bkernel icon indicating copy to clipboard operation
bkernel copied to clipboard
verified publisher icon rasendubi

Mark init function as unsafe

Open kitcatier opened this issue 2 years ago • 3 comments

Hello, I found a soundness issue in this crate. https://github.com/rasendubi/bkernel/blob/521e10000b3297274b4ba9fa0abdd221df3c87f1/stm32f4/nvic.rs#L113-L130 It is not a good choice to mark the entire function body as unsafe, which will make the caller ignore the safety requirements that the function parameters must guarantee. Marking them unsafe also means that callers must make sure they know what they're doing.

kitcatier avatar Mar 17 '23 02:03 kitcatier

Cool, what unsoundness is possible?

rasendubi avatar Mar 17 '23 15:03 rasendubi

Cool, what unsoundness is possible?

get()/set() functions needs to ensure that the parameter must be: https://doc.rust-lang.org/core/intrinsics/fn.volatile_load.html

  • src must be valid for reads.
  • src must be properly aligned.
  • src must point to a properly initialized value of type T. https://doc.rust-lang.org/core/ptr/fn.write_volatile.html
  • dst must be valid for writes.
  • dst must be properly aligned. It seems that the safety requirements of the parameters are not clear to others callers.

kitcatier avatar Mar 17 '23 16:03 kitcatier

Sure. What rule is violated? What are the safety requirements of parameters?

rasendubi avatar Mar 17 '23 16:03 rasendubi