On Wed, Apr 3, 2024 at 11:07 PM Laine Taffin Altman alexanderaltman@me.com wrote:
In Rust, producing an invalid value of any type is immediate undefined behavior (UB); this includes via zeroing memory. Therefore, since an uninhabited type has no valid values, producing any values at all for it is UB.
The Rust standard library type `core::convert::Infallible` is uninhabited, by virtue of having been declared as an enum with no cases, which always produces uninhabited types in Rust.
The current kernel code allows this UB to be triggered, for example by code like `Box::core::convert::Infallible::init(kernel::init::zeroed())`.
Thus, remove the implementation of `Zeroable` for `Infallible`, thereby avoiding the unsoundness (potential for future UB).
Cc: stable@vger.kernel.org Fixes: 38cde0bd7b67 ("rust: init: add `Zeroable` trait and `init::zeroed` function") Closes: https://github.com/Rust-for-Linux/pinned-init/pull/13 Signed-off-by: Laine Taffin Altman alexanderaltman@me.com Reviewed-by: Alice Ryhl aliceryhl@google.com Reviewed-by: Boqun Feng boqun.feng@gmail.com
[ Reformatted the comment slightly. ]
Applied to `rust-fixes` -- thanks everyone! Please feel free to still send tags.
Cheers, Miguel