* backport 0b4e3b6f6b79 and 35cad617df2e
@ 2023-11-03 21:57 Benno Lossin
2023-11-04 21:02 ` Sasha Levin
0 siblings, 1 reply; 2+ messages in thread
From: Benno Lossin @ 2023-11-03 21:57 UTC (permalink / raw)
To: stable
Cc: Miguel Ojeda, Alex Gaynor, Wedson Almeida Filho, Alice Ryhl,
Benno Lossin, Gary Guo, Andreas Hindborg,
Martin Rodriguez Reboredo, rust-for-linux
Hi,
I noticed that without commit 0b4e3b6f6b79 ("rust: types: make `Opaque`
be `!Unpin`") the `Opaque` type has an unsound API:
The `Opaque` type is designed to wrap C types, hence it is often used to
convert raw pointers to references in Rust. Normally `&mut` references
are unique, but for `&mut Opaque<T>` this is should not be the case,
since C also has pointers to the object. The way to disable the
uniqueness guarantee for `&mut` in Rust is to make the type `!Unpin`.
This is accomplished by the given commit above. At the time of creating
that patch however, we did not consider this unsoundness issue.
For this reason I propose to backport the commit 0b4e3b6f6b79.
The only affected version is 6.5. No earlier version is affected, since
the `Opaque` type does not exist in 6.1. Newer versions are also
unaffected, since the patch is present in 6.6.
Additionally I also propose to backport commit 35cad617df2e ("rust: make
`UnsafeCell` the outer type in `Opaque`") to 6.5, as this is a
prerequisite of 0b4e3b6f6b79.
--
Cheers,
Benno
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: backport 0b4e3b6f6b79 and 35cad617df2e
2023-11-03 21:57 backport 0b4e3b6f6b79 and 35cad617df2e Benno Lossin
@ 2023-11-04 21:02 ` Sasha Levin
0 siblings, 0 replies; 2+ messages in thread
From: Sasha Levin @ 2023-11-04 21:02 UTC (permalink / raw)
To: Benno Lossin
Cc: stable, Miguel Ojeda, Alex Gaynor, Wedson Almeida Filho,
Alice Ryhl, Gary Guo, Andreas Hindborg, Martin Rodriguez Reboredo,
rust-for-linux
On Fri, Nov 03, 2023 at 09:57:46PM +0000, Benno Lossin wrote:
>Hi,
>
>I noticed that without commit 0b4e3b6f6b79 ("rust: types: make `Opaque`
>be `!Unpin`") the `Opaque` type has an unsound API:
>The `Opaque` type is designed to wrap C types, hence it is often used to
>convert raw pointers to references in Rust. Normally `&mut` references
>are unique, but for `&mut Opaque<T>` this is should not be the case,
>since C also has pointers to the object. The way to disable the
>uniqueness guarantee for `&mut` in Rust is to make the type `!Unpin`.
>This is accomplished by the given commit above. At the time of creating
>that patch however, we did not consider this unsoundness issue.
>
>For this reason I propose to backport the commit 0b4e3b6f6b79.
>The only affected version is 6.5. No earlier version is affected, since
>the `Opaque` type does not exist in 6.1. Newer versions are also
>unaffected, since the patch is present in 6.6.
>
>Additionally I also propose to backport commit 35cad617df2e ("rust: make
>`UnsafeCell` the outer type in `Opaque`") to 6.5, as this is a
>prerequisite of 0b4e3b6f6b79.
Queued up, thanks!
--
Thanks,
Sasha
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-11-04 21:02 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-11-03 21:57 backport 0b4e3b6f6b79 and 35cad617df2e Benno Lossin
2023-11-04 21:02 ` Sasha Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).