| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <DG5FJO49SRRJ.3D8B0XEM9VT06@garyguo.net>
Date: Tue, 03 Feb 2026 15:25:42 +0000
From: "Gary Guo" <gary@...yguo.net>
To: "Philipp Stanner" <phasta@...nel.org>, "David Airlie"
<airlied@...il.com>, "Simona Vetter" <simona@...ll.ch>, "Danilo Krummrich"
<dakr@...nel.org>, "Alice Ryhl" <aliceryhl@...gle.com>, "Gary Guo"
<gary@...yguo.net>, "Benno Lossin" <lossin@...nel.org>,
Christian König <christian.koenig@....com>, "Boris
Brezillon" <boris.brezillon@...labora.com>, "Daniel Almeida"
<daniel.almeida@...labora.com>, "Joel Fernandes" <joelagnelf@...dia.com>
Cc: <linux-kernel@...r.kernel.org>, <dri-devel@...ts.freedesktop.org>,
<rust-for-linux@...r.kernel.org>, <stable@...r.kernel.org>
Subject: Re: [RFC PATCH 1/4] rust: list: Add unsafe for container_of
On Tue Feb 3, 2026 at 8:14 AM GMT, Philipp Stanner wrote:
> impl_list_item_mod.rs calls container_of() without unsafe blocks at a
> couple of places. Since container_of() is an unsafe macro / function,
> the blocks are strictly necessary.
>
> For unknown reasons, that problem was so far not visible and only gets
> visible once one utilizes the list implementation from within the core
> crate:
The reason is that the error enabled via "unsafe-op-in-unsafe-fn" is a lint
rather than a hard compiler error, and Rust suppresses lints triggered inside
macro from another crate.
When the macro is used in kernel crate itself, it's no longer suppressed.
>
> error[E0133]: call to unsafe function `core::ptr::mut_ptr::<impl *mut T>::byte_sub`
> is unsafe and requires unsafe block
> --> rust/kernel/lib.rs:252:29
> |
> 252 | let container_ptr = field_ptr.byte_sub(offset).cast::<$Container>();
> | ^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function
> |
> ::: rust/kernel/drm/jq.rs:98:1
> |
> 98 | / impl_list_item! {
> 99 | | impl ListItem<0> for BasicItem { using ListLinks { self.links }; }
> 100 | | }
> | |_- in this macro invocation
> |
> note: an unsafe function restricts its caller, but its body is safe by default
> --> rust/kernel/list/impl_list_item_mod.rs:216:13
> |
> 216 | unsafe fn view_value(me: *mut $crate::list::ListLinks<$num>) -> *const Self {
> | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> |
> ::: rust/kernel/drm/jq.rs:98:1
> |
> 98 | / impl_list_item! {
> 99 | | impl ListItem<0> for BasicItem { using ListLinks { self.links }; }
> 100 | | }
> | |_- in this macro invocation
> = note: requested on the command line with `-D unsafe-op-in-unsafe-fn`
> = note: this error originates in the macro `$crate::container_of` which comes
> from the expansion of the macro `impl_list_item`
>
> Add unsafe blocks to container_of to fix the issue.
>
> Cc: stable@...r.kernel.org # v6.17+
> Fixes: c77f85b347dd ("rust: list: remove OFFSET constants")
> Suggested-by: Alice Ryhl <aliceryhl@...gle.com>
> Signed-off-by: Philipp Stanner <phasta@...nel.org>
Reviewed-by: Gary Guo <gary@...yguo.net>
Can you send it as a standalone patch so it's clear that this is intended to be
picked rather than part of the RFC series?
Best,
Gary
> ---
> rust/kernel/list/impl_list_item_mod.rs | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
Powered by blists - more mailing lists