Re: [PATCH] uaccess: rust: add strncpy_from_user

From: Alice Ryhl
Date: Fri Apr 25 2025 - 05:45:31 EST

Next message: Andre Przywara: "Re: [PATCH 1/1] arm64: dts: allwinner: correct the model name for Radxa Cubie A5E"
Previous message: Alice Ryhl: "Re: [PATCH] uaccess: rust: add strncpy_from_user"
In reply to: Miguel Ojeda: "Re: [PATCH] uaccess: rust: add strncpy_from_user"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Apr 24, 2025 at 06:38:52PM +0200, Miguel Ojeda wrote:
> On Thu, Apr 24, 2025 at 5:18 PM Alice Ryhl <aliceryhl@xxxxxxxxxx> wrote:
> >
> > + if res < 0 {
> > + Err(Error::from_errno(res as i32))
> > + } else {
> > + #[cfg(CONFIG_RUST_OVERFLOW_CHECKS)]
> > + assert!(res <= len);
> > + Ok(res as usize)
> > + }
>
> What about:
>
> if res < 0 {
> return Err(...);
> }
>
> overflow_assert!(res <= len);
> Ok(res as usize)
>
> That follows a bit better what is usually done on the C side, in using
> early returns (especially for error paths) and in avoiding local
> `#ifdef`s.

Sure, that looks good to me.

> Of course, we can leave this `overflow_assert!` to a different patch
> later on with this code as an example use case, or a good first issue
> etc. It also allows to document it etc. Happy to send it or create the
> issue.
>
> (I wrote that instead of `assert_overflow!` because it follows the
> `{static,debug}_assert!` patterns, i.e. it changes more the "kind" of
> assert rather than asserting a particular thing, like `_eq!` or
> `_same_type!`).

Sounds like a good good-first-issue.

Alice

Next message: Andre Przywara: "Re: [PATCH 1/1] arm64: dts: allwinner: correct the model name for Radxa Cubie A5E"
Previous message: Alice Ryhl: "Re: [PATCH] uaccess: rust: add strncpy_from_user"
In reply to: Miguel Ojeda: "Re: [PATCH] uaccess: rust: add strncpy_from_user"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]