lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAH5fLgh9aEF5V9rNq2a8utS=NxSU8rdxpKsNbsuPoMpDfHN0fg@mail.gmail.com>
Date: Tue, 22 Jul 2025 13:34:30 +0200
From: Alice Ryhl <aliceryhl@...gle.com>
To: Benno Lossin <lossin@...nel.org>
Cc: Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, 
	Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>, 
	Björn Roy Baron <bjorn3_gh@...tonmail.com>, 
	Benno Lossin <benno.lossin@...ton.me>, Andreas Hindborg <a.hindborg@...nel.org>, 
	Trevor Gross <tmgross@...ch.edu>, Danilo Krummrich <dakr@...nel.org>, Lyude Paul <lyude@...hat.com>, 
	Mitchell Levy <levymitchell0@...il.com>, Wedson Almeida Filho <wedsonaf@...il.com>, 
	rust-for-linux@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] rust: sync: fix safety comment for `static_lock_class`

On Tue, Jul 22, 2025 at 1:21 PM Benno Lossin <lossin@...nel.org> wrote:
>
> On Wed May 21, 2025 at 1:17 AM CEST, Benno Lossin wrote:
> > The safety comment mentions lockdep -- which from a Rust perspective
> > isn't important -- and doesn't mention the real reason for why it's
> > sound to create `LockClassKey` as uninitialized memory.
> >
> > Signed-off-by: Benno Lossin <lossin@...nel.org>
> > ---
> >
> > I don't think we need to backport this.
> >
> > ---
> >  rust/kernel/sync.rs | 7 +++++--
> >  1 file changed, 5 insertions(+), 2 deletions(-)
> >
> > diff --git a/rust/kernel/sync.rs b/rust/kernel/sync.rs
> > index 36a719015583..a10c812d8777 100644
> > --- a/rust/kernel/sync.rs
> > +++ b/rust/kernel/sync.rs
> > @@ -93,8 +93,11 @@ fn drop(self: Pin<&mut Self>) {
> >  macro_rules! static_lock_class {
> >      () => {{
> >          static CLASS: $crate::sync::LockClassKey =
> > -            // SAFETY: lockdep expects uninitialized memory when it's handed a statically allocated
> > -            // lock_class_key
> > +            // Lockdep expects uninitialized memory when it's handed a statically allocated `struct
> > +            // lock_class_key`.
> > +            //
> > +            // SAFETY: `LockClassKey` transparently wraps `Opaque` which permits uninitialized
> > +            // memory.
> >              unsafe { ::core::mem::MaybeUninit::uninit().assume_init() };
>
> Looking at this patch with fresh eyes (thanks for the bump, Alice :) I
> think we should rather have a public unsafe function on `LockClassKey`
> that creates an uninitialized lock class key. I'd like to avoid the
> `MaybeUninit::uninit().assume_init()` pattern, as it might confuse
> people & it looks very wrong.
>
> We can take this patch, as it definitely is an improvement, but I think
> we should also just fix this properly. Any thoughts?

Could that constructor be used in non-static cases?

Alice

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ