From: Benno Lossin <lossin@kernel.org>
To: "Benno Lossin" <lossin@kernel.org>, "Gary Guo" <gary@garyguo.net>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Danilo Krummrich" <dakr@kernel.org>,
"Fiona Behrens" <me@Kloenk.dev>
Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v4 08/15] rust: pin-init: add `?Sized` bounds to traits in `#[pin_data]` macro
Date: Fri, 16 Jan 2026 11:54:23 +0100 [thread overview]
Message-ID: <20260116105514.3794384-9-lossin@kernel.org> (raw)
In-Reply-To: <20260116105514.3794384-1-lossin@kernel.org>
The `#[pin_data]` macro uses some auxiliary traits to ensure that a user
does not implement `Drop` for the annotated struct, as that is unsound
and can lead to UB. However, if the struct that is annotated is
`!Sized`, the current bounds do not work, because `Sized` is an implicit
bound for generics.
This is *not* a soundness hole of pin-init, as it currently is
impossible to construct an unsized struct using pin-init.
Tested-by: Andreas Hindborg <a.hindborg@kernel.org>
Reviewed-by: Gary Guo <gary@garyguo.net>
Signed-off-by: Benno Lossin <lossin@kernel.org>
---
Changes in v4: none
Changes in v3: none
Changes in v2: none
---
rust/pin-init/internal/src/pin_data.rs | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/rust/pin-init/internal/src/pin_data.rs b/rust/pin-init/internal/src/pin_data.rs
index 11ea3f8d8a1b..7d871236b49c 100644
--- a/rust/pin-init/internal/src/pin_data.rs
+++ b/rust/pin-init/internal/src/pin_data.rs
@@ -215,7 +215,7 @@ fn drop(&mut self) {
// if it also implements `Drop`
trait MustNotImplDrop {}
#[expect(drop_bounds)]
- impl<T: ::core::ops::Drop> MustNotImplDrop for T {}
+ impl<T: ::core::ops::Drop + ?::core::marker::Sized> MustNotImplDrop for T {}
impl #impl_generics MustNotImplDrop for #ident #ty_generics
#whr
{}
@@ -224,7 +224,7 @@ impl #impl_generics MustNotImplDrop for #ident #ty_generics
// `PinnedDrop` as the parameter to `#[pin_data]`.
#[expect(non_camel_case_types)]
trait UselessPinnedDropImpl_you_need_to_specify_PinnedDrop {}
- impl<T: ::pin_init::PinnedDrop>
+ impl<T: ::pin_init::PinnedDrop + ?::core::marker::Sized>
UselessPinnedDropImpl_you_need_to_specify_PinnedDrop for T {}
impl #impl_generics
UselessPinnedDropImpl_you_need_to_specify_PinnedDrop for #ident #ty_generics
--
2.52.0
next prev parent reply other threads:[~2026-01-16 10:56 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-16 10:54 [PATCH v4 00/15] `syn` rewrite of pin-init Benno Lossin
2026-01-16 10:54 ` [PATCH v4 01/15] rust: pin-init: remove `try_` versions of the initializer macros Benno Lossin
2026-01-16 10:54 ` [PATCH v4 02/15] rust: pin-init: allow the crate to refer to itself as `pin-init` in doc tests Benno Lossin
2026-01-16 10:54 ` [PATCH v4 03/15] rust: pin-init: add `syn` dependency and remove `proc-macro[2]` and `quote` workarounds Benno Lossin
2026-01-16 10:54 ` [PATCH v4 04/15] rust: pin-init: internal: add utility API for syn error handling Benno Lossin
2026-01-16 10:54 ` [PATCH v4 05/15] rust: pin-init: rewrite `derive(Zeroable)` and `derive(MaybeZeroable)` using `syn` Benno Lossin
2026-01-16 10:54 ` [PATCH v4 06/15] rust: pin-init: rewrite the `#[pinned_drop]` attribute macro " Benno Lossin
2026-01-16 10:54 ` [PATCH v4 07/15] rust: pin-init: rewrite `#[pin_data]` " Benno Lossin
2026-01-16 11:40 ` Gary Guo
2026-01-16 10:54 ` Benno Lossin [this message]
2026-01-16 10:54 ` [PATCH v4 09/15] rust: pin-init: rewrite the initializer macros " Benno Lossin
2026-01-16 10:54 ` [PATCH v4 10/15] rust: pin-init: add `#[default_error(<type>)]` attribute to initializer macros Benno Lossin
2026-01-16 10:54 ` [PATCH v4 11/15] rust: init: use `#[default_error(err)]` for the " Benno Lossin
2026-01-16 10:54 ` [PATCH v4 12/15] rust: pin-init: internal: init: add support for attributes on initializer fields Benno Lossin
2026-01-16 11:41 ` Gary Guo
2026-01-16 10:54 ` [PATCH v4 13/15] rust: pin-init: internal: init: add escape hatch for referencing initialized fields Benno Lossin
2026-01-16 10:54 ` [PATCH v4 14/15] rust: pin-init: internal: init: simplify Zeroable safety check Benno Lossin
2026-01-16 10:54 ` [PATCH v4 15/15] MAINTAINERS: add Gary Guo to pin-init Benno Lossin
2026-01-17 9:54 ` [PATCH v4 00/15] `syn` rewrite of pin-init Benno Lossin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260116105514.3794384-9-lossin@kernel.org \
--to=lossin@kernel.org \
--cc=a.hindborg@kernel.org \
--cc=aliceryhl@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=gary@garyguo.net \
--cc=linux-kernel@vger.kernel.org \
--cc=me@Kloenk.dev \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox