On Wed, Apr 3, 2024 at 11:07 PM Laine Taffin Altman
<alexanderaltman@xxxxxx> wrote:
>
> In Rust, producing an invalid value of any type is immediate undefined
> behavior (UB); this includes via zeroing memory. Therefore, since an
> uninhabited type has no valid values, producing any values at all for it is
> UB.
>
> The Rust standard library type `core::convert::Infallible` is uninhabited,
> by virtue of having been declared as an enum with no cases, which always
> produces uninhabited types in Rust.
>
> The current kernel code allows this UB to be triggered, for example by code
> like `Box::<core::convert::Infallible>::init(kernel::init::zeroed())`.
>
> Thus, remove the implementation of `Zeroable` for `Infallible`, thereby
> avoiding the unsoundness (potential for future UB).
>
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: 38cde0bd7b67 ("rust: init: add `Zeroable` trait and `init::zeroed` function")
> Closes: https://github.com/Rust-for-Linux/pinned-init/pull/13
> Signed-off-by: Laine Taffin Altman <alexanderaltman@xxxxxx>
> Reviewed-by: Alice Ryhl <aliceryhl@xxxxxxxxxx>
> Reviewed-by: Boqun Feng <boqun.feng@xxxxxxxxx>
[ Reformatted the comment slightly. ]
Applied to `rust-fixes` -- thanks everyone! Please feel free to still send tags.
Cheers,
Miguel
