Received: by 2002:ab2:1149:0:b0:1f3:1f8c:d0c6 with SMTP id z9csp1651065lqz;
        Mon, 1 Apr 2024 12:42:46 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCVB/ZNx9nUsHXsqeVKTQhMCXGqi6VysdAad8cBVjLby0AxYoFH2cfmIu1p0sRCDXeuPpbkrr8yK3S4TJAZ564uK+2XQLBmK60XwqjbeOQ==
X-Google-Smtp-Source: AGHT+IGnBUu5qGuVdfsyYosTNvCVpVWrQp+PwWnyz6Bkoek9rekNJuyZOAM5EEnPcw0e0hbYKm18
X-Received: by 2002:ad4:5caa:0:b0:699:1227:5e13 with SMTP id q10-20020ad45caa000000b0069912275e13mr1952548qvh.53.1712000566409;
        Mon, 01 Apr 2024 12:42:46 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1712000566; cv=pass;
        d=google.com; s=arc-20160816;
        b=gjGZHNZTgD0W/s/oNNCKR8rGDk9l1EHolwLZC7ePKm9bnfzXTxmeAh/UdlF5HpODIG
         V68lyb+Eh1IqQ2f02wAneyme/pCv5HH07VjNBQrY4NQCKUodE/HzR/W4LdTWP2QcYbWV
         YxXBxVs0dFOl5PBSXDFflYZ6F72lb+fcLgu2qVyMfIzJxUFskI65n7BVF2E32RH49xF3
         rBLbj6ySzMs97X4httSWJPxdKsyQy8GKBhKynnxNOa0HuDZcbJTHX5krrJk5+lq/3C80
         jUcER3ne2DDSH2CRAqRjs85lrhOBSq4gGtVq/C++iZRelHFS9F8PEU2A1EQO9X/VDxEe
         9dBg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:list-unsubscribe:list-subscribe:list-id:precedence
         :dkim-signature;
        bh=F4uOlu0iJswfQVUOUs/h1wLZx+BpMx1FQLUpSBttbAQ=;
        fh=XiU2V7ykTG8wP2kUIy3fSbQa0ljVZpBUWUTxG6R1H04=;
        b=yxJEx2Je4JA4lBSjcXY+gzJypukrRycRzqoV/oxnyBaFFttBr3LA01OozKG61sFVG9
         baB1ezl9NWRKt5KrQsWxKVCTgogGIZkXKv0mdcGD8OmgOSfDXqf2aHaSTEGvuanI2FfN
         twYgJCTAnvWtcBwzHwP6YivfQFRacOB7oXQzLUT0hLecxBc5t0dkg+W3qKeYOdXPO68l
         MN371JrKjNZdccwIef8kGtN/i1gaZ5t4dzVoZd1jy2e+vGbSQzjDzBmsLK+CKYZwrW4p
         5jHsBoJDP6AufeA4FYUa/26x69ltEH0j3dF9iwwcOBEDueZImv/pqcjluxvUJPzwbrQN
         Cs1w==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=Mpca0jo0;
       arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com);
       spf=pass (google.com: domain of linux-kernel+bounces-127001-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-127001-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel+bounces-127001-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1])
        by mx.google.com with ESMTPS id dd10-20020ad4580a000000b00696b08e19fdsi10345784qvb.16.2024.04.01.12.42.46
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 01 Apr 2024 12:42:46 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-127001-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=Mpca0jo0;
       arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com);
       spf=pass (google.com: domain of linux-kernel+bounces-127001-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-127001-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id 119501C21209
	for <linux.lists.archive@gmail.com>; Mon,  1 Apr 2024 19:42:46 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 58639537F7;
	Mon,  1 Apr 2024 19:42:37 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Mpca0jo0"
Received: from mail-yw1-f181.google.com (mail-yw1-f181.google.com [209.85.128.181])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2B8463D9E;
	Mon,  1 Apr 2024 19:42:34 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.181
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1712000556; cv=none; b=apLgwGC618DDOO1PZIiEVZoAhYb0ZaoWVhb4l/DCEyjQ1blrqxcYUCjJA7miCTiOuZRXD2enrOavKzElMEhqzjOtg2fQ1hONvpxmd/tB1OIx4otVxRx9zXHak/NcAYFh/uHVnMK1MiFHX5UOnv19sSsieyFUfcp3Wf9ASlhXgfs=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1712000556; c=relaxed/simple;
	bh=F4uOlu0iJswfQVUOUs/h1wLZx+BpMx1FQLUpSBttbAQ=;
	h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:
	 To:Cc:Content-Type; b=p0gMr4XXZD0DhuwCY7kHc76oRPj/yMWSRLBWX45Pcn6Ca41eUycD31qnrTGcflNZMIA47CmJ2pfDQkf4VPcKepRcuaHSOqg1LAXXZxEJHKEkkjXUTJIzCcT7LtoWjCJKjX28TJn6TE2aJzZt8XhH255YeC7OGye9mhrGx9AJh5s=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Mpca0jo0; arc=none smtp.client-ip=209.85.128.181
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-yw1-f181.google.com with SMTP id 00721157ae682-6147942ae18so21501417b3.2;
        Mon, 01 Apr 2024 12:42:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1712000554; x=1712605354; darn=vger.kernel.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=F4uOlu0iJswfQVUOUs/h1wLZx+BpMx1FQLUpSBttbAQ=;
        b=Mpca0jo04ZLwcaSxMd6qmWczgxTesYD0H4OOgBJk3A6PoECTqvo6m+qmKwHYbQcCW8
         xtiTnW8uCWC7b4Q/wbgwlIQa7ksS0lTtKey8EhqYhRsGh9NQLCuJrh4QvDwu6yVTyojU
         RC5KpJx/SD0y/roZPg2gTteYpjz0VMVRor5/UYiATAeOj7kCl5s+RSfUT0lRUgyBV++A
         gBKOX4RCs3C+Iv8fo2JMe11Biekz4PKEsJx8F6OrO3oNazBqU7DALkaW9nQkEA08Gu+y
         nUNaoUID2YI9Tl5ncdXpWwDY06mpqlhlg4TNQxUGxyr6Jab3FXvuQWz/EAjL45XZj1Sq
         4D5A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1712000554; x=1712605354;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=F4uOlu0iJswfQVUOUs/h1wLZx+BpMx1FQLUpSBttbAQ=;
        b=U0gvg6SkhT9H9ASoc4caVP4o6IgSZ0VDDLqjQo/ehro2Y7k5IQzPyGB7r90efbwPMW
         oQ20J290wJJwq+WHwa+Oay4Jd7qEnUg1fUkzeyMaNqfWervUEHA1xXuG/5jUE94RZeWb
         Rrjn/MYM7LpDrzAboXRgcHkoAE4wBsC/dlFxPewmqyVLXEy4wWUFrcEt6k5dVIVEF2Kf
         5NJm9gGxNlrP/FPEwbtY8cFt75bwW6B1LpUpU8gT+iD3DwoqE8Ibdm8ykIsY/bL2p92l
         lHUnQ7N4mrF8cvCx3Xj3S8Bi2jJj9sUjwcH4H2iz1/SZqZlx+AbYRUEUAqyqdXMOmvxh
         xThA==
X-Forwarded-Encrypted: i=1; AJvYcCWr8E+7rCGSu+xbxUAh+K4qy/TIB+bH5/3MSdZ9zs3ADiqu5/LOKml0cpxDqGtrhCwXFai31oVs884FD2XuHYK8JhGidsJ58cMiaEU5LJsoh1zUAXNTKn2RQuVADtHJ8/LTh72koEVcLaXF/Pj5i8aFN71egPQfFp/FMM0xWukmQxk5Znw=
X-Gm-Message-State: AOJu0YzXSj0L4Q4FPff0+X0UOxDUs4NKuw2ScX5uXQobT/tGN10d0aI7
	dn3wXpxcF5NmtfD3cLWI5c71Kje5+r8cbYvlvCUII78+4/D4Fcc+WyqdBMwChTlQce4DdwalZcF
	R28mUe4T8V/cznkqn3fW0H0ndR/I=
X-Received: by 2002:a05:690c:f10:b0:611:200c:9229 with SMTP id
 dc16-20020a05690c0f1000b00611200c9229mr7675489ywb.8.1712000554097; Mon, 01
 Apr 2024 12:42:34 -0700 (PDT)
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
References: <20240401185222.12015-1-benno.lossin@proton.me>
In-Reply-To: <20240401185222.12015-1-benno.lossin@proton.me>
From: Wedson Almeida Filho <wedsonaf@gmail.com>
Date: Mon, 1 Apr 2024 16:42:23 -0300
Message-ID: <CANeycqracHqSh0AS3sSWerMA=tGUWs7U=iPfnL+UzqBQs1oUZw@mail.gmail.com>
Subject: Re: [PATCH v2] rust: macros: fix soundness issue in `module!` macro
To: Benno Lossin <benno.lossin@proton.me>
Cc: Miguel Ojeda <ojeda@kernel.org>, Alex Gaynor <alex.gaynor@gmail.com>, 
	Boqun Feng <boqun.feng@gmail.com>, Gary Guo <gary@garyguo.net>, 
	=?UTF-8?Q?Bj=C3=B6rn_Roy_Baron?= <bjorn3_gh@protonmail.com>, 
	Andreas Hindborg <a.hindborg@samsung.com>, Alice Ryhl <aliceryhl@google.com>, 
	Martin Rodriguez Reboredo <yakoyoku@gmail.com>, Asahi Lina <lina@asahilina.net>, 
	Sumera Priyadarsini <sylphrenadin@gmail.com>, Neal Gompa <neal@gompa.dev>, 
	Thomas Bertschinger <tahbertschinger@gmail.com>, Andrea Righi <andrea.righi@canonical.com>, 
	Matthew Bakhtiari <dev@mtbk.me>, Adam Bratschi-Kaye <ark.email@gmail.com>, stable@vger.kernel.org, 
	Masahiro Yamada <masahiroy@kernel.org>, Wedson Almeida Filho <wedsonaf@google.com>, Finn Behrens <me@kloenk.dev>, 
	rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"

On Mon, 1 Apr 2024 at 15:52, Benno Lossin <benno.lossin@proton.me> wrote:
>
> The `module!` macro creates glue code that are called by C to initialize
> the Rust modules using the `Module::init` function. Part of this glue
> code are the local functions `__init` and `__exit` that are used to
> initialize/destroy the Rust module.
> These functions are safe and also visible to the Rust mod in which the
> `module!` macro is invoked. This means that they can be called by other
> safe Rust code. But since they contain `unsafe` blocks that rely on only
> being called at the right time, this is a soundness issue.
>
> Wrap these generated functions inside of two private modules, this
> guarantees that the public functions cannot be called from the outside.
> Make the safe functions `unsafe` and add SAFETY comments.
>
> Cc: stable@vger.kernel.org
> Closes: https://github.com/Rust-for-Linux/linux/issues/629
> Fixes: 1fbde52bde73 ("rust: add `macros` crate")
> Signed-off-by: Benno Lossin <benno.lossin@proton.me>

Reviewed-by: Wedson Almeida Filho <walmeida@microsoft.com>