lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <b31ed7c6-03ca-4d11-80fe-01a73bdab473@kernel.org>
Date: Wed, 10 Sep 2025 15:09:53 +0200
From: Danilo Krummrich <dakr@...nel.org>
To: Alice Ryhl <aliceryhl@...gle.com>
Cc: Benno Lossin <lossin@...nel.org>, Miguel Ojeda <ojeda@...nel.org>,
 Alex Gaynor <alex.gaynor@...il.com>, Boqun Feng <boqun.feng@...il.com>,
 Gary Guo <gary@...yguo.net>, Björn Roy Baron
 <bjorn3_gh@...tonmail.com>, Andreas Hindborg <a.hindborg@...nel.org>,
 Trevor Gross <tmgross@...ch.edu>, Fiona Behrens <me@...enk.dev>,
 Alban Kurti <kurti@...icto.ai>, rust-for-linux@...r.kernel.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] rust: pin-init: add `#[bind]` attribute to access
 previously initialized fields

On 9/10/25 1:52 PM, Alice Ryhl wrote:
> On Wed, Sep 10, 2025 at 1:15 PM Danilo Krummrich <dakr@...nel.org> wrote:
>>
>> On Wed Sep 10, 2025 at 12:40 PM CEST, Alice Ryhl wrote:
>>> On Wed, Sep 10, 2025 at 12:36 PM Benno Lossin <lossin@...nel.org> wrote:
>>>>
>>>> On Wed Sep 10, 2025 at 12:17 PM CEST, Alice Ryhl wrote:
>>>>> On Wed, Sep 10, 2025 at 12:07:53PM +0200, Benno Lossin wrote:
>>>>>> Assigning a field a value in an initializer macro can be marked with the
>>>>>> `#[bind]` attribute. Doing so creates a `let` binding with the same
>>>>>> name. This `let` binding has the type `Pin<&mut T>` if the field is
>>>>>> structurally pinned or `&mut T` otherwise (where `T` is the type of the
>>>>>> field).
>>>>>>
>>>>>> Signed-off-by: Benno Lossin <lossin@...nel.org>
>>>>>
>>>>> Is there a reason we can't apply this to all fields and avoid the
>>>>> attribute?
>>>>
>>>> Adding the attribute was due to Boqun's concern on v1 [1]. I think it
>>>> might be surprising too, but I'm also happy with no attribute.
>>>>
>>>> [1]: https://lore.kernel.org/all/aLshd0_C-1rh3FAg@tardis-2.local
>>>
>>> IMO the ideal is if it works without an attribute. Perhaps trying that
>>> in the kernel is a reasonable experiment to find out whether that's
>>> reasonable to do for the general language feature?
>>>
>>>>> Do we have a place that might be able to use this?
>>>>
>>>> I didn't find one, but Danilo plans to base some changes on top this
>>>> cycle that need this.
>>
>> We can use it in devres right away:
>>
>> diff --git a/rust/kernel/devres.rs b/rust/kernel/devres.rs
>> index d04e3fcebafb..97c616a1733d 100644
>> --- a/rust/kernel/devres.rs
>> +++ b/rust/kernel/devres.rs
>> @@ -137,10 +137,11 @@ pub fn new<'a, E>(
>>      {
>>          let callback = Self::devres_callback;
>>
>> -        try_pin_init!(&this in Self {
>> +        try_pin_init!(Self {
>>              dev: dev.into(),
>>              callback,
>>              // INVARIANT: `inner` is properly initialized.
>> +            #[bind]
>>              inner <- Opaque::pin_init(try_pin_init!(Inner {
>>                      devm <- Completion::new(),
>>                      revoke <- Completion::new(),
>> @@ -150,8 +151,7 @@ pub fn new<'a, E>(
>>              //
>>              // [1] https://github.com/Rust-for-Linux/pin-init/pull/69
>>              _add_action: {
>> -                // SAFETY: `this` is a valid pointer to uninitialized memory.
>> -                let inner = unsafe { &raw mut (*this.as_ptr()).inner };
>> +                let inner = core::ptr::from_ref(inner.into_ref().get_ref());
> 
> Overall looks good. Looks like you want Opaque::get here rather than
> the cast cast cast operation.

Oh, indeed. I overlooked that. :)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ