AsBytes`/`FromBytes` usage

Posted by Matthew Maurer 1 month, 1 week ago

Currently:
* Slices of `AsBytes`/`FromBytes` types cannot be synthesized from
  bytes slices (without unsafe).
* Users must use `unsafe impl` to assert that structs are `AsBytes` or
  `FromBytes` and write appropriate justifications.
* Bindgen-generated types cannot implement `AsBytes` or `FromBytes`,
  meaning that casting them to or from bytes involves assumptions in the
  `unsafe impl` that could easily go out of sync if the underlying
  header is edited or an assumption is invalid on a platform the author
  did not consider.

This series seeks to address all there of these by:
1. Adding slice cast functions to `FromBytes`
2. Adding a derive for `AsBytes` and `FromBytes`, for now restricted to
   the simple case of structs.
3. Refactoring the crate structure to move `AsBytes` and `FromBytes` to
   `ffi` to allow `bindings` and `uapi` to reference them.
4. Enabling bindgen derivation in `bindings`/`uapi` through `AsBytesFfi`
   and `FromBytesFfi`.

1+2 can be landed separately if needed, 3 has no purpose without 4, and
3+4 need 1+2.

Signed-off-by: Matthew Maurer <mmaurer@google.com>
---
Changes in v3:
- Explained the `for<'a>` usage in the where clauses generated by macro.
- Split bindgen support into two commits, one which does the crate
  migration and one which enables it.
- Link to v2: https://lore.kernel.org/r/20251216-transmute-v2-0-b23e5277ad02@google.com

Changes in v2:
- Reworked to put `transmute` in `ffi` rather than creating a new crate,
  per Alice's comment on Zulip.
- Switched to new kernel import style.
- Link to v1: https://lore.kernel.org/r/20251212-transmute-v1-0-9b28e06c6508@google.com

---
Matthew Maurer (4):
      rust: transmute: Support transmuting slices of AsBytes/FromBytes types
      rust: transmute: Add support for deriving `AsBytes` and `FromBytes`
      rust: transmute: Migrate AsBytes/FromBytes to ffi crate for bindgen
      rust: transmute: Support deriving AsBytes/FromBytes on bindgen types

 rust/Makefile                     | 14 ++++---
 rust/bindgen_parameters           |  8 ++++
 rust/bindings/lib.rs              |  4 ++
 rust/{ffi.rs => ffi/lib.rs}       |  5 +++
 rust/{kernel => ffi}/transmute.rs | 72 +++++++++++++++++++++++++++++++++
 rust/kernel/lib.rs                |  2 +-
 rust/macros/lib.rs                | 83 +++++++++++++++++++++++++++++++++++++++
 rust/macros/transmute.rs          | 67 +++++++++++++++++++++++++++++++
 rust/uapi/lib.rs                  |  4 ++
 scripts/generate_rust_analyzer.py |  2 +-
 10 files changed, 254 insertions(+), 7 deletions(-)
---
base-commit: 008d3547aae5bc86fac3eda317489169c3fda112
change-id: 20251212-transmute-8ab6076700a8

Best regards,
-- 
Matthew Maurer <mmaurer@google.com>