rust: transmute: Add implementation for FromBytes trait

Add implementation and documentation for FromBytes trait.

Add new feature block in order to allow using ToBytes
and bound to from_bytes_mut function. I'm adding this feature
because is possible create a value with disallowed bit pattern
and as_byte_mut could create such value by mutating the array and
acessing the original value. So adding ToBytes this can be avoided.

Link: Rust-for-Linux#1119
Signed-off-by: Christian dos Santos de Lima <[email protected]>

rust/kernel/lib.rs

@@ -18,6 +18,8 @@
 #![feature(lint_reasons)]
 #![feature(new_uninit)]
 #![feature(unsize)]
+#![feature(portable_simd)]
+#![feature(trivial_bounds)]
 
 // Ensure conditional compilation based on the kernel configuration works;
 // otherwise we may silently break things like initcall handling.

rust/kernel/transmute.rs

@@ -2,22 +2,66 @@
 
 //! Traits for transmuting types.
 
+use core::simd::ToBytes;
 /// Types for which any bit pattern is valid.
 ///
 /// Not all types are valid for all values. For example, a `bool` must be either zero or one, so
 /// reading arbitrary bytes into something that contains a `bool` is not okay.
 ///
 /// It's okay for the type to have padding, as initializing those bytes has no effect.
 ///
+/// # Example
+///
+/// This example is how to use the FromBytes trait
+/// ```
+/// // Initialize a slice of bytes
+/// let foo = &[1, 2, 3, 4];
+///
+/// //Use the function implemented by trait in integer type
+/// let result = u8::from_bytes(foo);
+///
+/// assert_eq!(*result, 0x4030201);
+/// ```
 /// # Safety
 ///
 /// All bit-patterns must be valid for this type. This type must not have interior mutability.
-pub unsafe trait FromBytes {}
+pub unsafe trait FromBytes {
+    ///Get an imutable slice of bytes and converts to a reference to Self
+    unsafe fn from_bytes(slice_of_bytes: &[u8]) -> &Self;
+    /// Get a mutable slice of bytes and converts to a reference to Self
+    ///
+    /// # Safety
+    ///
+    ///  Bound ToBytes in order to avoid use with disallowed bit patterns
+    unsafe fn from_bytes_mut(slice_of_bytes: &mut [u8]) -> &mut Self
+    where
+        Self: ToBytes;
+}
 
+//Get a reference of slice of bytes and converts into a reference of integer or a slice with a defined size
 macro_rules! impl_frombytes {
     ($($({$($generics:tt)*})? $t:ty, )*) => {
         // SAFETY: Safety comments written in the macro invocation.
-        $(unsafe impl$($($generics)*)? FromBytes for $t {})*
+        $(unsafe impl$($($generics)*)? FromBytes for $t {
+            unsafe fn from_bytes(slice_of_bytes: &[u8]) -> &Self
+            {
+                unsafe {
+                    let slice_ptr = slice_of_bytes.as_ptr() as *const Self;
+                    &*slice_ptr
+                }
+            }
+
+            unsafe fn from_bytes_mut(slice_of_bytes: &mut [u8]) -> &mut Self
+            where
+                Self: ToBytes,
+            {
+                unsafe {
+                    let slice_ptr = slice_of_bytes.as_mut_ptr() as *mut Self;
+                    &mut *slice_ptr
+                }
+
+            }
+        })*
     };
 }
 
@@ -28,44 +72,52 @@ impl_frombytes! {
 
     // SAFETY: If all bit patterns are acceptable for individual values in an array, then all bit
     // patterns are also acceptable for arrays of that type.
-    {<T: FromBytes>} [T],
     {<T: FromBytes, const N: usize>} [T; N],
 }
 
-/// Types that can be viewed as an immutable slice of initialized bytes.
+/// Get a reference of slice of bytes and converts into a reference of an array of integers
 ///
-/// If a struct implements this trait, then it is okay to copy it byte-for-byte to userspace. This
-/// means that it should not have any padding, as padding bytes are uninitialized. Reading
-/// uninitialized memory is not just undefined behavior, it may even lead to leaking sensitive
-/// information on the stack to userspace.
+/// Types for which any bit pattern is valid.
 ///
-/// The struct should also not hold kernel pointers, as kernel pointer addresses are also considered
-/// sensitive. However, leaking kernel pointers is not considered undefined behavior by Rust, so
-/// this is a correctness requirement, but not a safety requirement.
+/// Not all types are valid for all values. For example, a `bool` must be either zero or one, so
+/// reading arbitrary bytes into something that contains a `bool` is not okay.
 ///
-/// # Safety
+/// It's okay for the type to have padding, as initializing those bytes has no effect.
 ///
-/// Values of this type may not contain any uninitialized bytes. This type must not have interior
-/// mutability.
-pub unsafe trait AsBytes {}
-
-macro_rules! impl_asbytes {
-    ($($({$($generics:tt)*})? $t:ty, )*) => {
-        // SAFETY: Safety comments written in the macro invocation.
-        $(unsafe impl$($($generics)*)? AsBytes for $t {})*
-    };
-}
-
-impl_asbytes! {
-    // SAFETY: Instances of the following types have no uninitialized portions.
-    u8, u16, u32, u64, usize,
-    i8, i16, i32, i64, isize,
-    bool,
-    char,
-    str,
+/// # Example
+///
+/// This example is how to use the FromBytes trait
+/// ```
+/// // Initialize a slice of bytes
+/// let foo = &[1, 2, 3, 4];
+///
+/// //Use the function implemented by trait in integer type
+/// let result = <[u32]>::from_bytes(slice_of_bytes);
+///
+/// assert_eq!(*result, 0x4030201);
+/// ```
+// SAFETY: If all bit patterns are acceptable for individual values in an array, then all bit
+// patterns are also acceptable for arrays of that type.
+unsafe impl<T: FromBytes> FromBytes for [T] {
+    unsafe fn from_bytes(slice_of_bytes: &[u8]) -> &Self {
+        //Safety: Guarantee that all values are initiliazed
+        unsafe {
+            let slice_ptr = slice_of_bytes.as_ptr() as *const T;
+            let slice_len = slice_of_bytes.len() / core::mem::size_of::<T>();
+            core::slice::from_raw_parts(slice_ptr, slice_len)
+        }
+    }
 
-    // SAFETY: If individual values in an array have no uninitialized portions, then the array
-    // itself does not have any uninitialized portions either.
-    {<T: AsBytes>} [T],
-    {<T: AsBytes, const N: usize>} [T; N],
+    //Safety: Guarantee that all values are initiliazed
+    unsafe fn from_bytes_mut(slice_of_bytes: &mut [u8]) -> &mut Self
+    where
+        Self: ToBytes,
+    {
+        //Safety: Guarantee that all values are initiliazed
+        unsafe {
+            let slice_ptr = slice_of_bytes.as_mut_ptr() as *mut T;
+            let slice_len = slice_of_bytes.len() / core::mem::size_of::<T>();
+            core::slice::from_raw_parts_mut(slice_ptr, slice_len)
+        }
+    }
 }