Skip to content

Use uninitialized buffers for read and recvfrom#1606

Merged
mkroening merged 2 commits intohermit-os:mainfrom
thaliaarchi:read-uninit
Feb 19, 2025
Merged

Use uninitialized buffers for read and recvfrom#1606
mkroening merged 2 commits intohermit-os:mainfrom
thaliaarchi:read-uninit

Conversation

@thaliaarchi
Copy link
Contributor

@thaliaarchi thaliaarchi commented Feb 19, 2025
edited
Loading

Currently, when using an uninitialized buffer for read or recvfrom, as would be typical in C or required for Read::read_buf, it is casted from *mut u8 at the FFI boundary in sys_read/sys_readv/sys_recvfrom to a &[u8]. I think this is unsound. Instead, use &[MaybeUninit<u8>] internally.

I use &[u8] instead of core::io::BorrowedCursor<'_>, because there are currently no cases where the initialized portion needs to be separately tracked.

Since smoltcp::socket::tcp::Socket::recv_slice takes a &[u8], inline it and refactor. As a bonus, this avoids a copy and clear in the error case and it makes it more clear that packets are dropped when given an insufficiently large buffer.

This PR enables implementing std::io::Read::read_buf for std::fs::File and std::io::Stdin on Hermit. That effort is tracked in rust-lang/rust#136756.

@thaliaarchi
Use uninitialized buffer for read
b8897bf 
Currently, when using an uninitialized buffer for `read`, as would be
typical in C or required for `Read::read_buf`, it is casted from `*mut
u8` at the FFI boundary in `sys_read`/`sys_readv` to a `&[u8]`. I think
this is unsound.

Instead, use `&[MaybeUninit<u8>]` internally. I use this instead of
`core::io::BorrowedCursor<'_>`, because there are currently no cases
where the initialized portion needs to be separately tracked.

This enables implementing `std::io::Read::read_buf` for `std::fs::File`
and `std::io::Stdin` on Hermit. That effort is tracked in
rust-lang/rust#136756.
@thaliaarchi
Use uninitialized buffer for recvfrom
5aab4b0 
Since `smoltcp::socket::tcp::Socket::recv_slice` takes a `&[u8]`, inline
it and refactor. As a bonus, this avoids a copy and clear in the error
case and it makes it more clear that packets are dropped when given an
insufficiently large buffer.
@thaliaarchi thaliaarchi changed the title Read to uninitialized buffer Use uninitialized buffers for read and recvfrom Feb 19, 2025
@thaliaarchi
Copy link
Contributor Author

thaliaarchi commented Feb 19, 2025
edited
Loading

The CI failure seems likely to be unrelated:

Laplace iterations
Error: QEMU timeout

@mkroening mkroening self-requested a review February 19, 2025 07:57
@mkroening mkroening self-assigned this Feb 19, 2025
mkroening
mkroening approved these changes Feb 19, 2025
View reviewed changes
Copy link
Member

@mkroening mkroening left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot! :)

@mkroening mkroening added this pull request to the merge queue Feb 19, 2025
Merged via the queue into hermit-os:main with commit da243b5 Feb 19, 2025
13 checks passed
@thaliaarchi
Copy link
Contributor Author

thaliaarchi commented Feb 19, 2025

How should I coordinate with the Hermit side when I submit the PR to Rust for Read::read_buf? Does this need to be released in Hermit for a while?

@mkroening
Copy link
Member

mkroening commented Feb 19, 2025

The kernel is built separately from the application and then linked together without LTO at the moment, so I think the chances of something bad happening due to undefined behavior are really slim in this case.

So I'd say you can go ahead with that PR right away. Feel free to Tag @stlankes and me in everything Hermit-related to keep us in the loop, of course. :)

@thaliaarchi thaliaarchi mentioned this pull request Feb 19, 2025
Closed
@thaliaarchi thaliaarchi mentioned this pull request Mar 10, 2025
Merged
jhpratt added a commit to jhpratt/rust that referenced this pull request Mar 18, 2025
@jhpratt
Rollup merge of rust-lang#138301 - thaliaarchi:io-optional-methods/he…
c1f2309 
…rmit, r=tgross35

Implement `read_buf` for Hermit

Following hermit-os/kernel#1606, it is now safe to implement `Read::read_buf` for file descriptors on Hermit.

cc `@mkroening`
jhpratt added a commit to jhpratt/rust that referenced this pull request Mar 18, 2025
@jhpratt
Rollup merge of rust-lang#138301 - thaliaarchi:io-optional-methods/he…
ca789b9 
…rmit, r=tgross35

Implement `read_buf` for Hermit

Following hermit-os/kernel#1606, it is now safe to implement `Read::read_buf` for file descriptors on Hermit.

cc ``@mkroening``
matthiaskrgr added a commit to matthiaskrgr/rust that referenced this pull request Mar 18, 2025
@matthiaskrgr
Rollup merge of rust-lang#138301 - thaliaarchi:io-optional-methods/he…
800b8fb 
…rmit, r=tgross35

Implement `read_buf` for Hermit

Following hermit-os/kernel#1606, it is now safe to implement `Read::read_buf` for file descriptors on Hermit.

cc ```@mkroening```
github-actions bot pushed a commit to model-checking/verify-rust-std that referenced this pull request Apr 2, 2025
@matthiaskrgr
Rollup merge of rust-lang#138301 - thaliaarchi:io-optional-methods/he…
ae49cc6 
…rmit, r=tgross35

Implement `read_buf` for Hermit

Following hermit-os/kernel#1606, it is now safe to implement `Read::read_buf` for file descriptors on Hermit.

cc ```@mkroening```
@thaliaarchi thaliaarchi mentioned this pull request Oct 17, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mkroening mkroening mkroening approved these changes

Assignees

@mkroening mkroening

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@thaliaarchi @mkroening