From: Benno Lossin <lossin@kernel.org>
To: "Benno Lossin" <lossin@kernel.org>, "Gary Guo" <gary@garyguo.net>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Boqun Feng" <boqun@kernel.org>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Danilo Krummrich" <dakr@kernel.org>,
"Wedson Almeida Filho" <wedsonaf@gmail.com>
Cc: stable@vger.kernel.org, rust-for-linux@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH 2/2] rust: pin-init: internal: init: document load-bearing fact of field accessors
Date: Sat, 28 Feb 2026 12:37:05 +0100 [thread overview]
Message-ID: <20260228113713.1402110-2-lossin@kernel.org> (raw)
In-Reply-To: <20260228113713.1402110-1-lossin@kernel.org>
We cannot support packed structs without significant changes [1]. The
field accessors ensure that the compiler emits an error if one tries to
create an initializer for a packed struct.
Link: https://github.com/Rust-for-Linux/pin-init/issues/112 [1]
Fixes: 90e53c5e70a6 ("rust: add pin-init API core")
Cc: stable@vger.kernel.org # needed in 6.19, 6.18, 6.17, 6.16, 6.12, 6.6. see below the `---` for more info
Signed-off-by: Benno Lossin <lossin@kernel.org>
---
As already explained in the previous email, we discovered an unsoundness
in pin-init that exists since the beginning, but was unknowingly fixed
in commit 42415d163e5d ("rust: pin-init: add references to previously
initialized fields").
We introduced pin-init in 90e53c5e70a6 ("rust: add pin-init API core"),
which was included in 6.4. The affected stable trees that are still
maintained are: 6.17, 6.16, 6.12, and 6.6. Note that 6.18 and 6.19
already contain 42415d163e5d, so they are unaffected.
We still should backport this piece of documentation explaining the need
for the field accessors for soundness. For this reasons we also want to
backport it to 6.18 and 6.19.
Note that this patch depends on 42415d163e5d; so the only versions this
patch can go in directly are 6.18 and 6.19. I will send separate patch
series' for the older versions. The series' will include a backport of
42415d163e5d as well as this patch, since this patch depends on the
`syn` rewrite, which is not present in older versions.
---
rust/pin-init/internal/src/init.rs | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/rust/pin-init/internal/src/init.rs b/rust/pin-init/internal/src/init.rs
index da53adc44ecf..533029d53d30 100644
--- a/rust/pin-init/internal/src/init.rs
+++ b/rust/pin-init/internal/src/init.rs
@@ -251,6 +251,11 @@ fn init_fields(
});
// Again span for better diagnostics
let write = quote_spanned!(ident.span()=> ::core::ptr::write);
+ // NOTE: the field accessor ensures that the initialized struct is not
+ // `repr(packed)`. If it were, the compiler would emit E0793. We do not support
+ // packed structs, since `Init::__init` requires an aligned pointer; the same
+ // requirement that the call to `ptr::write` below has.
+ // For more info see <https://github.com/Rust-for-Linux/pin-init/issues/112>
let accessor = if pinned {
let project_ident = format_ident!("__project_{ident}");
quote! {
@@ -278,6 +283,11 @@ fn init_fields(
InitializerKind::Init { ident, value, .. } => {
// Again span for better diagnostics
let init = format_ident!("init", span = value.span());
+ // NOTE: the field accessor ensures that the initialized struct is not
+ // `repr(packed)`. If it were, the compiler would emit E0793. We do not support
+ // packed structs, since `Init::__init` requires an aligned pointer; the same
+ // requirement that the call to `ptr::write` below has.
+ // For more info see <https://github.com/Rust-for-Linux/pin-init/issues/112>
let (value_init, accessor) = if pinned {
let project_ident = format_ident!("__project_{ident}");
(
--
2.53.0
next parent reply other threads:[~2026-02-28 11:37 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20260228113713.1402110-1-lossin@kernel.org>
2026-02-28 11:37 ` Benno Lossin [this message]
2026-02-28 11:55 ` [PATCH 2/2] rust: pin-init: internal: init: document load-bearing fact of field accessors Gary Guo
2026-02-28 14:56 ` Benno Lossin
2026-02-28 14:11 ` Miguel Ojeda
2026-02-28 14:49 ` Benno Lossin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260228113713.1402110-2-lossin@kernel.org \
--to=lossin@kernel.org \
--cc=a.hindborg@kernel.org \
--cc=aliceryhl@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun@kernel.org \
--cc=dakr@kernel.org \
--cc=gary@garyguo.net \
--cc=linux-kernel@vger.kernel.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tmgross@umich.edu \
--cc=wedsonaf@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox