lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAH5fLgjS+T1acN9jsEv85bhhXwevSA2trqu-9aFFsKpH82b8iA@mail.gmail.com>
Date: Wed, 10 Sep 2025 13:52:14 +0200
From: Alice Ryhl <aliceryhl@...gle.com>
To: Danilo Krummrich <dakr@...nel.org>
Cc: Benno Lossin <lossin@...nel.org>, Miguel Ojeda <ojeda@...nel.org>, 
	Alex Gaynor <alex.gaynor@...il.com>, Boqun Feng <boqun.feng@...il.com>, 
	Gary Guo <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, 
	Andreas Hindborg <a.hindborg@...nel.org>, Trevor Gross <tmgross@...ch.edu>, Fiona Behrens <me@...enk.dev>, 
	Alban Kurti <kurti@...icto.ai>, rust-for-linux@...r.kernel.org, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] rust: pin-init: add `#[bind]` attribute to access
 previously initialized fields

On Wed, Sep 10, 2025 at 1:15 PM Danilo Krummrich <dakr@...nel.org> wrote:
>
> On Wed Sep 10, 2025 at 12:40 PM CEST, Alice Ryhl wrote:
> > On Wed, Sep 10, 2025 at 12:36 PM Benno Lossin <lossin@...nel.org> wrote:
> >>
> >> On Wed Sep 10, 2025 at 12:17 PM CEST, Alice Ryhl wrote:
> >> > On Wed, Sep 10, 2025 at 12:07:53PM +0200, Benno Lossin wrote:
> >> >> Assigning a field a value in an initializer macro can be marked with the
> >> >> `#[bind]` attribute. Doing so creates a `let` binding with the same
> >> >> name. This `let` binding has the type `Pin<&mut T>` if the field is
> >> >> structurally pinned or `&mut T` otherwise (where `T` is the type of the
> >> >> field).
> >> >>
> >> >> Signed-off-by: Benno Lossin <lossin@...nel.org>
> >> >
> >> > Is there a reason we can't apply this to all fields and avoid the
> >> > attribute?
> >>
> >> Adding the attribute was due to Boqun's concern on v1 [1]. I think it
> >> might be surprising too, but I'm also happy with no attribute.
> >>
> >> [1]: https://lore.kernel.org/all/aLshd0_C-1rh3FAg@tardis-2.local
> >
> > IMO the ideal is if it works without an attribute. Perhaps trying that
> > in the kernel is a reasonable experiment to find out whether that's
> > reasonable to do for the general language feature?
> >
> >> > Do we have a place that might be able to use this?
> >>
> >> I didn't find one, but Danilo plans to base some changes on top this
> >> cycle that need this.
>
> We can use it in devres right away:
>
> diff --git a/rust/kernel/devres.rs b/rust/kernel/devres.rs
> index d04e3fcebafb..97c616a1733d 100644
> --- a/rust/kernel/devres.rs
> +++ b/rust/kernel/devres.rs
> @@ -137,10 +137,11 @@ pub fn new<'a, E>(
>      {
>          let callback = Self::devres_callback;
>
> -        try_pin_init!(&this in Self {
> +        try_pin_init!(Self {
>              dev: dev.into(),
>              callback,
>              // INVARIANT: `inner` is properly initialized.
> +            #[bind]
>              inner <- Opaque::pin_init(try_pin_init!(Inner {
>                      devm <- Completion::new(),
>                      revoke <- Completion::new(),
> @@ -150,8 +151,7 @@ pub fn new<'a, E>(
>              //
>              // [1] https://github.com/Rust-for-Linux/pin-init/pull/69
>              _add_action: {
> -                // SAFETY: `this` is a valid pointer to uninitialized memory.
> -                let inner = unsafe { &raw mut (*this.as_ptr()).inner };
> +                let inner = core::ptr::from_ref(inner.into_ref().get_ref());

Overall looks good. Looks like you want Opaque::get here rather than
the cast cast cast operation.

>                  // SAFETY:
>                  // - `dev.as_raw()` is a pointer to a valid bound device.
> @@ -160,7 +160,7 @@ pub fn new<'a, E>(
>                  //    properly initialized, because we require `dev` (i.e. the *bound* device) to
>                  //    live at least as long as the returned `impl PinInit<Self, Error>`.
>                  to_result(unsafe {
> -                    bindings::devm_add_action(dev.as_raw(), Some(callback), inner.cast())
> +                    bindings::devm_add_action(dev.as_raw(), Some(callback), inner.cast_mut().cast())
>                  }).inspect_err(|_| {
>                      let inner = Opaque::cast_into(inner);
>
>
> Together with the initializer code blocks this becomes quite nice. :)
>
> > Danilo, what plans do you have?
>
> Besides that, the plan is [1].
>
> [1] https://lore.kernel.org/all/DCL32RUQ6Z56.1ERY7JBK6O1J6@kernel.org/

Looks nice :)

Alice

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ