lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 7 Jun 2023 10:18:26 -0700
From:   Boqun Feng <boqun.feng@...il.com>
To:     Qingsong Chen <changxian.cqs@...group.com>
Cc:     linux-kernel@...r.kernel.org,
        田洪亮 <tate.thl@...group.com>,
        Miguel Ojeda <ojeda@...nel.org>,
        Alex Gaynor <alex.gaynor@...il.com>,
        Wedson Almeida Filho <wedsonaf@...il.com>,
        Gary Guo <gary@...yguo.net>,
        Björn Roy Baron <bjorn3_gh@...tonmail.com>,
        Benno Lossin <benno.lossin@...ton.me>,
        Martin Rodriguez Reboredo <yakoyoku@...il.com>,
        Alice Ryhl <aliceryhl@...gle.com>,
        Asahi Lina <lina@...hilina.net>, rust-for-linux@...r.kernel.org
Subject: Re: [PATCH v2 1/3] rust: kernel: add ScatterList abstraction

On Tue, Jun 06, 2023 at 03:01:30PM +0800, Qingsong Chen wrote:
> On 6/5/23 11:26 PM, Boqun Feng wrote:
> > On Fri, Jun 02, 2023 at 06:18:17PM +0800, Qingsong Chen wrote:
> > [...]
> > > +impl<'a> ScatterList<'a> {
> > > +    /// Construct a new initializer.
> > > +    pub fn new(buf: &'a Pin<&mut [u8]>) -> impl PinInit<ScatterList<'a>> {
> > > +        // SAFETY: `slot` is valid while the closure is called, the memory
> > > +        // buffer is pinned and valid.
> > > +        unsafe {
> > > +            init::pin_init_from_closure(move |slot: *mut Self| {
> > > +                (*slot).set_buf(buf);
> > > +                (*slot).mark_end();
> > 
> > Benno can provide more information, but you cannot dereference or create
> > a reference to `*slot`, since `slot` points to an uninitialized object
> > (see `try_pin_init` implementations), and referencing uninitialized
> > objects is UB (or may cause UB).
> 
> I understand that `reading` from uninitialized objects is UB, either
> via references or raw pointers. But in this unsafe closure, we just do
> the `writing` job to `slot` for initializing. This makes me a little
> confused, why is there a difference between reference and raw pointer?

References (or the existence of the references) mean the underlying
objects are valid:

	https://doc.rust-lang.org/std/primitive.reference.html

, so creating a reference (even a temporary one) to an uninitialized is
an UB, that being said..

> Is there any compiler magic on reference which may cause UB? Still, I

I'm not creative enough to come up with a compiler optimization that
will (ab)use this UB to do evil if you can be sure that set_buf() and
mark_end() are purely writes. So your confusion looks reasonable to me
;-) But still it's an UB. And I guess you don't want to be suprised by
any future compiler optimization, right? ;-)

Regards,
Boqun

> would fix this by `addr_of`. Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ