Received: by 2002:ab2:1149:0:b0:1f3:1f8c:d0c6 with SMTP id z9csp2971864lqz; Wed, 3 Apr 2024 14:07:55 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCX0m/p4WyHlpU6140+ieAswu8dOSaK7xh7/jQXDD1p9Lct+f7dGG+fplF7fIZKJRi30QZo05R7F0UitmK3al7Rxy89KYFMt382gPQxzpQ== X-Google-Smtp-Source: AGHT+IEVJqYhMbfwmlVPuzQmUO60RNiIEhBAlw4d05m3qIlMvPWIMzugfhrjLakJhQjwp5/zvOg5 X-Received: by 2002:a17:90a:d917:b0:2a0:9b18:daf with SMTP id c23-20020a17090ad91700b002a09b180dafmr700276pjv.42.1712178475318; Wed, 03 Apr 2024 14:07:55 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712178475; cv=pass; d=google.com; s=arc-20160816; b=Du2Ui5+ozjZgUhMHFREJFV7qZu33EAUAVgQpftgE8227THKBvuU6986swigtz1Fbm0 gJOFTgYEhYd3AjptazAwaHWFmoKmyOsnEMcHrsUATdvXQ4FTwkEEAzO7rogLlRrAVkUu Q8WjvKEgZnbklElPIO0EoSJFMhr6gh55Kepgq46oz8NXRkriM9KhL3res3p/VXg4XBj9 1Pocvxo37oM1EgpCQ7yS5h6FVe82nwpPo4VkvOjXbLdwWTgf6HnIFHUf3pzzj1raNRrk CK8iVuhUFwcUXOJhaW/1NPef9z0K9nSEKuvIn/kH4Y7bZbIcg/w6K4d6jehArKa6ei4i VGOQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=to:cc:date:message-id:subject:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:content-transfer-encoding:from :dkim-signature; bh=AY0YVT2/pYp771gvWdGaXCfqZ7KgXeM1P5FSEBqw7YA=; fh=PxPMDCHqdj4Xheo3RTqO0xgSaDKN0YDKrcLPopy6QF4=; b=aBxdLlt1TZKmJwDJTjtcfI2/0+e4W140T71ykmdjUuHcMaC6sGfFgr/Sb324Aaf1iN U2bgqRcRyxY0FPyQdcvxJ3qTChafXhLF/a0js4LWXANtHBzglVWZg9LePnO/WRwrqyBJ 81XvZgrPbvE/cDF7Y75fValBnUlzhrrUOMBUUnuHcOavt4AY1rZDp+FrwNPSCO5w9N+9 Fb8fAOz3PPp4JclUKj967EgSw927nIMB1n/e6ZixPQUUuC0WY0gqjefcOIIiItvVki0F uBAsJPkWiVbHuU3BAYyPhB9GZXo3Z3RkaXfAAKrODmfDWnwnGWp9eJvoaPtWLRZDcNlA HbHQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@me.com header.s=1a1hai header.b=xErRji5z; arc=pass (i=1 spf=pass spfdomain=me.com dkim=pass dkdomain=me.com dmarc=pass fromdomain=me.com); spf=pass (google.com: domain of linux-kernel+bounces-130605-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-130605-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=me.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id g13-20020a17090a300d00b002a2c9b843d4si229903pjb.129.2024.04.03.14.07.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Apr 2024 14:07:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-130605-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@me.com header.s=1a1hai header.b=xErRji5z; arc=pass (i=1 spf=pass spfdomain=me.com dkim=pass dkdomain=me.com dmarc=pass fromdomain=me.com); spf=pass (google.com: domain of linux-kernel+bounces-130605-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-130605-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=me.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 05AD7285EF9 for ; Wed, 3 Apr 2024 21:07:23 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 16540156662; Wed, 3 Apr 2024 21:07:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=me.com header.i=@me.com header.b="xErRji5z" Received: from mr85p00im-ztdg06021701.me.com (mr85p00im-ztdg06021701.me.com [17.58.23.196]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E2BFC154C03 for ; Wed, 3 Apr 2024 21:07:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=17.58.23.196 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712178435; cv=none; b=tmlCPAJXWZuUMcrs9PQ8v7dVauSuSr78t4MPYedMxJeD+dAjkVtLYyl+s61L4CO/H+6lfLyqvsW5k1TagbMHtJO7fhUm+YoJBIOeGOx4Z6/ulglau0XLSByNSZJSO/99N061QUaSLtaeUI0VS2YeTratwuLiNlIhpqCuYEraqlc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712178435; c=relaxed/simple; bh=0AiZM6PiLalckeV63JNhtHUusQZnUdQA6buUd7aeJDk=; h=From:Content-Type:Mime-Version:Subject:Message-Id:Date:Cc:To; b=d+7T1RJJWys3dgILWGzBLtRq/F4HJIWbd6omWrsNG1l93/CmEuZNuGwd6ftsKfcdX7VaYrDUzeyLpldwgLGvJV6UKJ0dG7VAoGFUN00sFLiZzm0b1+LmMuP/qf/S6hgHfcZPBlutu0QwL6OKMfkqhGa/km/6JJKCUec2q2GtNmI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=me.com; spf=pass smtp.mailfrom=me.com; dkim=pass (2048-bit key) header.d=me.com header.i=@me.com header.b=xErRji5z; arc=none smtp.client-ip=17.58.23.196 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=me.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=me.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=me.com; s=1a1hai; t=1712178433; bh=AY0YVT2/pYp771gvWdGaXCfqZ7KgXeM1P5FSEBqw7YA=; h=From:Content-Type:Mime-Version:Subject:Message-Id:Date:To; b=xErRji5zX/NvKMQXFwcPYZhTN9qkg6tJPFvY6PX5I/0F+sgx8NG0zyQFlJznXCvkQ WpCgF3C/PJOga/QRYZ4GJgLmZ94IcGMQOtVsJwVOUwGo1UFeYrVxr/cAhmQXfIMH6U bN3Qzbv+Do8UPEd6BiG3wAC4ccO/nADUAWNh+oxT7wF0b5Pz13dUvilASFejaCZv0E niketQZbu3RTE/WSO4xbpV3Q+CqO930sZrm/tsa/uLTVIpPkvW7Ef/X5nrZSlf5eJ/ 5sVZb0DBHac+AHoeU04c4xWtxOYhF2fKkIGogV0kAPiXRaO88d03NmTIHs7Q3W4DQR hKNW4lQhzgZRQ== Received: from smtpclient.apple (mr38p00im-dlb-asmtp-mailmevip.me.com [17.57.152.18]) by mr85p00im-ztdg06021701.me.com (Postfix) with ESMTPSA id 6E37E26335A3; Wed, 3 Apr 2024 21:07:11 +0000 (UTC) From: Laine Taffin Altman Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.500.171.1.1\)) Subject: [PATCH v4] rust: init: remove impl Zeroable for Infallible Message-Id: Date: Wed, 3 Apr 2024 14:06:59 -0700 Cc: stable@vger.kernel.org To: Miguel Ojeda , Alex Gaynor , Benno Lossin , rust-for-linux@vger.kernel.org, Wedson Almeida Filho , Boqun Feng , Gary Guo , =?utf-8?Q?Bj=C3=B6rn_Roy_Baron?= , Andreas Hindborg , Alice Ryhl , Martin Rodriguez Reboredo , lkml X-Mailer: Apple Mail (2.3774.500.171.1.1) X-Proofpoint-ORIG-GUID: 8aN3UzxcWvmPcgHFin2Utvi_e7K1jNVI X-Proofpoint-GUID: 8aN3UzxcWvmPcgHFin2Utvi_e7K1jNVI X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-04-03_22,2024-04-03_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 adultscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 malwarescore=0 suspectscore=0 bulkscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2308100000 definitions=main-2404030144 In Rust, producing an invalid value of any type is immediate undefined behavior (UB); this includes via zeroing memory. Therefore, since an uninhabited type has no valid values, producing any values at all for it = is UB. The Rust standard library type `core::convert::Infallible` is = uninhabited, by virtue of having been declared as an enum with no cases, which always produces uninhabited types in Rust. The current kernel code allows this UB to be triggered, for example by = code like `Box::::init(kernel::init::zeroed())`. Thus, remove the implementation of `Zeroable` for `Infallible`, thereby avoiding the unsoundness (potential for future UB). Cc: stable@vger.kernel.org Fixes: 38cde0bd7b67 ("rust: init: add `Zeroable` trait and = `init::zeroed` function") Closes: https://github.com/Rust-for-Linux/pinned-init/pull/13 Signed-off-by: Laine Taffin Altman Reviewed-by: Alice Ryhl Reviewed-by: Boqun Feng --- V3 -> V4: Address review nits; run checkpatch properly. V2 -> V3: Email formatting correction. V1 -> V2: Added more documentation to the comment, with links; also = added more details to the commit message. rust/kernel/init.rs | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs index 424257284d16..3859c7ff81b7 100644 --- a/rust/kernel/init.rs +++ b/rust/kernel/init.rs @@ -1292,8 +1292,15 @@ macro_rules! impl_zeroable { i8, i16, i32, i64, i128, isize, f32, f64, =20 - // SAFETY: These are ZSTs, there is nothing to zero. - {} PhantomData, core::marker::PhantomPinned, = Infallible, (), + // Note: do not add uninhabited types (such as `!` or = `core::convert::Infallible`) to this list; + // creating an instance of an uninhabited type is immediate = undefined behavior. For more on + // uninhabited/empty types, consult The Rustonomicon: + // = https://doc.rust-lang.org/stable/nomicon/exotic-sizes.html#empty-types = The Rust Reference + // also has information on undefined behavior: + // = https://doc.rust-lang.org/stable/reference/behavior-considered-undefined.h= tml + // + // SAFETY: These are inhabited ZSTs; there is nothing to zero and a = valid value exists. + {} PhantomData, core::marker::PhantomPinned, (), =20 // SAFETY: Type is allowed to take any value, including all zeros. {} MaybeUninit, base-commit: c85af715cac0a951eea97393378e84bb49384734 --=20 2.44.0