1. Patchew
  2. linux
  3. [PATCH v2 0/2] Miscdevices in Rust
  4. View patch

[PATCH v2 1/2] rust: types: add Opaque::try_ffi_init

Alice Ryhl posted 2 patches 1 month, 4 weeks ago
[PATCH v2 1/2] rust: types: add Opaque::try_ffi_init
Posted by Alice Ryhl 1 month, 4 weeks ago 
This will be used by the miscdevice abstractions, as the C function
`misc_register` is fallible.

Signed-off-by: Alice Ryhl <aliceryhl@google.com>
---
 rust/kernel/types.rs | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
index 9e7ca066355c..070d03152937 100644
--- a/rust/kernel/types.rs
+++ b/rust/kernel/types.rs
@@ -299,6 +299,22 @@ pub fn ffi_init(init_func: impl FnOnce(*mut T)) -> impl PinInit<Self> {
         }
     }
 
+    /// Creates a fallible pin-initializer from the given initializer closure.
+    ///
+    /// The returned initializer calls the given closure with the pointer to the inner `T` of this
+    /// `Opaque`. Since this memory is uninitialized, the closure is not allowed to read from it.
+    ///
+    /// This function is safe, because the `T` inside of an `Opaque` is allowed to be
+    /// uninitialized. Additionally, access to the inner `T` requires `unsafe`, so the caller needs
+    /// to verify at that point that the inner value is valid.
+    pub fn try_ffi_init<E>(
+        init_func: impl FnOnce(*mut T) -> Result<(), E>,
+    ) -> impl PinInit<Self, E> {
+        // SAFETY: We contain a `MaybeUninit`, so it is OK for the `init_func` to not fully
+        // initialize the `T`.
+        unsafe { init::pin_init_from_closure::<_, E>(move |slot| init_func(Self::raw_get(slot))) }
+    }
+
     /// Returns a raw pointer to the opaque data.
     pub const fn get(&self) -> *mut T {
         UnsafeCell::get(&self.value).cast::<T>()

-- 
2.46.1.824.gd892dcdcdd-goog
Re: [PATCH v2 1/2] rust: types: add Opaque::try_ffi_init
Posted by Trevor Gross 1 month ago 
On Tue, Oct 1, 2024 at 3:23 AM Alice Ryhl <aliceryhl@google.com> wrote:
>
> This will be used by the miscdevice abstractions, as the C function
> `misc_register` is fallible.
>
> Signed-off-by: Alice Ryhl <aliceryhl@google.com>
> ---
>  rust/kernel/types.rs | 16 ++++++++++++++++
>  1 file changed, 16 insertions(+)
>
> diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
> index 9e7ca066355c..070d03152937 100644
> --- a/rust/kernel/types.rs
> +++ b/rust/kernel/types.rs
> @@ -299,6 +299,22 @@ pub fn ffi_init(init_func: impl FnOnce(*mut T)) -> impl PinInit<Self> {
>          }
>      }
>
> +    /// Creates a fallible pin-initializer from the given initializer closure.
> +    ///
> +    /// The returned initializer calls the given closure with the pointer to the inner `T` of this
> +    /// `Opaque`. Since this memory is uninitialized, the closure is not allowed to read from it.
> +    ///
> +    /// This function is safe, because the `T` inside of an `Opaque` is allowed to be
> +    /// uninitialized. Additionally, access to the inner `T` requires `unsafe`, so the caller needs
> +    /// to verify at that point that the inner value is valid.
> +    pub fn try_ffi_init<E>(
> +        init_func: impl FnOnce(*mut T) -> Result<(), E>,
> +    ) -> impl PinInit<Self, E> {
> +        // SAFETY: We contain a `MaybeUninit`, so it is OK for the `init_func` to not fully
> +        // initialize the `T`.
> +        unsafe { init::pin_init_from_closure::<_, E>(move |slot| init_func(Self::raw_get(slot))) }
> +    }

[1] adjusts `ffi_init` to use `try_ffi_init`. Maybe this should do the same?

[1]: https://lore.kernel.org/rust-for-linux/20241022213221.2383-2-dakr@kernel.org/
Re: [PATCH v2 1/2] rust: types: add Opaque::try_ffi_init
Posted by Alice Ryhl 1 month ago 
On Fri, Oct 25, 2024 at 6:10 AM Trevor Gross <tmgross@umich.edu> wrote:
>
> On Tue, Oct 1, 2024 at 3:23 AM Alice Ryhl <aliceryhl@google.com> wrote:
> >
> > This will be used by the miscdevice abstractions, as the C function
> > `misc_register` is fallible.
> >
> > Signed-off-by: Alice Ryhl <aliceryhl@google.com>
> > ---
> >  rust/kernel/types.rs | 16 ++++++++++++++++
> >  1 file changed, 16 insertions(+)
> >
> > diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
> > index 9e7ca066355c..070d03152937 100644
> > --- a/rust/kernel/types.rs
> > +++ b/rust/kernel/types.rs
> > @@ -299,6 +299,22 @@ pub fn ffi_init(init_func: impl FnOnce(*mut T)) -> impl PinInit<Self> {
> >          }
> >      }
> >
> > +    /// Creates a fallible pin-initializer from the given initializer closure.
> > +    ///
> > +    /// The returned initializer calls the given closure with the pointer to the inner `T` of this
> > +    /// `Opaque`. Since this memory is uninitialized, the closure is not allowed to read from it.
> > +    ///
> > +    /// This function is safe, because the `T` inside of an `Opaque` is allowed to be
> > +    /// uninitialized. Additionally, access to the inner `T` requires `unsafe`, so the caller needs
> > +    /// to verify at that point that the inner value is valid.
> > +    pub fn try_ffi_init<E>(
> > +        init_func: impl FnOnce(*mut T) -> Result<(), E>,
> > +    ) -> impl PinInit<Self, E> {
> > +        // SAFETY: We contain a `MaybeUninit`, so it is OK for the `init_func` to not fully
> > +        // initialize the `T`.
> > +        unsafe { init::pin_init_from_closure::<_, E>(move |slot| init_func(Self::raw_get(slot))) }
> > +    }
>
> [1] adjusts `ffi_init` to use `try_ffi_init`. Maybe this should do the same?
>
> [1]: https://lore.kernel.org/rust-for-linux/20241022213221.2383-2-dakr@kernel.org/

Ah, I wasn't able to find previous patches for this, but I guess there was one.

This patch has already landed in char-misc-next, so this can be a
follow-up if you want to change it.

Alice
Re: [PATCH v2 1/2] rust: types: add Opaque::try_ffi_init
Posted by Benno Lossin 1 month, 4 weeks ago 
On 01.10.24 10:22, Alice Ryhl wrote:
> This will be used by the miscdevice abstractions, as the C function
> `misc_register` is fallible.
> 
> Signed-off-by: Alice Ryhl <aliceryhl@google.com>

Reviewed-by: Benno Lossin <benno.lossin@proton.me>

---
Cheers,
Benno

> ---
>  rust/kernel/types.rs | 16 ++++++++++++++++
>  1 file changed, 16 insertions(+)
> 
> diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
> index 9e7ca066355c..070d03152937 100644
> --- a/rust/kernel/types.rs
> +++ b/rust/kernel/types.rs
> @@ -299,6 +299,22 @@ pub fn ffi_init(init_func: impl FnOnce(*mut T)) -> impl PinInit<Self> {
>          }
>      }
> 
> +    /// Creates a fallible pin-initializer from the given initializer closure.
> +    ///
> +    /// The returned initializer calls the given closure with the pointer to the inner `T` of this
> +    /// `Opaque`. Since this memory is uninitialized, the closure is not allowed to read from it.
> +    ///
> +    /// This function is safe, because the `T` inside of an `Opaque` is allowed to be
> +    /// uninitialized. Additionally, access to the inner `T` requires `unsafe`, so the caller needs
> +    /// to verify at that point that the inner value is valid.
> +    pub fn try_ffi_init<E>(
> +        init_func: impl FnOnce(*mut T) -> Result<(), E>,
> +    ) -> impl PinInit<Self, E> {
> +        // SAFETY: We contain a `MaybeUninit`, so it is OK for the `init_func` to not fully
> +        // initialize the `T`.
> +        unsafe { init::pin_init_from_closure::<_, E>(move |slot| init_func(Self::raw_get(slot))) }
> +    }
> +
>      /// Returns a raw pointer to the opaque data.
>      pub const fn get(&self) -> *mut T {
>          UnsafeCell::get(&self.value).cast::<T>()
> 
> --
> 2.46.1.824.gd892dcdcdd-goog
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.