linux-stable/rust
Boqun Feng 2d07a38ec9 rust: macros: provide correct provenance when constructing THIS_MODULE
commit a5a3c952e8 upstream.

Currently while defining `THIS_MODULE` symbol in `module!()`, the
pointer used to construct `ThisModule` is derived from an immutable
reference of `__this_module`, which means the pointer doesn't have
the provenance for writing, and that means any write to that pointer
is UB regardless of data races or not. However, the usage of
`THIS_MODULE` includes passing this pointer to functions that may write
to it (probably in unsafe code), and this will create soundness issues.

One way to fix this is using `addr_of_mut!()` but that requires the
unstable feature "const_mut_refs". So instead of `addr_of_mut()!`,
an extern static `Opaque` is used here: since `Opaque<T>` is transparent
to `T`, an extern static `Opaque` will just wrap the C symbol (defined
in a C compile unit) in an `Opaque`, which provides a pointer with
writable provenance via `Opaque::get()`. This fix the potential UBs
because of pointer provenance unmatched.

Reported-by: Alice Ryhl <aliceryhl@google.com>
Signed-off-by: Boqun Feng <boqun.feng@gmail.com>
Reviewed-by: Alice Ryhl <aliceryhl@google.com>
Reviewed-by: Trevor Gross <tmgross@umich.edu>
Reviewed-by: Benno Lossin <benno.lossin@proton.me>
Reviewed-by: Gary Guo <gary@garyguo.net>
Closes: https://rust-for-linux.zulipchat.com/#narrow/stream/x/topic/x/near/465412664
Fixes: 1fbde52bde ("rust: add `macros` crate")
Cc: stable@vger.kernel.org # 6.6.x: be2ca1e039: ("rust: types: Make Opaque::get const")
Link: https://lore.kernel.org/r/20240828180129.4046355-1-boqun.feng@gmail.com
[ Fixed two typos, reworded title. - Miguel ]
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
[ Boqun: Use `UnsafeCell` since `Opaque` is not in v6.1, as suggested by
  Gary Guo, `UnsafeCell` also suffices for this particular case because
  `__this_module` is only used to create `THIS_MODULE`, no other Rust
  code will touch it. ]
Signed-off-by: Boqun Feng <boqun.feng@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-10-17 15:22:24 +02:00
..
alloc rust: adapt alloc crate to the kernel 2022-09-28 08:57:01 +02:00
bindings rust: allocator: Prevent mis-aligned allocation 2023-08-11 12:08:18 +02:00
kernel rust: error: Rename to_kernel_errno() -> to_errno() 2024-05-17 11:56:16 +02:00
macros rust: macros: provide correct provenance when constructing THIS_MODULE 2024-10-17 15:22:24 +02:00
.gitignore Kbuild: add Rust support 2022-09-28 09:02:20 +02:00
bindgen_parameters Kbuild: add Rust support 2022-09-28 09:02:20 +02:00
compiler_builtins.rs rust: add compiler_builtins crate 2022-09-28 08:58:00 +02:00
exports.c rust: export generated symbols 2022-09-28 08:59:52 +02:00
helpers.c
Makefile rust: kbuild: fix export of bss symbols 2024-09-12 11:10:21 +02:00