Re: [PATCH] rust: sync: fix safety comment for `static_lock_class`

From: Benno Lossin
Date: Tue Jul 22 2025 - 08:03:40 EST

Next message: Vinod Koul: "Re: [PATCH] soundwire: replace scnprintf() with sysfs_emit() for sysfs consistency"
Previous message: Wang Tao: "[PATCH] Re: [PATCH] sched/fair: Only increment deadline once on yield"
In reply to: Alice Ryhl: "Re: [PATCH] rust: sync: fix safety comment for `static_lock_class`"
Next in thread: Boqun Feng: "Re: [PATCH] rust: sync: fix safety comment for `static_lock_class`"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue Jul 22, 2025 at 1:34 PM CEST, Alice Ryhl wrote:
> On Tue, Jul 22, 2025 at 1:21 PM Benno Lossin <lossin@xxxxxxxxxx> wrote:
>> On Wed May 21, 2025 at 1:17 AM CEST, Benno Lossin wrote:
>> > The safety comment mentions lockdep -- which from a Rust perspective
>> > isn't important -- and doesn't mention the real reason for why it's
>> > sound to create `LockClassKey` as uninitialized memory.
>> >
>> > Signed-off-by: Benno Lossin <lossin@xxxxxxxxxx>
>> > ---
>> >
>> > I don't think we need to backport this.
>> >
>> > ---
>> > rust/kernel/sync.rs | 7 +++++--
>> > 1 file changed, 5 insertions(+), 2 deletions(-)
>> >
>> > diff --git a/rust/kernel/sync.rs b/rust/kernel/sync.rs
>> > index 36a719015583..a10c812d8777 100644
>> > --- a/rust/kernel/sync.rs
>> > +++ b/rust/kernel/sync.rs
>> > @@ -93,8 +93,11 @@ fn drop(self: Pin<&mut Self>) {
>> > macro_rules! static_lock_class {
>> > () => {{
>> > static CLASS: $crate::sync::LockClassKey =
>> > - // SAFETY: lockdep expects uninitialized memory when it's handed a statically allocated
>> > - // lock_class_key
>> > + // Lockdep expects uninitialized memory when it's handed a statically allocated `struct
>> > + // lock_class_key`.
>> > + //
>> > + // SAFETY: `LockClassKey` transparently wraps `Opaque` which permits uninitialized
>> > + // memory.
>> > unsafe { ::core::mem::MaybeUninit::uninit().assume_init() };
>>
>> Looking at this patch with fresh eyes (thanks for the bump, Alice :) I
>> think we should rather have a public unsafe function on `LockClassKey`
>> that creates an uninitialized lock class key. I'd like to avoid the
>> `MaybeUninit::uninit().assume_init()` pattern, as it might confuse
>> people & it looks very wrong.
>>
>> We can take this patch, as it definitely is an improvement, but I think
>> we should also just fix this properly. Any thoughts?
>
> Could that constructor be used in non-static cases?

I don't know lockdep, so maybe yes? Or do you mean that it could be
abused?

---
Cheers,
Benno

Next message: Vinod Koul: "Re: [PATCH] soundwire: replace scnprintf() with sysfs_emit() for sysfs consistency"
Previous message: Wang Tao: "[PATCH] Re: [PATCH] sched/fair: Only increment deadline once on yield"
In reply to: Alice Ryhl: "Re: [PATCH] rust: sync: fix safety comment for `static_lock_class`"
Next in thread: Boqun Feng: "Re: [PATCH] rust: sync: fix safety comment for `static_lock_class`"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]