Re: [PATCH v3 07/11] rust: security: replace `core::mem::zeroed` with `pin_init::zeroed`
From: Paul Moore
Date: Thu Aug 14 2025 - 11:25:31 EST
On Thu, Aug 14, 2025 at 5:31 AM Benno Lossin <lossin@xxxxxxxxxx> wrote:
>
> All types in `bindings` implement `Zeroable` if they can, so use
> `pin_init::zeroed` instead of relying on `unsafe` code.
>
> If this ends up not compiling in the future, something in bindgen or on
> the C side changed and is most likely incorrect.
>
> Signed-off-by: Benno Lossin <lossin@xxxxxxxxxx>
> ---
> rust/kernel/security.rs | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
I'm happy to take this via the LSM tree, but it would be nice to see a
Reviewed-by/Acked-by from someone with a better understanding of Rust
:)
Alice, you've reviewed/submitted LSM rust bits in the past, can you
look at this?
> diff --git a/rust/kernel/security.rs b/rust/kernel/security.rs
> index 0c63e9e7e564..11a6493525f3 100644
> --- a/rust/kernel/security.rs
> +++ b/rust/kernel/security.rs
> @@ -25,8 +25,7 @@ impl SecurityCtx {
> /// Get the security context given its id.
> #[inline]
> pub fn from_secid(secid: u32) -> Result<Self> {
> - // SAFETY: `struct lsm_context` can be initialized to all zeros.
> - let mut ctx: bindings::lsm_context = unsafe { core::mem::zeroed() };
> + let mut ctx: bindings::lsm_context = pin_init::zeroed();
>
> // SAFETY: Just a C FFI call. The pointer is valid for writes.
> to_result(unsafe { bindings::security_secid_to_secctx(secid, &mut ctx) })?;
> --
> 2.50.1
--
paul-moore.com