| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <DFOJJ5PX0G82.UA7L6LIYZ8IA@garyguo.net>
Date: Wed, 14 Jan 2026 18:57:47 +0000
From: "Gary Guo" <gary@...yguo.net>
To: "Benno Lossin" <lossin@...nel.org>, "Gary Guo" <gary@...yguo.net>,
"Miguel Ojeda" <ojeda@...nel.org>, "Boqun Feng" <boqun.feng@...il.com>,
Björn Roy Baron <bjorn3_gh@...tonmail.com>, "Andreas
Hindborg" <a.hindborg@...nel.org>, "Alice Ryhl" <aliceryhl@...gle.com>,
"Trevor Gross" <tmgross@...ch.edu>, "Danilo Krummrich" <dakr@...nel.org>
Cc: <rust-for-linux@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v3 12/15] rust: pin-init: internal: init: add support
for attributes on initializer fields
On Wed Jan 14, 2026 at 6:18 PM GMT, Benno Lossin wrote:
> Initializer fields ought to support the same attributes that are allowed
> in struct initializers on fields. For example, `cfg` or lint levels such
> as `expect`, `allow` etc. Add parsing support for these attributes using
> syn to initializer fields and adjust the macro expansion accordingly.
>
> Tested-by: Andreas Hindborg <a.hindborg@...nel.org>
> Signed-off-by: Benno Lossin <lossin@...nel.org>
> ---
> Changes in v3: none
> Changes in v2:
> * only attach cfg attributes to non-user controlled code for fields
> ---
> rust/pin-init/internal/src/init.rs | 69 ++++++++++++++++++++++++------
> 1 file changed, 55 insertions(+), 14 deletions(-)
>
> diff --git a/rust/pin-init/internal/src/init.rs b/rust/pin-init/internal/src/init.rs
> index 5a66016bdf33..0eb21ed9c8bc 100644
> --- a/rust/pin-init/internal/src/init.rs
> +++ b/rust/pin-init/internal/src/init.rs
> @@ -29,7 +29,12 @@ struct This {
> _in_token: Token![in],
> }
>
> -enum InitializerField {
> +struct InitializerField {
> + attrs: Vec<Attribute>,
> + kind: InitializerKind,
> +}
> +
> +enum InitializerKind {
> Value {
> ident: Ident,
> value: Option<(Token![:], Expr)>,
> @@ -46,7 +51,7 @@ enum InitializerField {
> },
> }
>
> -impl InitializerField {
> +impl InitializerKind {
> fn ident(&self) -> Option<&Ident> {
> match self {
> Self::Value { ident, .. } | Self::Init { ident, .. } => Some(ident),
> @@ -227,10 +232,16 @@ fn init_fields(
> slot: &Ident,
> ) -> TokenStream {
> let mut guards = vec![];
> + let mut guard_attrs = vec![];
> let mut res = TokenStream::new();
> - for field in fields {
> - let init = match field {
> - InitializerField::Value { ident, value } => {
> + for InitializerField { attrs, kind } in fields {
> + let cfgs = {
> + let mut cfgs = attrs.clone();
> + cfgs.retain(|attr| attr.path().is_ident("cfg") || attr.path().is_ident("cfg_attr"));
cfg_attr should not be kept, as they are non-cfg attributes after expanded.
Best,
Gary
> + cfgs
> + };
> + let init = match kind {
> + InitializerKind::Value { ident, value } => {
> let mut value_ident = ident.clone();
> let value_prep = value.as_ref().map(|value| &value.1).map(|value| {
> // Setting the span of `value_ident` to `value`'s span improves error messages
> @@ -253,21 +264,24 @@ fn init_fields(
> }
> };
> quote! {
> + #(#attrs)*
> {
> #value_prep
> // SAFETY: TODO
> unsafe { #write(::core::ptr::addr_of_mut!((*#slot).#ident), #value_ident) };
> }
> + #(#cfgs)*
> #[allow(unused_variables)]
> let #ident = #accessor;
> }
> }
> - InitializerField::Init { ident, value, .. } => {
> + InitializerKind::Init { ident, value, .. } => {
> // Again span for better diagnostics
> let init = format_ident!("init", span = value.span());
> if pinned {
> let project_ident = format_ident!("__project_{ident}");
> quote! {
> + #(#attrs)*
> {
> let #init = #value;
> // SAFETY:
> @@ -277,12 +291,14 @@ fn init_fields(
> // for `#ident`.
> unsafe { #data.#ident(::core::ptr::addr_of_mut!((*#slot).#ident), #init)? };
> }
> + #(#cfgs)*
> // SAFETY: TODO
> #[allow(unused_variables)]
> let #ident = unsafe { #data.#project_ident(&mut (*#slot).#ident) };
> }
> } else {
> quote! {
> + #(#attrs)*
> {
> let #init = #value;
> // SAFETY: `slot` is valid, because we are inside of an initializer
> @@ -294,20 +310,25 @@ fn init_fields(
> )?
> };
> }
> + #(#cfgs)*
> // SAFETY: TODO
> #[allow(unused_variables)]
> let #ident = unsafe { &mut (*#slot).#ident };
> }
> }
> }
> - InitializerField::Code { block: value, .. } => quote!(#[allow(unused_braces)] #value),
> + InitializerKind::Code { block: value, .. } => quote! {
> + #(#attrs)*
> + #[allow(unused_braces)]
> + #value
> + },
> };
> res.extend(init);
> - if let Some(ident) = field.ident() {
> + if let Some(ident) = kind.ident() {
> // `mixed_site` ensures that the guard is not accessible to the user-controlled code.
> let guard = format_ident!("__{ident}_guard", span = Span::mixed_site());
> - guards.push(guard.clone());
> res.extend(quote! {
> + #(#cfgs)*
> // Create the drop guard:
> //
> // We rely on macro hygiene to make it impossible for users to access this local
> @@ -319,13 +340,18 @@ fn init_fields(
> )
> };
> });
> + guards.push(guard);
> + guard_attrs.push(cfgs);
> }
> }
> quote! {
> #res
> // If execution reaches this point, all fields have been initialized. Therefore we can now
> // dismiss the guards by forgetting them.
> - #(::core::mem::forget(#guards);)*
> + #(
> + #(#guard_attrs)*
> + ::core::mem::forget(#guards);
> + )*
> }
> }
Powered by blists - more mailing lists