lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 24 Mar 2023 08:39:35 +0000
From:   Benno Lossin <y86-dev@...tonmail.com>
To:     Boqun Feng <boqun.feng@...il.com>
Cc:     Miguel Ojeda <ojeda@...nel.org>,
        Alex Gaynor <alex.gaynor@...il.com>,
        Wedson Almeida Filho <wedsonaf@...il.com>,
        Gary Guo <gary@...yguo.net>,
        Björn Roy Baron <bjorn3_gh@...tonmail.com>,
        rust-for-linux@...r.kernel.org, linux-kernel@...r.kernel.org,
        patches@...ts.linux.dev
Subject: Re: [PATCH v2 3/5] rust: add pin-init API

On 23.03.23 07:30, Boqun Feng wrote:
> On Tue, Mar 21, 2023 at 07:50:00PM +0000, Benno Lossin wrote:
> [...]
>> +/// # Syntax
>> +///
>> +/// As already mentioned in the examples above, inside of `pin_init!` a `struct` initializer with
>> +/// the following modifications is expected:
>> +/// - Fields that you want to initialize in-place have to use `<-` instead of `:`.
>> +/// - In front of the initializer you can write `&this in` to have access to a [`NonNull<Self>`]
>> +///   pointer named `this` inside of the initializer.
>> +///
>> +/// For instance:
>> +///
>> +/// ```rust
>> +/// # use kernel::pin_init;
>> +/// # use macros::pin_data;
>> +/// # use core::{ptr::addr_of_mut, marker::PhantomPinned};
>> +/// #[pin_data]
>> +/// struct Buf {
>> +///     ptr: *mut u8,
>> +///     buf: [u8; 64],
>
> Say we have an extra field,
>
>             a: u8,
>
>> +///     #[pin]
>> +///     pin: PhantomPinned,
>> +/// }
>> +/// pin_init!(&this in Buf {
>> +///     buf: [0; 64],
>> +///     ptr: unsafe { addr_of_mut!((*this.as_ptr()).buf).cast() },
>
> And I think we want to disallow:
>
>             a: unsafe { (*addr_of!(*this.as_ptr().buf))[0] }
>
> , right? Because we don't want `pin_init!` to provide any initialization
> order guarantee? If so, maybe add one or two sentences to call it out.
>
> If not sure, I think we can leave it as it is, until someone really uses
> this pattern ;-)

The `pin_init!` macro initializes everything in the order specified, so
if `a` is the last field you initialize, the code above is fine. I think
we could guarantee this. I will add a comment.

--
Cheers,
Benno

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ