Received: by 2002:a05:7412:b10a:b0:f3:1519:9f41 with SMTP id az10csp939962rdb; Fri, 1 Dec 2023 02:49:14 -0800 (PST) X-Google-Smtp-Source: AGHT+IHpT4+9ETWoFUWGUj/rn0OKCYPcTWY2CZatIe0Tul6lWpa3lkpode8/3lakQMNZShxEd+cE X-Received: by 2002:a05:6a20:5497:b0:18c:3065:8048 with SMTP id i23-20020a056a20549700b0018c30658048mr23017294pzk.42.1701427753880; Fri, 01 Dec 2023 02:49:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701427753; cv=none; d=google.com; s=arc-20160816; b=ZC+8UPyGOiRaNwnjQ5xI2Rs7+z5Jq5cMmJMY0v2SucHTc079qRAIXUpM5SyqdXxyv/ 02JLQ0L4lVefQdKVj0QD2T2Ul7z0wCptTARZoKqbkZ01uYBoxjCqEZ/aiI7T1sB0UwkZ 1j+M9oO/pJk0Z4JlkGGO6ztENOhPvdVVV+XjpV7vKg49l6g3e2rWqRCQSn/Eczf3edlp bYYfKZBq4NTidC0dHvZiQ81djHUhFZWEsa1fVnyFIbCvvNSgqdGf3IxUkqHrTEbWYkRf DHl+GHH9JBfCZNyIfAAFgk9q2xGoIdydc7lniZ5s7xiMJ9AdteV9CZwcSe7VxJUsIDlP /7GA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=3BDjvfSfgdlHtcZ8hZz7EmYheIAAA3/9++NHU5PhyfI=; fh=0N28rIzUFNBR4G6i0VFfK8yvbIIcOQTClwSpqXp6U/Y=; b=gtJopHGSCjjrWAP9bYTg7zRmXMe6qeHBlPBAxbfLFaDiJ54e81kL/YZdds/qXKtCDZ SbNINkWHOXi8+kFfsobVbwQCb3YgByWTyaUzPPJkvor3ETp06n24IxYYRmllQKJ7L3ko 0wuEOmnQpwCW1AexPW3ge76YyiN9EeIsotJTMQh1eQkEh1bvwCQ/lAa+5FWii3GL1fO0 rL3WgZNy2c6kfgyT7lo5bVZvhCj2s24DR45246KMxcy5WPKjpBiSFVJIDOLYjiFn706f mjJu62Dfcix+QOLKRbXVHgd5B4XVUsKHWHF+ZxDiDwmGffBQg+/ZAv5k89CZODY+Mrnv Jv/A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=sxA3i1Ch; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from howler.vger.email (howler.vger.email. [2620:137:e000::3:4]) by mx.google.com with ESMTPS id u9-20020a056a00158900b006cdfada31d0si1568251pfk.30.2023.12.01.02.49.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 Dec 2023 02:49:13 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) client-ip=2620:137:e000::3:4; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=sxA3i1Ch; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id 85F46852681D; Fri, 1 Dec 2023 02:49:07 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1378406AbjLAKsa (ORCPT + 99 others); Fri, 1 Dec 2023 05:48:30 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54422 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1378395AbjLAKs3 (ORCPT ); Fri, 1 Dec 2023 05:48:29 -0500 Received: from mail-lf1-x149.google.com (mail-lf1-x149.google.com [IPv6:2a00:1450:4864:20::149]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9214610FC for ; Fri, 1 Dec 2023 02:48:35 -0800 (PST) Received: by mail-lf1-x149.google.com with SMTP id 2adb3069b0e04-50bc961b435so1927110e87.2 for ; Fri, 01 Dec 2023 02:48:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1701427714; x=1702032514; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=3BDjvfSfgdlHtcZ8hZz7EmYheIAAA3/9++NHU5PhyfI=; b=sxA3i1Chktm3tCfmpZuR6EOYjQm3xstwFoUilO54Kl/cjp7pWByFTIijDNMQuF4Y+5 rGy778iYi8e5UnoZPTD6doM2FB9rEL07USlqL0S8iQ/gut0+soyY7ocQkbLxZow1YRDd dCCUxnX1FMF2mch+eKJblwTjtSp54fF/eiX+fycLdzDpHf7JlLUgK25lkAqtQmJdQCMq g0PA7ObPTdWlf6YeDAJ3Itys63Gi8Hy8lYRhPJUi/8ewQ+WLEkW36+0Na3jUe4AkJQ5w c921+6+Fs9vLHZGnBKBXCdAz631n0M7OaCkDhhzarZcMatqSbcLMgOXdlH6KCmtXRf43 EVEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701427714; x=1702032514; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=3BDjvfSfgdlHtcZ8hZz7EmYheIAAA3/9++NHU5PhyfI=; b=rOkPgGjqsMlsK5ijmoyVdinf9ZMIivWkZ7kvDxYfVlvPiTFJ0Cs3FUrc4SoEpwrmlK ACT2X6GUgbhZ1XV9VncIev+IN5/bbytgQ3SMEXMxEA8dRmVNylWAQZKTMJzvQRuEE9E5 hSEXhEUkcI/4D+4aupLL8wtTVBiHrxzTBESQmxuXjVVHe193vpf/rLlyN746KbWLxDdN TH1xmldF8ZJPlBeNSM46/Je4g6RK2Ve0dTtQbAWzN1CGDNIhRK/Tmmp7OWOpI5KdVmKs cAQZ3t6rgN+PF5+ibN/LQQK3KhUxsuSK4g3BouhaTkz5hfeyFcdI7Iztw0Gwj/2XUOyL 96yA== X-Gm-Message-State: AOJu0YyfDiPpH3NLFO0egb06uwlbnkCbLGrxpC18XE1fqIjZ7UrSXCdq SiPXFBjLub+dZsHWKwogeun2wLWVeydHO00= X-Received: from aliceryhl2.c.googlers.com ([fda3:e722:ac3:cc00:68:949d:c0a8:572]) (user=aliceryhl job=sendgmr) by 2002:a05:6512:15a6:b0:505:7ae3:182f with SMTP id bp38-20020a05651215a600b005057ae3182fmr37944lfb.12.1701427713791; Fri, 01 Dec 2023 02:48:33 -0800 (PST) Date: Fri, 1 Dec 2023 10:48:31 +0000 In-Reply-To: Mime-Version: 1.0 References: X-Mailer: git-send-email 2.43.0.rc2.451.g8631bc7472-goog Message-ID: <20231201104831.2195715-1-aliceryhl@google.com> Subject: Re: [PATCH 3/7] rust: security: add abstraction for secctx From: Alice Ryhl To: benno.lossin@proton.me Cc: a.hindborg@samsung.com, alex.gaynor@gmail.com, aliceryhl@google.com, arve@android.com, bjorn3_gh@protonmail.com, boqun.feng@gmail.com, brauner@kernel.org, cmllamas@google.com, dan.j.williams@intel.com, dxu@dxuuu.xyz, gary@garyguo.net, gregkh@linuxfoundation.org, joel@joelfernandes.org, keescook@chromium.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, maco@android.com, ojeda@kernel.org, peterz@infradead.org, rust-for-linux@vger.kernel.org, surenb@google.com, tglx@linutronix.de, tkjos@android.com, viro@zeniv.linux.org.uk, wedsonaf@gmail.com, willy@infradead.org Content-Type: text/plain; charset="utf-8" X-Spam-Status: No, score=-8.4 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Fri, 01 Dec 2023 02:49:07 -0800 (PST) Benno Lossin writes: > On 11/29/23 14:11, Alice Ryhl wrote: >> + /// Returns the bytes for this security context. >> + pub fn as_bytes(&self) -> &[u8] { >> + let mut ptr = self.secdata; >> + if ptr.is_null() { >> + // Many C APIs will use null pointers for strings of length zero, but > > I would just write that the secctx API uses null pointers to denote a > string of length zero. I don't actually know whether it can ever be null, I just wanted to stay on the safe side. >> + // `slice::from_raw_parts` doesn't allow the pointer to be null even if the length is >> + // zero. Replace the pointer with a dangling but non-null pointer in this case. >> + debug_assert_eq!(self.seclen, 0); > > I am feeling a bit uncomfortable with this, why can't we just return > an empty slice in this case? I can do that, but to be clear, what I'm doing here is also definitely okay. Alice