Re: [PATCH] uaccess: rust: add strncpy_from_user
From: Danilo Krummrich
Date: Fri Apr 25 2025 - 10:14:49 EST
On Fri, Apr 25, 2025 at 09:44:06AM +0000, Alice Ryhl wrote:
> On Thu, Apr 24, 2025 at 06:32:08PM +0200, Danilo Krummrich wrote:
> > On Thu, Apr 24, 2025 at 03:17:48PM +0000, Alice Ryhl wrote:
> > >
> > > +/// Reads a nul-terminated string into `buf` and returns the length.
> > > +///
> > > +/// Fails with [`EFAULT`] if the read happens on a bad address. If the end of `buf` is reached,
> > > +/// then the buffer will not be nul-terminated.
> > > +#[inline]
> > > +pub fn strncpy_from_user(ptr: UserPtr, buf: &mut [u8]) -> Result<usize> {
> >
> > Should probably be named strcpy_from_user() instead.
>
> See my reply to Boqun.
>
> > > + // CAST: Slice lengths are guaranteed to be `<= isize::MAX`.
> > > + let len = buf.len() as isize;
> > > +
> > > + // SAFETY: `buf` is valid for writing `buf.len()` bytes.
> > > + let res = unsafe {
> > > + bindings::strncpy_from_user(
> > > + buf.as_mut_ptr(),
> > > + ptr as *const u8,
> >
> > kernel::ffi::c_char should always match u8, but should we use the FFI type
> > regardless?
>
> Hmm. Should we? I don't mind changing it, but I guess this could be an
> interesting discussion point.
I think we should stick to the FFI type, even if we know the types are
guaranteed to match. But I also won't object with how it is.