On Fri, Nov 03, 2023 at 09:57:46PM +0000, Benno Lossin wrote:
Hi,
I noticed that without commit 0b4e3b6f6b79 ("rust: types: make `Opaque`
be `!Unpin`") the `Opaque` type has an unsound API:
The `Opaque` type is designed to wrap C types, hence it is often used to
convert raw pointers to references in Rust. Normally `&mut` references
are unique, but for `&mut Opaque<T>` this is should not be the case,
since C also has pointers to the object. The way to disable the
uniqueness guarantee for `&mut` in Rust is to make the type `!Unpin`.
This is accomplished by the given commit above. At the time of creating
that patch however, we did not consider this unsoundness issue.
For this reason I propose to backport the commit 0b4e3b6f6b79.
The only affected version is 6.5. No earlier version is affected, since
the `Opaque` type does not exist in 6.1. Newer versions are also
unaffected, since the patch is present in 6.6.
Additionally I also propose to backport commit 35cad617df2e ("rust: make
`UnsafeCell` the outer type in `Opaque`") to 6.5, as this is a
prerequisite of 0b4e3b6f6b79.
Queued up, thanks!
--
Thanks,
Sasha
