Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp4767447rwb; Sun, 4 Dec 2022 07:52:07 -0800 (PST) X-Google-Smtp-Source: AA0mqf6xAZkjw6GGzxWTccriF0garN/8qIT+aKTPiWDJUKJdtgssBllDMGE7z/Hf0OnA+OPZHbr/ X-Received: by 2002:a17:902:e94e:b0:188:f3b9:7156 with SMTP id b14-20020a170902e94e00b00188f3b97156mr61673708pll.76.1670169126798; Sun, 04 Dec 2022 07:52:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670169126; cv=none; d=google.com; s=arc-20160816; b=AvyCSlcKY9CCbGHHvqEQug5WgqQ0jrIAC3ON4O25LE9jEQu6T38X7pKxA/2hM+1pBU +FtaM5CYzBvVafaKXE1Qolb+WhJVT0YHGK2bIVnlK2XvW4++ZTh0PAIpVLXwhMOdVs7G djVCo568bJ6KJl+z6n0vtqvwkHbgYBcfqT46thBhhtvSr9egCQYx0ugbi2RMDZ2VC5G1 ebJYJz2ClMgKvATPNr1JKD9Z09SPaZvCAOoEuNlyX/qf7wFvYagjp+Kx5U7Xgs296BJQ JZ2YwnhpI5i5L0cT5wMr3/Bq3Pn/OV/qr868SvyVaRJnUfK0+NnphoaEbOYU1zLKcBkQ SKUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=+wJRlMho2FnAbXYg6+mlmNW9Tp+g4pBu1hc7038i/W8=; b=vvKEDKPx2YQK1bv7livn2qXQOkgBVfZq/6D/CczGOocFgqiiTERuZHOVe0nxDtxUQ3 wlgh2KaiKoJvN5NGKeJ6l8Ji8THfi0kdNW9F0DfFL+pNRdLmhFdbCBuHlJr2+m/c4Ci7 Cyt5XjWTPhPyJ3rouHhB9BtB4mjLBBnSYYs2g5frWMqYio36So7ztjp58N39p4lPsLMa BJmJoPSJqeGPfAzqMn/UNxFh2DahbLQWNMdWCbTkyonS7luA2Wz2377wsWFdpukm6Fd1 /dEC+91jvA2aAmMwrWnJhJsqKhiyUXJfRErUd2a0/T6+Lue7Bv4BBfAnyazGiiTPZ0+i iuMA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@treblig.org header.s=bytemarkmx header.b=k5+S41vp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id m1-20020a170902db0100b0018678dab05dsi13774416plx.199.2022.12.04.07.51.54; Sun, 04 Dec 2022 07:52:06 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=fail header.i=@treblig.org header.s=bytemarkmx header.b=k5+S41vp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230123AbiLDPlh (ORCPT + 82 others); Sun, 4 Dec 2022 10:41:37 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50230 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229917AbiLDPlf (ORCPT ); Sun, 4 Dec 2022 10:41:35 -0500 Received: from mx.treblig.org (mx.treblig.org [46.43.15.161]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 48DB411A1B for ; Sun, 4 Dec 2022 07:41:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=treblig.org ; s=bytemarkmx; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID :Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe :List-Post:List-Owner:List-Archive; bh=+wJRlMho2FnAbXYg6+mlmNW9Tp+g4pBu1hc7038i/W8=; b=k5+S41vpJRy8VXu9WSCdXEzK4K sgBVsnQrNv2MMxOxy6/uVkCuQPy40UNA0LQkWR/V9cD510olMOCkUBARvmaOqY5yW8YA/lQEPflyX NW8yYNz6GWZBb4JQMc/4IYpt0r/FQXkvcJhorct2DxoouGaM3uzXGxQmncgt6A7r9Vvnd1XHJ5X8U GjJd1/u7trHt+WctKwPirpyB+c2viPYvpoxaCMQPPU6gYqqHgj54IbmVIfHJpbKrzlTRfua4mHWPy stbf6IxtUcLlhs8Wc5KfS3Igb5TIhDAMit1s9ZbrCry474WOClCNu435InNED9vWvLAEDPCmDFmmA 3OyWdGFQ==; Received: from dg by mx.treblig.org with local (Exim 4.94.2) (envelope-from ) id 1p1r7K-0052UU-UT; Sun, 04 Dec 2022 15:41:22 +0000 Date: Sun, 4 Dec 2022 15:41:22 +0000 From: "Dr. David Alan Gilbert" To: ojeda@kernel.org Cc: Wedson Almeida Filho , Alex Gaynor , Boqun Feng , Gary Guo , =?iso-8859-1?Q?Bj=F6rn?= Roy Baron , rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, patches@lists.linux.dev, Adam Bratschi-Kaye Subject: Re: [PATCH v2 20/28] rust: str: add `Formatter` type Message-ID: References: <20221202161502.385525-1-ojeda@kernel.org> <20221202161502.385525-21-ojeda@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <20221202161502.385525-21-ojeda@kernel.org> X-Chocolate: 70 percent or better cocoa solids preferably X-Operating-System: Linux/5.10.0-12-amd64 (x86_64) X-Uptime: 15:37:53 up 268 days, 2:03, 2 users, load average: 0.00, 0.01, 0.00 User-Agent: Mutt/2.0.5 (2021-01-21) X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org * ojeda@kernel.org (ojeda@kernel.org) wrote: > From: Wedson Almeida Filho > > Add the `Formatter` type, which leverages `RawFormatter`, > but fails if callers attempt to write more than will fit > in the buffer. > > In order to so, implement the `RawFormatter::from_buffer()` > constructor as well. > > Co-developed-by: Adam Bratschi-Kaye > Signed-off-by: Adam Bratschi-Kaye > Signed-off-by: Wedson Almeida Filho > Reviewed-by: Gary Guo > [Reworded, adapted for upstream and applied latest changes] > Signed-off-by: Miguel Ojeda > --- > rust/kernel/str.rs | 57 ++++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 57 insertions(+) > > diff --git a/rust/kernel/str.rs b/rust/kernel/str.rs > index a995db36486f..ce207d1b3d2a 100644 > --- a/rust/kernel/str.rs > +++ b/rust/kernel/str.rs > @@ -406,6 +406,23 @@ impl RawFormatter { > } > } > > + /// Creates a new instance of [`RawFormatter`] with the given buffer. > + /// > + /// # Safety > + /// > + /// The memory region starting at `buf` and extending for `len` bytes must be valid for writes > + /// for the lifetime of the returned [`RawFormatter`]. > + pub(crate) unsafe fn from_buffer(buf: *mut u8, len: usize) -> Self { > + let pos = buf as usize; > + // INVARIANT: We ensure that `end` is never less then `buf`, and the safety requirements > + // guarantees that the memory region is valid for writes. > + Self { > + pos, > + beg: pos, > + end: pos.saturating_add(len), > + } > + } > + > /// Returns the current insert position. > /// > /// N.B. It may point to invalid memory. > @@ -439,3 +456,43 @@ impl fmt::Write for RawFormatter { > Ok(()) > } > } > + > +/// Allows formatting of [`fmt::Arguments`] into a raw buffer. > +/// > +/// Fails if callers attempt to write more than will fit in the buffer. > +pub(crate) struct Formatter(RawFormatter); > + > +impl Formatter { > + /// Creates a new instance of [`Formatter`] with the given buffer. > + /// > + /// # Safety > + /// > + /// The memory region starting at `buf` and extending for `len` bytes must be valid for writes > + /// for the lifetime of the returned [`Formatter`]. > + #[allow(dead_code)] > + pub(crate) unsafe fn from_buffer(buf: *mut u8, len: usize) -> Self { > + // SAFETY: The safety requirements of this function satisfy those of the callee. > + Self(unsafe { RawFormatter::from_buffer(buf, len) }) > + } > +} > + > +impl Deref for Formatter { > + type Target = RawFormatter; > + > + fn deref(&self) -> &Self::Target { > + &self.0 > + } > +} > + > +impl fmt::Write for Formatter { > + fn write_str(&mut self, s: &str) -> fmt::Result { > + self.0.write_str(s)?; > + > + // Fail the request if we go past the end of the buffer. Reading this for the first time, I'm surprised by this, perhaps a bit more comment is needed? I was expecting that nothing would let pos pass end. Dave > + if self.0.pos > self.0.end { > + Err(fmt::Error) > + } else { > + Ok(()) > + } > + } > +} > -- > 2.38.1 > -- -----Open up your eyes, open up your mind, open up your code ------- / Dr. David Alan Gilbert | Running GNU/Linux | Happy \ \ dave @ treblig.org | | In Hex / \ _________________________|_____ http://www.treblig.org |_______/