| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAH5fLggDwPBzMO2Z48oMjDm4qgoNM0NQs_63TxmVEGy+gtMpOA@mail.gmail.com> Date: Thu, 1 May 2025 09:13:25 +0200 From: Alice Ryhl <aliceryhl@...gle.com> To: Andreas Hindborg <a.hindborg@...nel.org> Cc: Danilo Krummrich <dakr@...nel.org>, Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, Benno Lossin <benno.lossin@...ton.me>, Trevor Gross <tmgross@...ch.edu>, Joel Becker <jlbec@...lplan.org>, Peter Zijlstra <peterz@...radead.org>, Ingo Molnar <mingo@...hat.com>, Will Deacon <will@...nel.org>, Waiman Long <longman@...hat.com>, Fiona Behrens <me@...enk.dev>, Charalampos Mitrodimas <charmitro@...teo.net>, Daniel Almeida <daniel.almeida@...labora.com>, rust-for-linux@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v5 1/4] rust: sync: change `<Arc<T> as ForeignOwnable>::PointedTo` to `T` On Thu, Feb 27, 2025 at 1:36 PM Andreas Hindborg <a.hindborg@...nel.org> wrote: > > Using `ArcInner` as `PoinedTo` in the `ForeignOwnable` implementation for > `Arc` is a bit unfortunate. Using `T` as `PointedTo` does not remove any > functionality, but allows `ArcInner` to be private. Further, it allows > downstream users to write code that is generic over `Box` and `Arc`, when > downstream users need access to `T` after calling `into_foreign`. > > Reviewed-by: Fiona Behrens <me@...enk.dev> > Reviewed-by: Daniel Almeida <daniel.almeida@...labora.com> > Tested-by: Daniel Almeida <daniel.almeida@...labora.com> > Signed-off-by: Andreas Hindborg <a.hindborg@...nel.org> We discussed this in the meeting yesterday, but just to summarize: This isn't correct use of the trait. The trait is intended for cases where you pass a void pointer into C code, and the C code treats that void pointer entirely opaquely. That's why the docs for `into_foreign` say this: The foreign representation is a pointer to void. There are no guarantees for this pointer. For example, it might be invalid, dangling or pointing to uninitialized memory. Using it in any way except for [`from_foreign`], [`try_from_foreign`], [`borrow`], or [`borrow_mut`] can result in undefined behavior. In this case, you want to make this change because the C code in configfs will dereference the void pointer and read from it. But that's not allowed with the ForeignOwnable trait. You need a new trait if you want pointers that are not opaque. Alice
Powered by blists - more mailing lists