lib: revert InPlaceWrite implementation for Arc<MaybeUninit<T>>

bonzini · BennoLossin · commit 23a123863801 · 2024-11-29T15:55:28.000+01:00
The kernel version of pinned_init implemented InPlaceWrite on UniqueArc, not Arc. This ensures that InPlaceWrite is not writing to a shared Arc. Userspace does not have this facility and therefore cannot lift the kernel implementation of InPlaceWrite directly into Arc<>. One possibility would be to use Arc::get_mut(), though this would introduce a panic in the case where the Arc is shared. So just revert part of commit 6841b61 ("rust: init: add `write_[pin_]init` functions", 2024-11-22). Suggested-by: Benno Lossin <benno.lossin@proton.me> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
diff --git a/src/lib.rs b/src/lib.rs
@@ -1225,15 +1225,29 @@ impl<T> InPlaceInit<T> for Arc<T> {
     where
         E: From<AllocError>,
     {
-        Arc::try_new_uninit()?.write_pin_init(init)
+        let mut this = Arc::try_new_uninit()?;
+        let slot = unsafe { Arc::get_mut_unchecked(&mut this) };
+        let slot = slot.as_mut_ptr();
+        // SAFETY: When init errors/panics, slot will get deallocated but not dropped,
+        // slot is valid and will not be moved, because we pin it later.
+        unsafe { init.__pinned_init(slot)? };
+        // SAFETY: All fields have been initialized and this is the only `Arc` to that data.
+        Ok(unsafe { Pin::new_unchecked(this.assume_init()) })
     }
 
     #[inline]
     fn try_init<E>(init: impl Init<T, E>) -> Result<Self, E>
     where
         E: From<AllocError>,
     {
-        Arc::try_new_uninit()?.write_init(init)
+        let mut this = Arc::try_new_uninit()?;
+        let slot = unsafe { Arc::get_mut_unchecked(&mut this) };
+        let slot = slot.as_mut_ptr();
+        // SAFETY: When init errors/panics, slot will get deallocated but not dropped,
+        // slot is valid.
+        unsafe { init.__init(slot)? };
+        // SAFETY: All fields have been initialized.
+        Ok(unsafe { this.assume_init() })
     }
 }
 
@@ -1276,31 +1290,6 @@ impl<T> InPlaceWrite<T> for Box<MaybeUninit<T>> {
     }
 }
 
-#[cfg(feature = "alloc")]
-impl<T> InPlaceWrite<T> for Arc<MaybeUninit<T>> {
-    type Initialized = Arc<T>;
-
-    fn write_init<E>(mut self, init: impl Init<T, E>) -> Result<Self::Initialized, E> {
-        let slot = unsafe { Arc::get_mut_unchecked(&mut self) };
-        let slot = slot.as_mut_ptr();
-        // SAFETY: When init errors/panics, slot will get deallocated but not dropped,
-        // slot is valid.
-        unsafe { init.__init(slot)? };
-        // SAFETY: All fields have been initialized.
-        Ok(unsafe { self.assume_init() })
-    }
-
-    fn write_pin_init<E>(mut self, init: impl PinInit<T, E>) -> Result<Pin<Self::Initialized>, E> {
-        let slot = unsafe { Arc::get_mut_unchecked(&mut self) };
-        let slot = slot.as_mut_ptr();
-        // SAFETY: When init errors/panics, slot will get deallocated but not dropped,
-        // slot is valid and will not be moved, because we pin it later.
-        unsafe { init.__pinned_init(slot)? };
-        // SAFETY: All fields have been initialized and this is the only `Arc` to that data.
-        Ok(unsafe { Pin::new_unchecked(self.assume_init()) })
-    }
-}
-
 /// Trait facilitating pinned destruction.
 ///
 /// Use [`pinned_drop`] to implement this trait safely:
