git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Gary Guo <gary@garyguo.net>
	Tue, 12 May 2026 15:17:20 +0000 (16:17 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 14 May 2026 13:31:20 +0000 (15:31 +0200)
commit	0ab7f61a52f197ad4c92b4bfa9faad76bdc5c505
tree	6ff9f5d8c5fe49f2432f85dcd18f67f39373486b	tree \| snapshot
parent	950cb436165aad0f8f2cd49da3cd07677465bcde	commit \| diff

rust: pin-init: fix incorrect accessor reference lifetime

commit 68bf102226cf2199dc609b67c1e847cad4de4b57 upstream

When a field has been initialized, `init!`/`pin_init!` create a reference
or pinned reference to the field so it can be accessed later during the
initialization of other fields. However, the reference it created is
incorrectly `&'static` rather than just the scope of the initializer.

This means that you can do

    init!(Foo {
        a: 1,
        _: {
            let b: &'static u32 = a;
        }
    })

which is unsound.

This is caused by `&mut (*#slot).#ident`, which actually allows arbitrary
lifetime, so this is effectively `'static`. Somewhat ironically, the safety
justification of creating the accessor is.. "SAFETY: TODO".

Fix it by adding `let_binding` method on `DropGuard` to shorten lifetime.
This results exactly what we want for these accessors. The safety and
invariant comments of `DropGuard` have been reworked; instead of reasoning
about what caller can do with the guard, express it in a way that the
ownership is transferred to the guard and `forget` takes it back, so the
unsafe operations within the `DropGuard` can be more easily justified.

Fixes: db96c5103ae6 ("add references to previously initialized fields")
Signed-off-by: Gary Guo <gary@garyguo.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

rust/pin-init/internal/src/init.rs		diff \| blob \| blame \| history
rust/pin-init/src/__internal.rs		diff \| blob \| blame \| history