Re: [PATCH] rust: sync: fix safety comment for `static_lock_class`
From: Alice Ryhl
Date: Tue Jul 22 2025 - 07:34:59 EST
On Tue, Jul 22, 2025 at 1:21 PM Benno Lossin <lossin@xxxxxxxxxx> wrote:
>
> On Wed May 21, 2025 at 1:17 AM CEST, Benno Lossin wrote:
> > The safety comment mentions lockdep -- which from a Rust perspective
> > isn't important -- and doesn't mention the real reason for why it's
> > sound to create `LockClassKey` as uninitialized memory.
> >
> > Signed-off-by: Benno Lossin <lossin@xxxxxxxxxx>
> > ---
> >
> > I don't think we need to backport this.
> >
> > ---
> > rust/kernel/sync.rs | 7 +++++--
> > 1 file changed, 5 insertions(+), 2 deletions(-)
> >
> > diff --git a/rust/kernel/sync.rs b/rust/kernel/sync.rs
> > index 36a719015583..a10c812d8777 100644
> > --- a/rust/kernel/sync.rs
> > +++ b/rust/kernel/sync.rs
> > @@ -93,8 +93,11 @@ fn drop(self: Pin<&mut Self>) {
> > macro_rules! static_lock_class {
> > () => {{
> > static CLASS: $crate::sync::LockClassKey =
> > - // SAFETY: lockdep expects uninitialized memory when it's handed a statically allocated
> > - // lock_class_key
> > + // Lockdep expects uninitialized memory when it's handed a statically allocated `struct
> > + // lock_class_key`.
> > + //
> > + // SAFETY: `LockClassKey` transparently wraps `Opaque` which permits uninitialized
> > + // memory.
> > unsafe { ::core::mem::MaybeUninit::uninit().assume_init() };
>
> Looking at this patch with fresh eyes (thanks for the bump, Alice :) I
> think we should rather have a public unsafe function on `LockClassKey`
> that creates an uninitialized lock class key. I'd like to avoid the
> `MaybeUninit::uninit().assume_init()` pattern, as it might confuse
> people & it looks very wrong.
>
> We can take this patch, as it definitely is an improvement, but I think
> we should also just fix this properly. Any thoughts?
Could that constructor be used in non-static cases?
Alice