Open
Conversation
Member
|
The commit that this fixes should be the one that introduced this feature instead? Arguably creating reference is the fix, not the fixed commit. |
BennoLossin
force-pushed
the
dev/unsound-fix-packed
branch
from
a4f72d5 to
a00f29b
Compare
Member
Author
|
Yeah you're right, fixed it. Both my kernel tests & the intel kernel CI also reported no issues, so I'll send this to the list as well. |
BennoLossin
force-pushed
the
dev/unsound-fix-packed
branch
from
a00f29b to
54fd39f
Compare
BennoLossin
force-pushed
the
dev/unsound-fix-packed
branch
from
0cd99fe to
9f3773a
Compare
Gary noticed [1] that the initializer macros as well as the `[Pin]Init` traits cannot support unaligned fields, since they use operations that require aligned pointers. This means that any code using structs with unaligned fields in pin-init is unsound. By default, the `init!` macro generates references to initialized fields, which makes the compiler check that those fields are aligned. However, we added the `#[disable_initialized_field_access]` attribute to avoid this behavior in 71988db ("internal: init: add escape hatch for referencing initialized fields"). Thus remove the `#[disable_initialized_field_access]` attribute from `init!`, which is the only safe way to create an initializer handling unaligned fields. If support for in-place initializing structs with unaligned fields is required in the future, we could figure out a solution. This is tracked in [2]. Reported-by: Gary Guo <gary@garyguo.net> Link: https://rust-for-linux.zulipchat.com/#narrow/channel/561532-pin-init/topic/initialized.20field.20accessor.20detection/with/576210658 [1] Link: #112 [2] Fixes: 71988db ("internal: init: add escape hatch for referencing initialized fields") Signed-off-by: Benno Lossin <lossin@kernel.org>
BennoLossin
force-pushed
the
dev/unsound-fix-packed
branch
from
9f3773a to
2f6d697
Compare
The functions `[Pin]Init::__[pinned_]init` and `ptr::write` called from the `init!` macro require the passed pointer to be aligned. This fact is ensured by the creation of field accessors to previously initialized fields. Since we missed this very important fact from the beginning [1], document it in the code. Link: https://rust-for-linux.zulipchat.com/#narrow/channel/561532-pin-init/topic/initialized.20field.20accessor.20detection/with/576210658 [1] Signed-off-by: Benno Lossin <lossin@kernel.org>
BennoLossin
force-pushed
the
dev/unsound-fix-packed
branch
from
2f6d697 to
14ea16f
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Gary noticed [1] that the initializer macros as well as the
[Pin]Inittraits cannot support packed struct, since they use operations that require aligned pointers. This means that any code using packed structs and pin-init is unsound.Thus remove the
#[disable_initialized_field_access]attribute frominit!, which is the only safe way to create an initializer of a packed struct.In the future, we can add support for packed structs by changing the trait infrastructure to include
UnalignedInitor hopefully another mechanism.Reported-by: Gary Guo gary@garyguo.net
Link: https://rust-for-linux.zulipchat.com/#narrow/channel/561532-pin-init/topic/initialized.20field.20accessor.20detection/with/576210658 [1]
Fixes: db96c51 ("add references to previously initialized fields")