summaryrefslogtreecommitdiff
path: root/init
diff options
context:
space:
mode:
authorBenno Lossin <benno.lossin@proton.me>2024-04-01 18:52:50 +0000
committerMiguel Ojeda <ojeda@kernel.org>2024-04-16 21:13:43 +0200
commit7044dcff8301b29269016ebd17df27c4736140d2 (patch)
tree548e126314b26a51f0145d95359392f1e073683a /init
parent49ceae68a0df9a92617a61e9ce8a0efcf6419585 (diff)
rust: macros: fix soundness issue in `module!` macro
The `module!` macro creates glue code that are called by C to initialize the Rust modules using the `Module::init` function. Part of this glue code are the local functions `__init` and `__exit` that are used to initialize/destroy the Rust module. These functions are safe and also visible to the Rust mod in which the `module!` macro is invoked. This means that they can be called by other safe Rust code. But since they contain `unsafe` blocks that rely on only being called at the right time, this is a soundness issue. Wrap these generated functions inside of two private modules, this guarantees that the public functions cannot be called from the outside. Make the safe functions `unsafe` and add SAFETY comments. Cc: stable@vger.kernel.org Reported-by: Björn Roy Baron <bjorn3_gh@protonmail.com> Closes: https://github.com/Rust-for-Linux/linux/issues/629 Fixes: 1fbde52bde73 ("rust: add `macros` crate") Signed-off-by: Benno Lossin <benno.lossin@proton.me> Reviewed-by: Wedson Almeida Filho <walmeida@microsoft.com> Link: https://lore.kernel.org/r/20240401185222.12015-1-benno.lossin@proton.me [ Moved `THIS_MODULE` out of the private-in-private modules since it should remain public, as Dirk Behme noticed [1]. Capitalized comments, avoided newline in non-list SAFETY comments and reworded to add Reported-by and newline. ] Link: https://rust-for-linux.zulipchat.com/#narrow/stream/291565-Help/topic/x/near/433512583 [1] Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
Diffstat (limited to 'init')
0 files changed, 0 insertions, 0 deletions