Received: by 2002:ab2:1149:0:b0:1f3:1f8c:d0c6 with SMTP id z9csp1901721lqz; Tue, 2 Apr 2024 00:37:17 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWCtBifhnTi6wHjIzNCuZ9CQSHh4vqnAlvHVg6jkGxg+WzEBlRyAW7UkCvwvolXnELihGzVBH3Fk4aj8rOxUGQzXV9MXGXvx+ztq9QgcA== X-Google-Smtp-Source: AGHT+IFdtMeGrCtXwCzcUzK9Qi6PhZ6lkiYDtsDeUSS6snUAA37Y2G8xrE69t9bU73Emq43eZ9Dk X-Received: by 2002:ad4:50cd:0:b0:699:1877:561b with SMTP id e13-20020ad450cd000000b006991877561bmr1213130qvq.46.1712043437284; Tue, 02 Apr 2024 00:37:17 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712043437; cv=pass; d=google.com; s=arc-20160816; b=vxI/mbiVQ9l1vHcyg2Rk6LVpyEEj2gcsbOrgS3ErA6lnvisNqMIIkGD4U7CwDWpANa FHLZvW8BO28tlEimCCSbMpt2KnupUlHFcm5kvOTUjBOaZupXvti2LI9PiO8Ev5Ar7jav no+OmtU11v+AC2GA2TzbJPQb4COqjKpB/s55gmq4+Hki7viZZQhSEatv8MWtkkYj6whl kLPTz22lzGSG2x82IGdtCqLmBRjw5tDt1yN+srRNpWFBq4Ys+dtx9bfGn/XK6e9LTvVU ED6sh6++/WcbELvEj/fWwfTjHj+TOmtqjxcKNYY6BkrbJuxookHIidAohMXTDnomNHnS E2hA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=mvA4XlQG31Oac/CL2P251TxTxsp49nq3BgjpTreKMJo=; fh=UVi/CY86CsHZA1CvQh4sMNQUCacfJcT3nmdkyzGKVyg=; b=CWt/aRcmRvGMGR1Vrpm2nJbY9hF0fmSQ84dJ3YN0PhVo6/DTvOJDxcRgRqVeqPVsLb QetGkHrJMnCDc8Be3IZ98LliOUhN/FxBRF1hNCrokntO9RUO2x4OTiobhitOVSTDXnmM hqstI7N1sAFkdmjHLS2AGwfKB9n+WEojnsQjVRU3o65vyDiGmaX/goxzOZSBabb4p2ZR FUasd34HOlibGyVHy5cfemBNsWFHRuNwsJvkUIBDSLvJxrhcaMg14UhHSEN5GiwxnG7+ 9uchIUvIsQCznT1NAsboYVo4Cz/85rV+lVffIHlTar6CHGwDI2GPkvFB6ux8CpLjWrx7 w7yw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=iSBKhc4J; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-127510-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-127510-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id k19-20020a0cf293000000b0068f07fbcbffsi11040291qvl.43.2024.04.02.00.37.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 02 Apr 2024 00:37:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-127510-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=iSBKhc4J; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-127510-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-127510-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id C9E501C22035 for ; Tue, 2 Apr 2024 07:37:08 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 59A833C684; Tue, 2 Apr 2024 07:37:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="iSBKhc4J" Received: from mail-pg1-f175.google.com (mail-pg1-f175.google.com [209.85.215.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 365AD36AEF; Tue, 2 Apr 2024 07:36:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.175 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712043419; cv=none; b=PYlSxJFrHFpN8aUx0o374fCA4Lcn26cxazdA42Ewa5EsrZetFfdqu0z0+uZsr3MW49ukRpClnUbxWT7ydnGLfQTiFcOqnb1Shybcf4xJpc92L+FcQj3ikV/lh+3A95RSwnHcH2c8tPhhCrI6irXqtZMqnSdF4JZY4yJRt2Q0BCE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712043419; c=relaxed/simple; bh=nQuUXMffA4WwM69FITwsN2YbrcKETHbVPRcQPamcnj0=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=e/nUP44Ia5atEEnVZ2PSqp0gAOklpo2Gat9Ev88NRW17TsVFu0UVVuqIktz1dhkgwFBG7k8dR8uxdVgxm6CVhsqjuKb+GsoX/g+yFyRpt+noISVsHwqcsSAfWHpJKlArf5qcvXOJ1o7m+SRREGxILCsWXWXbxbRA6nYzHKGwRS4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=iSBKhc4J; arc=none smtp.client-ip=209.85.215.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pg1-f175.google.com with SMTP id 41be03b00d2f7-517ab9a4a13so3667831a12.1; Tue, 02 Apr 2024 00:36:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712043417; x=1712648217; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=mvA4XlQG31Oac/CL2P251TxTxsp49nq3BgjpTreKMJo=; b=iSBKhc4J0fLiZHJFzTEsrZoYb911aMeYgBp97QuH3W5IsnFLAShnCWTzFobouO/DJo EvPWVNaysKbRLrpj4ykfWIxd+ICqdiyCBodZsX7vhXdIQ/QK2EVPe7YTRXPPzqf/gWAg 1sk2Ru3Ht/AR7WwgeRP874olMDOnrXYqWLuMRK7fWakQFBfHsvkIo2QNCIY30i/iyBi6 q5jy6ITCxVyMn2OSZPIsKYThlTJBLh53of2tk/CjW0KETvMTgJWuPR+sbrZwq+L3r1S8 6BoEamGG7LRpkK9hlBhZaqOgn9tQxyWF58/wSb4CsDjIvN3rSdle24Hvx42891rI9+ti 2DUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712043417; x=1712648217; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mvA4XlQG31Oac/CL2P251TxTxsp49nq3BgjpTreKMJo=; b=U9BBRf8GxcZ+K43ZCaYcPwI1UI41p9eQCTAZpb/5RNmPSkFNsYsuTqlmqWkwrPYTHj anWyZBHvcDJfEGAsFmMeZofT8EMrT/kS9Mj3oTjUmWX0ZrLS/ZYF4lIz5u0F+gCy1Rd0 QZxHEv62IUYDGA2EulS98/cryDJKcoS7SCSv7NdcMrljv4iKTadVxvo/Ka2VGO/jPar5 sAl83S00Yn7QnOMndEDHfWfbWMBXZtA0M2X9p/dMT1O4/ruCnnZUCINURzPb8ed9VlOJ BrFmV+CHDRHEE5z+h8Y2sH2UzowgsOVKrNV9bTsRQoeiaTRjjWkN0leaRC07na9d0D66 hxOQ== X-Forwarded-Encrypted: i=1; AJvYcCXF/SMVWsLoJ2rKmYWhTSZoYLes1m7bJRbn4q2SDD62Fh42LZU93ldnFj05zyRbgXvUBo0Ab0T5GdcihwyzOLB+Yi9frr9egR1BmSAVIgeSytTTrIEQbJEwFfXERPSH819K7BPSaRWSha34Y2t99THb7kSarEzed9BbXrXarZgj7jGQq0Q= X-Gm-Message-State: AOJu0YwX5BKOpNxnHtF6BpLVmmXihOckRgRVRNpjoyWo+54DJK8dg2dp 9kUQ7dZHzFJkdo6fdi8eKK85VwVzC+r3ha6wKBbeexuVA+Kq3Y4sNI9s8hykpl/helS4iA+5H5Y 6UTjoDXZa9G8LrqZ7v4v1EIzKPUk= X-Received: by 2002:a17:90b:3907:b0:2a2:40c4:5175 with SMTP id ob7-20020a17090b390700b002a240c45175mr4290548pjb.14.1712043417507; Tue, 02 Apr 2024 00:36:57 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <9D0C95D2-6239-4A3B-B9DD-66299B9911EF@me.com> In-Reply-To: <9D0C95D2-6239-4A3B-B9DD-66299B9911EF@me.com> From: Miguel Ojeda Date: Tue, 2 Apr 2024 09:36:22 +0200 Message-ID: Subject: Re: [PATCH v2] rust: init: remove impl Zeroable for Infallible To: Laine Taffin Altman Cc: Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Boqun Feng , =?UTF-8?Q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Martin Rodriguez Reboredo , stable@vger.kernel.org, rust-for-linux@vger.kernel.org, lkml Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Apr 2, 2024 at 3:53=E2=80=AFAM Laine Taffin Altman wrote: > > A type is inhabited if at least one valid value of that type exists; a ty= pe is uninhabited if no valid values of that type exist. The terms "inhabi= ted" and "uninhabited" in this sense originate in type theory, a branch of = mathematics. > > In Rust, producing an invalid value of any type is immediate undefined be= havior (UB); this includes via zeroing memory. Therefore, since an uninhab= ited type has no valid values, producing any values at all for it is UB. > > The Rust standard library type `core::convert::Infallible` is uninhabited= , by virtue of having been declared as an enum with no cases, which always = produces uninhabited types in Rust. > > The current kernel code allows this UB to be triggered, for example by co= de like: > `pr_info!("{}=E2=80=9D, Box::::init(kernel::in= it::zeroed())?);` > > Thus, remove the implementation of `Zeroable` for `Infallible`, thereby a= voiding the UB. Do you agree with replacing the last part here with "avoiding the unsoundness issue" or similar instead? i.e. there is no UB in the kernel (related to this), so it isn't avoided in that sense. Of course, you mean that we avoid potential UB to be written in the future, but I think it is useful to distinguish between patches for "holes" in the extra layer of "protection" vs. patches that actually triggered UB. > + // SAFETY: These are inhabited ZSTs; there is nothing to zero and a = valid value exists. Typically we would add an empty line here, and we would put the SAFETY comment below (i.e. closer to the code) while the rest above. > + // Note: do not add uninhabited types (such as ! or Infallible) to t= his list; creating an instance of an uninhabited type is immediate undefine= d behavior. Nit: this could use Markdown (`!`, `Infallible`). Otherwise, apart from these nits and the formatting bit, it looks good to m= e. If you could send a quick v4, that would be great, thanks a lot! Cheers, Miguel