From nobody Sun Nov 24 15:03:41 2024 Received: from mail-yw1-f180.google.com (mail-yw1-f180.google.com [209.85.128.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AF96C1FCF65; Mon, 4 Nov 2024 21:20:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730755239; cv=none; b=GAyBLkFPimoCdwh7bVt+viXiCmSe+peI7e33YW+smxIbvbf3sggllYfam081ynIcTZJ3Nc32qfTz6/h6+ntk2LPm4eMRpSLBq4kT8o7vehL4elmfaWypokfARcoxak6jTVqGkuVeuy72LXmDHx4IhM+gaH2vE8FtnidaNZyGQ48= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730755239; c=relaxed/simple; bh=ZQJQKIX5ZQX5sWC8n0SlJ4WezNt3GyNXog192hsNxCY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=SqO96rNb2kLQEM5D4ax7AcPmMSV+31BuQ5ua0sheQUnrtbL+JG+KcCuG9mgwEw5aZb+/Qh6lrUIPk7KyysEs1BB1LXft3MEaT+EuEMK3Ge7rcuXNZxxKRll3GAoUJ8mKqLvE4h5/NYb1STLUnjGUbYJc/Dq8xCqRKRAutGBEu4g= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=aWM3IVnX; arc=none smtp.client-ip=209.85.128.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="aWM3IVnX" Received: by mail-yw1-f180.google.com with SMTP id 00721157ae682-6e35bf59cf6so53148457b3.0; Mon, 04 Nov 2024 13:20:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730755236; x=1731360036; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=WFaJ7SKjLkqumVjX6cB33YzQSDHI8oE6Bx++li6t+j0=; b=aWM3IVnXXCmoq2ZEsVt2REz9dRu3IoQsDZfWdSJxaMcQAKqyNQ3qlGB5nZdBAkSb+x A+gg9sVGtLA14Kg00V4mL8Ct9Q9hDp/cbzKO92xV5oVLj1Ypb6HNdMCLIAYMgKR6Uoio cuMdnaQbbPUWBiAWoac0JWvzxV1ZvWrn/Rzhq70SxJ0dic/KZK/S56oJ7wH7GWZI16Ao OCiWXdrpuM1QF/LrIV/i8LNzZrqDK7kET3ZVOZphW8uOWatzGV+2AlYzLjDPDvmiQKuw m3/aIOMUcVyaF0yfDYUJs8vIaf9lpq+1hZDeqEdQE3oOLsipNKB3ZUj+aTtF1pKgNVI1 HsuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730755236; x=1731360036; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WFaJ7SKjLkqumVjX6cB33YzQSDHI8oE6Bx++li6t+j0=; b=Zvrt83ISQv0kIQn9MNMblAsA1w+Als1Umm08ixw/vbs7WNP4n+aHKKl5sLgvMOineI qj3aXHsBF5TvuADDdwqbuvmZ5/0t/4zA0FKUnBESxIcvY1BHjUH9DZhUFQPxpL0+t/tX J5xF0tBvQcgYs+ADWq3vE5TFXudQt2d1TUllzwh0SJ5W8gTAexRYuiLYCnmTpkRnlZtC DKnEDzN3A3M4ygWWavl4UzAzd8tsTHLXL1bEQO0/RrxSTy+A6bm37b5PJe7u06QLLaQv VdHZMeg+ESKbomCCu2ZVqGKsPxaQCn7McZKUzjlsromJoRIL7Re6he+5csrcdYITfNdn qS4A== X-Forwarded-Encrypted: i=1; AJvYcCXsdhCj95FPLM9YHXkan4Oq8wv/6U7acaXtgWghx8qeSb4uKSo4HNJtoBHXyuXcz7HQPLto8IiK97F7M7g=@vger.kernel.org X-Gm-Message-State: AOJu0YwaF2zWmdxlzQwJvXnTKCsoLUEr5DcRdD60rkt+CiU+RT6GZXDt ZP+KN8E0K7BnqMupnV4MxDhLquDZ4/CE8cWznus+SStLFIwKeYsJ4701qckfR+Q= X-Google-Smtp-Source: AGHT+IF0rTLgR8521D56bV4cJm4ZTduVQUejqQO4V6gD0ZxOhUod9UzSqkGikJpDHC2DbSBdhm0hpw== X-Received: by 2002:a05:690c:62c8:b0:6e3:23d9:ccd4 with SMTP id 00721157ae682-6ea5591e4b4mr118234727b3.21.1730755236573; Mon, 04 Nov 2024 13:20:36 -0800 (PST) Received: from 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa ([102.129.152.180]) by smtp.gmail.com with ESMTPSA id 00721157ae682-6ea55b1ed29sm19555817b3.53.2024.11.04.13.20.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Nov 2024 13:20:36 -0800 (PST) From: Tamir Duberstein Date: Mon, 04 Nov 2024 17:20:27 -0400 Subject: [PATCH v2 1/6] rust: arc: use `NonNull::new_unchecked` Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20241104-borrow-mut-v2-1-de650678648d@gmail.com> References: <20241104-borrow-mut-v2-0-de650678648d@gmail.com> In-Reply-To: <20241104-borrow-mut-v2-0-de650678648d@gmail.com> To: Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, Tamir Duberstein X-Mailer: b4 0.15-dev There is no need to check (and panic on violations of) the safety requirements on `ForeignOwnable` functions. Avoiding the check is consistent with the implementation of `ForeignOwnable` for `Box`. Signed-off-by: Tamir Duberstein Reviewed-by: Alice Ryhl --- rust/kernel/sync/arc.rs | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index db9da352d588f65348aa7a5204abbb165b70197f..2c9b7d4a2554278ce8608f4f4c7= f9cfe87b21492 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -337,9 +337,9 @@ fn into_foreign(self) -> *const core::ffi::c_void { } =20 unsafe fn borrow<'a>(ptr: *const core::ffi::c_void) -> ArcBorrow<'a, T= > { - // By the safety requirement of this function, we know that `ptr` = came from - // a previous call to `Arc::into_foreign`. - let inner =3D NonNull::new(ptr as *mut ArcInner).unwrap(); + // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous + // call to `Self::into_foreign`. + let inner =3D unsafe { NonNull::new_unchecked(ptr as *mut ArcInner= ) }; =20 // SAFETY: The safety requirements of `from_foreign` ensure that t= he object remains alive // for the lifetime of the returned value. @@ -347,10 +347,14 @@ unsafe fn borrow<'a>(ptr: *const core::ffi::c_void) -= > ArcBorrow<'a, T> { } =20 unsafe fn from_foreign(ptr: *const core::ffi::c_void) -> Self { + // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous + // call to `Self::into_foreign`. + let inner =3D unsafe { NonNull::new_unchecked(ptr as *mut ArcInner= ) }; + // SAFETY: By the safety requirement of this function, we know tha= t `ptr` came from // a previous call to `Arc::into_foreign`, which guarantees that `= ptr` is valid and // holds a reference count increment that is transferrable to us. - unsafe { Self::from_inner(NonNull::new(ptr as _).unwrap()) } + unsafe { Self::from_inner(inner) } } } =20 --=20 2.47.0 From nobody Sun Nov 24 15:03:41 2024 Received: from mail-yw1-f170.google.com (mail-yw1-f170.google.com [209.85.128.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 35CBD1FDFA0; Mon, 4 Nov 2024 21:20:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730755241; cv=none; b=BjDh6GecvPQwB0PnfynzfeQBbzI1asrnqTCENZ8DXrHKuXC4XdkfmlFf+vY7muaU2BvGWY0cQLJ/c1Ed+F/wiEAbAJPLO6TCUSLEEk7SNQtEBf/2qGj4brYh9ifz/GzeeYFjpBg9azEmiUjPi1U3j/GmIGAqaOofVWABnAlybLY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730755241; c=relaxed/simple; bh=NBPpIjCfCBzFzTqVitvlZTNxC1N977x8lAE5YiMeWig=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=HuZJK98Fy0AYNKN+uvdbxr2CunBHyYKiZFvLFuw9uKXmoeVP/XwFRfAuYzTpRO1j2735hP70iiMo6ECyJ5U7j3uxzLV1rFUX8pSW0YZ1qDh5IVuOZE3a/KHGabITWtUacN73kHfVmsqi/TJVWTjMhI6oDxh/3Ze7o9QZ7xIqWCo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=WR1ghJ62; arc=none smtp.client-ip=209.85.128.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="WR1ghJ62" Received: by mail-yw1-f170.google.com with SMTP id 00721157ae682-6e5e5c43497so37588467b3.3; Mon, 04 Nov 2024 13:20:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730755239; x=1731360039; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=7DkzMNh/JmDESgjanxg0KNSdGmmyOpzh6cmcoyZX928=; b=WR1ghJ62C2HM4vi41WctM+w1SI1G9hXm5efyQFDV5hEAd3gwrLag1Q0bAG08pOCAMH OCy62eUEyGqqUY4WosXRIRQ3XkXrTNW/aIxUNnBeVrou6J7pn2gs/Rppx0d5SExiS4S6 F9tAUtppK/VeZh9P/8DVEuuK6gTtcDOfIQ0TyFlAgF65aoBeCd0C8WXpZCFjx03hny4F EvoMGujvGMTkeF+Ta5ePD0BeEexdcPJn1bEyCyCGZHrWxodAtxsUCW7BrSaZ7sJ2mquL QiaXG7WMP1W6npo2w0McVEYMw955IRbp+Q+6ptFXK5/WkIWjyeoMIiBCkB4mS/wu5NaY R1GQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730755239; x=1731360039; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7DkzMNh/JmDESgjanxg0KNSdGmmyOpzh6cmcoyZX928=; b=MwtE49s/8Dr4IhryheTVfhsB6nQZgLx7NOFK3wtmN0idghbgRKbrOvDq3Nhn31d5ew cOYzkZk1PEo/h3wjxOy9Otu35TcVsr3NAVrDUtZXgjbWTD8D1ZxqGR2Mi2d+Y/Xm6sLw TXTgqrkceSznOAgJjkoch3ABltLCoaU0BxKowMVbpG6BCN9wondT2MfcWqtSrHHMWZ3w Sx7Rcc1h/A+C4s3BsEQJ04F/k92rEmYDpqqahZ5f2bLvUv642wFNC1CsTRa0eMpGA//Y KfIytoerKYzgiV+T8bxxnELgpVT/M8Qt4x83NGWrbA1MwMIHQnXeuKM/x2nHPVK4Ms4r z/0g== X-Forwarded-Encrypted: i=1; AJvYcCWRFuyULzsdtF1NZYPbCxtWNVWUtUZTahGcsDb8pg8fRML3BcvFKWxxpzFQ9UwpW2YHTQjqTz2vlo9nZVo=@vger.kernel.org X-Gm-Message-State: AOJu0YxkEvRyVuSh1xKCUiQlu9YOMbYjuzqukwkhOlRPrvMq+WsOzO9R zPrrJyFMvMbFJLDkM6DJwu41u7fBLxUJa/c0hm1PBukvhdWfCXRD X-Google-Smtp-Source: AGHT+IHuI/ppzNLVFJvU7dEErxKjuD+rFC6iqbqk2sB3RSCpFoloekkcinx3gYx4DNbp3qnj3yNTjA== X-Received: by 2002:a05:690c:6f02:b0:6ea:1f5b:1f64 with SMTP id 00721157ae682-6ea521cb7edmr188939137b3.0.1730755239016; Mon, 04 Nov 2024 13:20:39 -0800 (PST) Received: from 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa ([102.129.152.180]) by smtp.gmail.com with ESMTPSA id 00721157ae682-6ea55b1ed29sm19555817b3.53.2024.11.04.13.20.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Nov 2024 13:20:38 -0800 (PST) From: Tamir Duberstein Date: Mon, 04 Nov 2024 17:20:28 -0400 Subject: [PATCH v2 2/6] rust: types: avoid `as` casts Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20241104-borrow-mut-v2-2-de650678648d@gmail.com> References: <20241104-borrow-mut-v2-0-de650678648d@gmail.com> In-Reply-To: <20241104-borrow-mut-v2-0-de650678648d@gmail.com> To: Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, Tamir Duberstein X-Mailer: b4 0.15-dev Replace `as` casts with `cast{,_const,_mut}` which are a bit safer. Signed-off-by: Tamir Duberstein --- rust/kernel/alloc/kbox.rs | 10 ++++++---- rust/kernel/sync/arc.rs | 9 +++++---- rust/kernel/types.rs | 2 +- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/rust/kernel/alloc/kbox.rs b/rust/kernel/alloc/kbox.rs index d69c32496b86a2315f81cafc8e6771ebb0cf10d1..b6b6723098b6b30743bf38c97aa= b0e701a5a1be4 100644 --- a/rust/kernel/alloc/kbox.rs +++ b/rust/kernel/alloc/kbox.rs @@ -356,13 +356,13 @@ impl ForeignOwnable for Box type Borrowed<'a> =3D &'a T; =20 fn into_foreign(self) -> *const core::ffi::c_void { - Box::into_raw(self) as _ + Box::into_raw(self).cast_const().cast() } =20 unsafe fn from_foreign(ptr: *const core::ffi::c_void) -> Self { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. - unsafe { Box::from_raw(ptr as _) } + unsafe { Box::from_raw(ptr.cast_mut().cast()) } } =20 unsafe fn borrow<'a>(ptr: *const core::ffi::c_void) -> &'a T { @@ -380,13 +380,15 @@ impl ForeignOwnable for Pin> =20 fn into_foreign(self) -> *const core::ffi::c_void { // SAFETY: We are still treating the box as pinned. - Box::into_raw(unsafe { Pin::into_inner_unchecked(self) }) as _ + Box::into_raw(unsafe { Pin::into_inner_unchecked(self) }) + .cast_const() + .cast() } =20 unsafe fn from_foreign(ptr: *const core::ffi::c_void) -> Self { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. - unsafe { Pin::new_unchecked(Box::from_raw(ptr as _)) } + unsafe { Pin::new_unchecked(Box::from_raw(ptr.cast_mut().cast())) } } =20 unsafe fn borrow<'a>(ptr: *const core::ffi::c_void) -> Pin<&'a T> { diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index 2c9b7d4a2554278ce8608f4f4c7f9cfe87b21492..af383bcd003e1122ebe1b62a49f= e40279458e379 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -201,10 +201,11 @@ pub fn new(contents: T, flags: Flags) -> Result { }; =20 let inner =3D KBox::new(value, flags)?; + let inner =3D KBox::leak(inner).into(); =20 // SAFETY: We just created `inner` with a reference count of 1, wh= ich is owned by the new // `Arc` object. - Ok(unsafe { Self::from_inner(KBox::leak(inner).into()) }) + Ok(unsafe { Self::from_inner(inner) }) } } =20 @@ -333,13 +334,13 @@ impl ForeignOwnable for Arc { type Borrowed<'a> =3D ArcBorrow<'a, T>; =20 fn into_foreign(self) -> *const core::ffi::c_void { - ManuallyDrop::new(self).ptr.as_ptr() as _ + ManuallyDrop::new(self).ptr.as_ptr().cast_const().cast() } =20 unsafe fn borrow<'a>(ptr: *const core::ffi::c_void) -> ArcBorrow<'a, T= > { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. - let inner =3D unsafe { NonNull::new_unchecked(ptr as *mut ArcInner= ) }; + let inner =3D unsafe { NonNull::new_unchecked(ptr.cast_mut().cast:= :>()) }; =20 // SAFETY: The safety requirements of `from_foreign` ensure that t= he object remains alive // for the lifetime of the returned value. @@ -349,7 +350,7 @@ unsafe fn borrow<'a>(ptr: *const core::ffi::c_void) -> = ArcBorrow<'a, T> { unsafe fn from_foreign(ptr: *const core::ffi::c_void) -> Self { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. - let inner =3D unsafe { NonNull::new_unchecked(ptr as *mut ArcInner= ) }; + let inner =3D unsafe { NonNull::new_unchecked(ptr.cast_mut().cast:= :>()) }; =20 // SAFETY: By the safety requirement of this function, we know tha= t `ptr` came from // a previous call to `Arc::into_foreign`, which guarantees that `= ptr` is valid and diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs index fae80814fa1c5e0f11933f2f15e173f0e3a10fe0..364dd2dc438eb7d1c4d0a4525bf= 2305a42297b2b 100644 --- a/rust/kernel/types.rs +++ b/rust/kernel/types.rs @@ -418,7 +418,7 @@ pub unsafe fn from_raw(ptr: NonNull) -> Self { /// } /// /// let mut data =3D Empty {}; - /// let ptr =3D NonNull::::new(&mut data as *mut _).unwrap(); + /// let ptr =3D NonNull::::new(&mut data).unwrap(); /// # // SAFETY: TODO. /// let data_ref: ARef =3D unsafe { ARef::from_raw(ptr) }; /// let raw_ptr: NonNull =3D ARef::into_raw(data_ref); --=20 2.47.0 From nobody Sun Nov 24 15:03:41 2024 Received: from mail-yw1-f172.google.com (mail-yw1-f172.google.com [209.85.128.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3AC291FDFBA; Mon, 4 Nov 2024 21:20:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730755243; cv=none; b=piWonicWJvDhYZ82L/etcgja/2MWaK9lAQkL6R9SqTUiJ8JthQaZhtkYsfY11mWSRXaPd2FnVRCqR0bVzTlqnY6RieLF0kq1maUBNJo861Oeby7z+arx3aDsC2M5QbGvdmvR7c94lcYTcsaYbUjskvWx/ywL1ZgPsIkzDBVgYD8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730755243; c=relaxed/simple; bh=DP9anbMhjZ9XA8YZROoJwdFzrkdKSmSxASx2gY57IUo=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=OzyKPOzL0Vbq1OWIo9NwKNj8SfeHzkQdGZ9qeonovkDUJsnYSRLqVOg1VHLg7dTtzGEC6idU3ofM0nj6uOBvtndo3939SXQJPs8GIDyiU7FUOrMnO4FKdQXTovq6Y2VtC+TgyWCb3pHuFRcfVy0AYzrHlzbSutGg3r1/mZfIXhE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=GkqAUFkW; arc=none smtp.client-ip=209.85.128.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="GkqAUFkW" Received: by mail-yw1-f172.google.com with SMTP id 00721157ae682-6ea051d04caso34657457b3.0; Mon, 04 Nov 2024 13:20:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730755241; x=1731360041; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=IREF9jMIoVsYmfw326uvfOb6uWdfXcXPz0ts5IFgljg=; b=GkqAUFkWSxHRpwo/67r0dRGDDfLz+jS8btc99Z8/7HY1siMuFaHO2vIXWtXeYH9Cb5 a3WAQ9hgYxIqj5Kxd5AWq+FtB3wzrwQ4TjWL35SSWw1fvVtvc4+8e6wcdC7SmzpXpdSe jEhclATIZH/EVgSQ+PMeRkalP9MymdGwdl5W2Labrw+8K9mexPKOPi3IPxL5tAOFKmAr 8q2kCdON+ri59BL2eKqjkkJkxeOlMd0Td4b4i1PlfG411HFvX+2hNqDBT6WZDnzR/S0/ Dhho6zQV/2S7j6yHVMlBtbbr1KSiAHtRA4QpfHchk0hO3OB8tcH2AK1s9ZT/kIdfVWxR 53pA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730755241; x=1731360041; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IREF9jMIoVsYmfw326uvfOb6uWdfXcXPz0ts5IFgljg=; b=BdMcZxiHSDFFu0N6HAXy9itPo/ZjUX6rS57aaLKuDuJ1KZOZmIgULOxC3A1VpzGA6Z BXj0eZEV9FZZbblOP5K3HgBP1HMwhDZqbr9lFsgWhgbpIpE2IOfy7buWZdQgOmHf3gaE CPT44yRvg5BYqe8rsj4gERi1iDUnm4wGxh4LFiG12zURxeZVPHFVcTHSq6sxEHJ0/0tj Qx4Hhuk4Pf4OMiO6Sn5CcALYKxkTtwf+phOCe6oKmW9Zn1PvcjECGmO422QmXLsjXrRY xGSvAgtFDvtRIj4vaksgnextPOTetjFcdFFUJo33zbGNjVhYmYUpY9X3qm0ZUQBvGUM1 2O8w== X-Forwarded-Encrypted: i=1; AJvYcCXSdN2wF54iYyyQhnSqQjzNSxioiTSv1a/O41yoNkXOKYrbNGIk8KGllK86RHGf60qlg9W7Vp5lrv2zf5w=@vger.kernel.org X-Gm-Message-State: AOJu0YxJ3ac+vgWAWT/qkBM/IE9xV9MrtkgVdEXviF12xqlfv5PDP+DJ KMQVff9kpW4eKODFe0JOt125u6deYLKbBwA71zwfbRdK+yiTtBkH X-Google-Smtp-Source: AGHT+IH4lulu3t030chORFcZy8Urvlxhm0SWkTzugE34rArx4yYHNbUvKu+F00TQuW5m7MljRbsUNA== X-Received: by 2002:a05:690c:9c0e:b0:6e3:2ec1:457a with SMTP id 00721157ae682-6ea64bb23e7mr135448547b3.29.1730755241204; Mon, 04 Nov 2024 13:20:41 -0800 (PST) Received: from 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa ([102.129.152.180]) by smtp.gmail.com with ESMTPSA id 00721157ae682-6ea55b1ed29sm19555817b3.53.2024.11.04.13.20.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Nov 2024 13:20:40 -0800 (PST) From: Tamir Duberstein Date: Mon, 04 Nov 2024 17:20:29 -0400 Subject: [PATCH v2 3/6] rust: arc: split unsafe block, add missing comment Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20241104-borrow-mut-v2-3-de650678648d@gmail.com> References: <20241104-borrow-mut-v2-0-de650678648d@gmail.com> In-Reply-To: <20241104-borrow-mut-v2-0-de650678648d@gmail.com> To: Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, Tamir Duberstein X-Mailer: b4 0.15-dev The new SAFETY comment style is taken from existing comments in `deref` and `drop. Signed-off-by: Tamir Duberstein Reviewed-by: Alice Ryhl --- rust/kernel/sync/arc.rs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index af383bcd003e1122ebe1b62a49fe40279458e379..9adea755a5ad1a7b03f7fc30a7a= bc76c1f966c6c 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -377,10 +377,14 @@ fn as_ref(&self) -> &T { =20 impl Clone for Arc { fn clone(&self) -> Self { + // SAFETY: By the type invariant, there is necessarily a reference= to the object, so it is + // safe to dereference it. + let refcount =3D unsafe { self.ptr.as_ref() }.refcount.get(); + // INVARIANT: C `refcount_inc` saturates the refcount, so it canno= t overflow to zero. // SAFETY: By the type invariant, there is necessarily a reference= to the object, so it is // safe to increment the refcount. - unsafe { bindings::refcount_inc(self.ptr.as_ref().refcount.get()) = }; + unsafe { bindings::refcount_inc(refcount) }; =20 // SAFETY: We just incremented the refcount. This increment is now= owned by the new `Arc`. unsafe { Self::from_inner(self.ptr) } --=20 2.47.0 From nobody Sun Nov 24 15:03:41 2024 Received: from mail-yw1-f171.google.com (mail-yw1-f171.google.com [209.85.128.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F35A11FE0F9; Mon, 4 Nov 2024 21:20:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.171 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730755246; cv=none; b=QLEAKlM5MwuckMfeOkX//LuOUHNm57OlbpD6RAv+zG4hzPA23AisMyRzAgOBreRGKyHTx8Adml6qkGOHqX3iBX1CI74KnyC6w0t9ncWSlzM9E1emm8H5drxnM+s7UzMBu4KrBNhITe8W7avztyOUyZaDD9dvhsgaROOgD1ufC8w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730755246; c=relaxed/simple; bh=bQgx0aVr+dpdEM3aadIoXc3nVC7MElyiVaFf+CugMVE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Ip6AFfl6SgUP3ZbTAPZsRMzlXLxtODmmh+Ragf53Fe8D6DGc0TJyVXKObWKO1cAu0LrSgEaiRdSGK5yH0uVA7CuBYx6YAa1D3UNYSoUcrseAqk0+mO+AHQCXXaBWwWLmJR/ZXgSDCcZvIMLC2YcLyWG11MoozabzC4d4FWiX/a0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=IkE25CUJ; arc=none smtp.client-ip=209.85.128.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="IkE25CUJ" Received: by mail-yw1-f171.google.com with SMTP id 00721157ae682-6ea1407e978so44601577b3.1; Mon, 04 Nov 2024 13:20:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730755244; x=1731360044; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=Y8Tz/65EOGIRDKpwI97BrihSIW6jiaqoSXa7tScKwyA=; b=IkE25CUJLjLWGmxCP3uBukSPoyY2yDr/XPPi2HVCA2iFku+Of3kn/2rlAa3/tOTgwW I0g6ybXrVxRpK96YNNgijqhPm2tzAUm7pt/rqoXjrj8/izdmqbr5i7mZvL2gYbTbMpxg FMH+dTSyvL53wsvWY9PzUGW99qlZmNJhrgbd0D4oR/MtaZrxLdgrIDX5sONf9mdU6Up/ nZnm3hcGi9IuwI/staFa1bnKV5CPeYfH+C5Nde/6UfId6AOBuD1/ubsrBamYoeQbsKPc vT9gtQGjXQArlsvZ8PjrMpioIEqs7JRYgCxhbUQn2hF+tvhle93fxDP/aCeBawh7uUqa AJOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730755244; x=1731360044; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Y8Tz/65EOGIRDKpwI97BrihSIW6jiaqoSXa7tScKwyA=; b=bSkc2P8Mno2/2TcO30Kc9gku82UnWDDczmtXtFUjLvmfcXkUJ4FsMmWb6OPWfKt6An S4YikRbpJG4Orozp5nE4kp2i81KFIkZQn3x3VRGq2WzjomCygw2qWIIHT7z0cJLis7G4 IoSUCT8NtQ4+Nf2nWH/G/7lbU8gj0ClW8QDRtNekJGBjMfPIMI971n+FjpnNF25VkX1O Sa2e19J29Bn4jCup8mwttnFdxl1QweVKTwgmoUlGAetoXTz7m82YV+F3+K3qrrQsPGk+ /CDrhKt8IKDmuydwLWkGzljXTz5X4yFSZW9s2iE1+cBb4md0w9BEiGHCpJ8DOv/xcSDC P6ew== X-Forwarded-Encrypted: i=1; AJvYcCXJZfYnSAlWeMlIuHjwLBCrCre2wfoc5i+x88UyewPTvawanaw7wfU/xiUjrLWou6ZT840a2iGq8v8KR/s=@vger.kernel.org X-Gm-Message-State: AOJu0Yyw2YbJTAuWKF4wTzc21r8R0i9wQcmzngXICg+eS8hnBoMgCt3f wifbJtDTJqueogJj/vdbX/dQy6P0XkJEXLpkuKsBY6iq9wiVt9Rl X-Google-Smtp-Source: AGHT+IGvz3w80mhRc+SXtPvwt2CoPGHdlfJxU6T2WlCIPJ7SOhOHSchs+L/JbN2sWaV+nT16UOBVgw== X-Received: by 2002:a05:690c:9a03:b0:6d3:e798:a1e1 with SMTP id 00721157ae682-6ea64be6345mr141234617b3.40.1730755243924; Mon, 04 Nov 2024 13:20:43 -0800 (PST) Received: from 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa ([102.129.152.180]) by smtp.gmail.com with ESMTPSA id 00721157ae682-6ea55b1ed29sm19555817b3.53.2024.11.04.13.20.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Nov 2024 13:20:42 -0800 (PST) From: Tamir Duberstein Date: Mon, 04 Nov 2024 17:20:30 -0400 Subject: [PATCH v2 4/6] rust: change `ForeignOwnable` pointer to mut Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20241104-borrow-mut-v2-4-de650678648d@gmail.com> References: <20241104-borrow-mut-v2-0-de650678648d@gmail.com> In-Reply-To: <20241104-borrow-mut-v2-0-de650678648d@gmail.com> To: Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, Tamir Duberstein X-Mailer: b4 0.15-dev It is slightly more convenient to operate on mut pointers, and this also properly conveys the desired ownership semantics of the trait. Signed-off-by: Tamir Duberstein Reviewed-by: Andreas Hindborg Reviewed-by: Alice Ryhl --- rust/kernel/alloc/kbox.rs | 22 ++++++++++------------ rust/kernel/sync/arc.rs | 12 ++++++------ rust/kernel/types.rs | 14 +++++++------- 3 files changed, 23 insertions(+), 25 deletions(-) diff --git a/rust/kernel/alloc/kbox.rs b/rust/kernel/alloc/kbox.rs index b6b6723098b6b30743bf38c97aab0e701a5a1be4..99d0fc0148bb8779e5a769a6e74= 291ef8101bf77 100644 --- a/rust/kernel/alloc/kbox.rs +++ b/rust/kernel/alloc/kbox.rs @@ -355,17 +355,17 @@ impl ForeignOwnable for Box { type Borrowed<'a> =3D &'a T; =20 - fn into_foreign(self) -> *const core::ffi::c_void { - Box::into_raw(self).cast_const().cast() + fn into_foreign(self) -> *mut core::ffi::c_void { + Box::into_raw(self).cast() } =20 - unsafe fn from_foreign(ptr: *const core::ffi::c_void) -> Self { + unsafe fn from_foreign(ptr: *mut core::ffi::c_void) -> Self { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. - unsafe { Box::from_raw(ptr.cast_mut().cast()) } + unsafe { Box::from_raw(ptr.cast()) } } =20 - unsafe fn borrow<'a>(ptr: *const core::ffi::c_void) -> &'a T { + unsafe fn borrow<'a>(ptr: *mut core::ffi::c_void) -> &'a T { // SAFETY: The safety requirements of this method ensure that the = object remains alive and // immutable for the duration of 'a. unsafe { &*ptr.cast() } @@ -378,20 +378,18 @@ impl ForeignOwnable for Pin> { type Borrowed<'a> =3D Pin<&'a T>; =20 - fn into_foreign(self) -> *const core::ffi::c_void { + fn into_foreign(self) -> *mut core::ffi::c_void { // SAFETY: We are still treating the box as pinned. - Box::into_raw(unsafe { Pin::into_inner_unchecked(self) }) - .cast_const() - .cast() + Box::into_raw(unsafe { Pin::into_inner_unchecked(self) }).cast() } =20 - unsafe fn from_foreign(ptr: *const core::ffi::c_void) -> Self { + unsafe fn from_foreign(ptr: *mut core::ffi::c_void) -> Self { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. - unsafe { Pin::new_unchecked(Box::from_raw(ptr.cast_mut().cast())) } + unsafe { Pin::new_unchecked(Box::from_raw(ptr.cast())) } } =20 - unsafe fn borrow<'a>(ptr: *const core::ffi::c_void) -> Pin<&'a T> { + unsafe fn borrow<'a>(ptr: *mut core::ffi::c_void) -> Pin<&'a T> { // SAFETY: The safety requirements for this function ensure that t= he object is still alive, // so it is safe to dereference the raw pointer. // The safety requirements of `from_foreign` also ensure that the = object remains alive for diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index 9adea755a5ad1a7b03f7fc30a7abc76c1f966c6c..10819dc28b64038b9abc55b01c0= 69826d1e5befa 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -333,24 +333,24 @@ pub fn into_unique_or_drop(self) -> Option>> { impl ForeignOwnable for Arc { type Borrowed<'a> =3D ArcBorrow<'a, T>; =20 - fn into_foreign(self) -> *const core::ffi::c_void { - ManuallyDrop::new(self).ptr.as_ptr().cast_const().cast() + fn into_foreign(self) -> *mut core::ffi::c_void { + ManuallyDrop::new(self).ptr.as_ptr().cast() } =20 - unsafe fn borrow<'a>(ptr: *const core::ffi::c_void) -> ArcBorrow<'a, T= > { + unsafe fn borrow<'a>(ptr: *mut core::ffi::c_void) -> ArcBorrow<'a, T> { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. - let inner =3D unsafe { NonNull::new_unchecked(ptr.cast_mut().cast:= :>()) }; + let inner =3D unsafe { NonNull::new_unchecked(ptr.cast::>()) }; =20 // SAFETY: The safety requirements of `from_foreign` ensure that t= he object remains alive // for the lifetime of the returned value. unsafe { ArcBorrow::new(inner) } } =20 - unsafe fn from_foreign(ptr: *const core::ffi::c_void) -> Self { + unsafe fn from_foreign(ptr: *mut core::ffi::c_void) -> Self { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. - let inner =3D unsafe { NonNull::new_unchecked(ptr.cast_mut().cast:= :>()) }; + let inner =3D unsafe { NonNull::new_unchecked(ptr.cast::>()) }; =20 // SAFETY: By the safety requirement of this function, we know tha= t `ptr` came from // a previous call to `Arc::into_foreign`, which guarantees that `= ptr` is valid and diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs index 364dd2dc438eb7d1c4d0a4525bf2305a42297b2b..59e71bd158713bb8e12cac95e13= 4f57a277c1b49 100644 --- a/rust/kernel/types.rs +++ b/rust/kernel/types.rs @@ -29,7 +29,7 @@ pub trait ForeignOwnable: Sized { /// For example, it might be invalid, dangling or pointing to uninitia= lized memory. Using it in /// any way except for [`ForeignOwnable::from_foreign`], [`ForeignOwna= ble::borrow`], /// [`ForeignOwnable::try_from_foreign`] can result in undefined behav= ior. - fn into_foreign(self) -> *const core::ffi::c_void; + fn into_foreign(self) -> *mut core::ffi::c_void; =20 /// Borrows a foreign-owned object. /// @@ -37,7 +37,7 @@ pub trait ForeignOwnable: Sized { /// /// `ptr` must have been returned by a previous call to [`ForeignOwnab= le::into_foreign`] for /// which a previous matching [`ForeignOwnable::from_foreign`] hasn't = been called yet. - unsafe fn borrow<'a>(ptr: *const core::ffi::c_void) -> Self::Borrowed<= 'a>; + unsafe fn borrow<'a>(ptr: *mut core::ffi::c_void) -> Self::Borrowed<'a= >; =20 /// Converts a foreign-owned object back to a Rust-owned one. /// @@ -47,7 +47,7 @@ pub trait ForeignOwnable: Sized { /// which a previous matching [`ForeignOwnable::from_foreign`] hasn't = been called yet. /// Additionally, all instances (if any) of values returned by [`Forei= gnOwnable::borrow`] for /// this object must have been dropped. - unsafe fn from_foreign(ptr: *const core::ffi::c_void) -> Self; + unsafe fn from_foreign(ptr: *mut core::ffi::c_void) -> Self; =20 /// Tries to convert a foreign-owned object back to a Rust-owned one. /// @@ -58,7 +58,7 @@ pub trait ForeignOwnable: Sized { /// /// `ptr` must either be null or satisfy the safety requirements for /// [`ForeignOwnable::from_foreign`]. - unsafe fn try_from_foreign(ptr: *const core::ffi::c_void) -> Option { + unsafe fn try_from_foreign(ptr: *mut core::ffi::c_void) -> Option { if ptr.is_null() { None } else { @@ -72,13 +72,13 @@ unsafe fn try_from_foreign(ptr: *const core::ffi::c_voi= d) -> Option { impl ForeignOwnable for () { type Borrowed<'a> =3D (); =20 - fn into_foreign(self) -> *const core::ffi::c_void { + fn into_foreign(self) -> *mut core::ffi::c_void { core::ptr::NonNull::dangling().as_ptr() } =20 - unsafe fn borrow<'a>(_: *const core::ffi::c_void) -> Self::Borrowed<'a= > {} + unsafe fn borrow<'a>(_: *mut core::ffi::c_void) -> Self::Borrowed<'a> = {} =20 - unsafe fn from_foreign(_: *const core::ffi::c_void) -> Self {} + unsafe fn from_foreign(_: *mut core::ffi::c_void) -> Self {} } =20 /// Runs a cleanup function/closure when dropped. --=20 2.47.0 From nobody Sun Nov 24 15:03:41 2024 Received: from mail-oi1-f179.google.com (mail-oi1-f179.google.com [209.85.167.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 516B81FCC72; Mon, 4 Nov 2024 21:20:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730755248; cv=none; b=IV9C0oM65BIe96UMKm63wQZXtBrEDGZ+aUG4dE77D/7Oyg3m2TXaEgSA8iPs5vGd/SNEJ6HApUtvk3QMiVl9AhfGLnj9LOBu51BP0Q5fxBHrnZALwAqVnEtFXc0jlYld99Ec5DFbmmjNLVXF5O7IfxzYg6p7u6t9+OIK5JXBS4E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730755248; c=relaxed/simple; bh=RaKFmRq+awv356mjVRWSMFiriafNjmgH4ivFZVqWZyQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=glOyoDaJVD4PABAP9wMwoTyGLa4RKEHKUC4c8f65xw1IG8sMNfoUjiohhmNOblq5Ago8hr5RWL3NgPSHANEgRLHdumnLC8wv22csJNUhBb5Kk6/pt6ur32TIM2O/2JO1JCCxnzGnJUFj/lYSum/SwfmznclrLR36SF6CIm+syUg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=m3HB7RZ4; arc=none smtp.client-ip=209.85.167.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="m3HB7RZ4" Received: by mail-oi1-f179.google.com with SMTP id 5614622812f47-3e604425aa0so2553737b6e.0; Mon, 04 Nov 2024 13:20:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730755246; x=1731360046; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=153KKk/APZ+Bybt5b00w+99Kvlnzp0lTrs+B9/03GTo=; b=m3HB7RZ4zgjbey20l/v6F/IeEAftf0lPD04bd9u2HadfsIqHqGjrUGKWemY2ZKLqow UIWbEvnQlaaqunEg8W5aniX113OQEZNRuc9wavhe11tIjPQ7aNTQDrvveDkmLzgNu5XK gfFVVpZkHCwdVVd+7jp5Bzms2ZMBI/qW1V9SqbN/fqWMOChHKLYeQkIWX/Wu092VCM3p gQc3mwESsoBAo+WqTKqecO0KsfIR2Lx6YHbXl321EU2R3RBvNgbBJbYZgR8SU9vJNi3i CU4tMRR5hgsBgRxDoqWh9tK/irbXrtyJuGfImnb1slRGcybRjA4wEYKnzHmyqWK1RpcO ql3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730755246; x=1731360046; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=153KKk/APZ+Bybt5b00w+99Kvlnzp0lTrs+B9/03GTo=; b=Elqx/XUqe+YggUtXkxs+Ymt4LHLPDiF3zk95B7/gWCrKevVvjy5QKwFDFaSLv5xwBW 2stQ+Vx/kLvw/s4zKWNS9WSaNIKHWll5Zv2CXMVMevk401d+Nw80BMmdCmAC3K3nH4xZ O9XdAI2yan7T/JtIHbxB8RmPJCje8bcsdFMS/Zi96n6cPsiOjatDTmsx7lcBJOLQIzQS rn8XK6Vsdw8xbI7qFNFvbUOXb+sA3Zgbaj2m9hlaO1L2qMOsIMPvZczKaV1BZEG3ju23 64iwcQI7QN/bTrC+nKXAkP9wk/x7UWU5H3vha+VKE/hyO8rChZURb10/gHkuEmcL/O7Z 5x3w== X-Forwarded-Encrypted: i=1; AJvYcCVnjeOPjDiyIotGUzSgmfBBicJ//54qpMEXAS6QDuKCGUeCZagCbwnH/NliPU0xbK9iqXtw5YB/XrWRDNY=@vger.kernel.org X-Gm-Message-State: AOJu0YwkEdJ+2BeqZW4K96rLaxLPtLC3DO+OctkJsi914k1tD3jpE8l1 cFEcRKwHV4i/CYuqRJufVzvHPs2iRiNubAat6GmaThsXImlyhY7I X-Google-Smtp-Source: AGHT+IGFXUtgQpZKfrslV/XuqZLhk8XxfKrtAW7p+/Kosri28Bc5901Q5KpTZ6Q77X89v+L9p9Oq+w== X-Received: by 2002:a05:6358:7e01:b0:1bc:57ce:9992 with SMTP id e5c5f4694b2df-1c3f9edb224mr1702754355d.15.1730755246030; Mon, 04 Nov 2024 13:20:46 -0800 (PST) Received: from 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa ([102.129.152.180]) by smtp.gmail.com with ESMTPSA id 00721157ae682-6ea55b1ed29sm19555817b3.53.2024.11.04.13.20.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Nov 2024 13:20:45 -0800 (PST) From: Tamir Duberstein Date: Mon, 04 Nov 2024 17:20:31 -0400 Subject: [PATCH v2 5/6] rust: reorder `ForeignOwnable` items Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20241104-borrow-mut-v2-5-de650678648d@gmail.com> References: <20241104-borrow-mut-v2-0-de650678648d@gmail.com> In-Reply-To: <20241104-borrow-mut-v2-0-de650678648d@gmail.com> To: Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, Tamir Duberstein X-Mailer: b4 0.15-dev `{into,from}_foreign` before `borrow` is slightly more logical. This removes an inconsistency with `kbox.rs` which already uses this ordering. Signed-off-by: Tamir Duberstein Reviewed-by: Alice Ryhl --- rust/kernel/sync/arc.rs | 18 +++++++++--------- rust/kernel/types.rs | 20 ++++++++++---------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index 10819dc28b64038b9abc55b01c069826d1e5befa..3c779b343aa8c396d2d4b7efdbc= 0f1ef524a0f1c 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -337,25 +337,25 @@ fn into_foreign(self) -> *mut core::ffi::c_void { ManuallyDrop::new(self).ptr.as_ptr().cast() } =20 - unsafe fn borrow<'a>(ptr: *mut core::ffi::c_void) -> ArcBorrow<'a, T> { + unsafe fn from_foreign(ptr: *mut core::ffi::c_void) -> Self { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. let inner =3D unsafe { NonNull::new_unchecked(ptr.cast::>()) }; =20 - // SAFETY: The safety requirements of `from_foreign` ensure that t= he object remains alive - // for the lifetime of the returned value. - unsafe { ArcBorrow::new(inner) } + // SAFETY: By the safety requirement of this function, we know tha= t `ptr` came from + // a previous call to `Arc::into_foreign`, which guarantees that `= ptr` is valid and + // holds a reference count increment that is transferrable to us. + unsafe { Self::from_inner(inner) } } =20 - unsafe fn from_foreign(ptr: *mut core::ffi::c_void) -> Self { + unsafe fn borrow<'a>(ptr: *mut core::ffi::c_void) -> ArcBorrow<'a, T> { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. let inner =3D unsafe { NonNull::new_unchecked(ptr.cast::>()) }; =20 - // SAFETY: By the safety requirement of this function, we know tha= t `ptr` came from - // a previous call to `Arc::into_foreign`, which guarantees that `= ptr` is valid and - // holds a reference count increment that is transferrable to us. - unsafe { Self::from_inner(inner) } + // SAFETY: The safety requirements of `from_foreign` ensure that t= he object remains alive + // for the lifetime of the returned value. + unsafe { ArcBorrow::new(inner) } } } =20 diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs index 59e71bd158713bb8e12cac95e134f57a277c1b49..b8f3594737401a3df841f30a20c= 4bd85743853ef 100644 --- a/rust/kernel/types.rs +++ b/rust/kernel/types.rs @@ -31,14 +31,6 @@ pub trait ForeignOwnable: Sized { /// [`ForeignOwnable::try_from_foreign`] can result in undefined behav= ior. fn into_foreign(self) -> *mut core::ffi::c_void; =20 - /// Borrows a foreign-owned object. - /// - /// # Safety - /// - /// `ptr` must have been returned by a previous call to [`ForeignOwnab= le::into_foreign`] for - /// which a previous matching [`ForeignOwnable::from_foreign`] hasn't = been called yet. - unsafe fn borrow<'a>(ptr: *mut core::ffi::c_void) -> Self::Borrowed<'a= >; - /// Converts a foreign-owned object back to a Rust-owned one. /// /// # Safety @@ -67,6 +59,14 @@ unsafe fn try_from_foreign(ptr: *mut core::ffi::c_void) = -> Option { unsafe { Some(Self::from_foreign(ptr)) } } } + + /// Borrows a foreign-owned object. + /// + /// # Safety + /// + /// `ptr` must have been returned by a previous call to [`ForeignOwnab= le::into_foreign`] for + /// which a previous matching [`ForeignOwnable::from_foreign`] hasn't = been called yet. + unsafe fn borrow<'a>(ptr: *mut core::ffi::c_void) -> Self::Borrowed<'a= >; } =20 impl ForeignOwnable for () { @@ -76,9 +76,9 @@ fn into_foreign(self) -> *mut core::ffi::c_void { core::ptr::NonNull::dangling().as_ptr() } =20 - unsafe fn borrow<'a>(_: *mut core::ffi::c_void) -> Self::Borrowed<'a> = {} - unsafe fn from_foreign(_: *mut core::ffi::c_void) -> Self {} + + unsafe fn borrow<'a>(_: *mut core::ffi::c_void) -> Self::Borrowed<'a> = {} } =20 /// Runs a cleanup function/closure when dropped. --=20 2.47.0 From nobody Sun Nov 24 15:03:41 2024 Received: from mail-yb1-f178.google.com (mail-yb1-f178.google.com [209.85.219.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 989F81FEFAC; Mon, 4 Nov 2024 21:20:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730755251; cv=none; b=dGqQBu8mhcL4HF2Jk0pl8dyqebCkoUeUrc4N7Lw9V9KeplUVKYNXQfaLagOl12/iS3TRQZGryL1zzDg+tyZGHKWA5Y0vvIb5RDPOPryksdInHvs7czpPaTh5SSmzSmCi5zlP+rB6WD5ZI38/8R4XDMuMruX6Rwp+kikICmpLCww= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730755251; c=relaxed/simple; bh=f3MKNdusBU+qI++nsu6jkpiNIt8+1NpPzHrMQRx7A2U=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=quflKZc/D4B8foHGKBbKhKWMIdMridhf43X6va6VOBlWZjh1gm0qy31zxfWQzPR6HPDM//rOIdCFbtSBSOlg9GR1OvgT/jG+kRjSKTJ3UrmLKC+++ELx7Hgzi/iJvYnwveBVxnIQtnvvNwIp7IRQy4Tb5u3crL01R9wX/wYOb2Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=H2SJRzNi; arc=none smtp.client-ip=209.85.219.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="H2SJRzNi" Received: by mail-yb1-f178.google.com with SMTP id 3f1490d57ef6-e28fe3b02ffso4088801276.3; Mon, 04 Nov 2024 13:20:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730755248; x=1731360048; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=vDLscm5IVmeNMDAedQjw2Ix2zCFH6FABN7zMEqlV7Uc=; b=H2SJRzNiyqYMrKYK+UF3X+lcdnSdOA7Rq8x4mXzb5CQgSQWQLUcDdXKOazFeP5zNNU Dwa5YU2WeCi7hW7nVeeJ4ihmxyOqfT/YQjV3uV3ywDzsyXtj9Z3MECq/BBY5JJM8yuR3 J5GeF//aXrvINdCoMzFn4Z1uPzHpUamRhDqWjvG/sfC4uvUWZwDO33RCOhC1gO5s2jME 0ph8byyHT10O9H8iHTwT1HP33ahcQR91iTb/UQQsdxWRemslQzXvTp2LwCKDNu8nB9tW xSVfEgPmZaNhhwqodXMqU/r6ikNWJau/zkmh99J+Dt1kpdAUONBoPTauYIcv/8U/zEhl Wy7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730755248; x=1731360048; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vDLscm5IVmeNMDAedQjw2Ix2zCFH6FABN7zMEqlV7Uc=; b=K80BOrTPVdRUPJ2FSAAb2WKj46VoEw2Va71UKb2FKyETVOSRejxX181KFLzL3LObt/ uRtl4LHsAeR28Q9RKLx4/3U5Y5C03j5IkUtgOl5s+LWkyaCASVJrKaT1b5m+TbkniUU4 de2/8pCDPFwJS8XoaCCk+yVEjbuYUiHUEvoKfj942WLfdSIz9gStQYadetY0hGQqQLES SynB1Hbt/8PQ71aP+f7YtfuYztZzZ8L9TjnT/I48BsEhheFZPLyyT6YkUDZkTnI4Z6k9 QIkoomqr8tO4/1Ue7LeYTuKSQ5+RRAFx1UhSAj2Wdk59F/HEYYrGSmggmcmXEctLq4zy jBBw== X-Forwarded-Encrypted: i=1; AJvYcCVpdSDepf+AzAOlmCtq0ZADkuDsZYLkzlGTaNdwM+Q9qhgPtPAtaf0wAhRNWPuge8p79cQ1R7NgZX0rkus=@vger.kernel.org X-Gm-Message-State: AOJu0YxhhPrf9qY6FOIjuaEHbVn7cgr5BfyqNuSxc/l/pFYIzqQCa2G/ UkI+S3KY/VCGb2fw3FIQkcZgTRe/bZoccKjOiDEC7g5rw3UmUMyn X-Google-Smtp-Source: AGHT+IHlJDWGbNKg/6rLSRDtR0vIz6P0lPq4F4HQ7af1kEE8IpA3r9j3oYK8eJauW2F7A0fA0RcO3g== X-Received: by 2002:a05:690c:4b09:b0:6ea:258f:a4a9 with SMTP id 00721157ae682-6ea523215d3mr179730057b3.9.1730755248372; Mon, 04 Nov 2024 13:20:48 -0800 (PST) Received: from 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa ([102.129.152.180]) by smtp.gmail.com with ESMTPSA id 00721157ae682-6ea55b1ed29sm19555817b3.53.2024.11.04.13.20.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Nov 2024 13:20:47 -0800 (PST) From: Tamir Duberstein Date: Mon, 04 Nov 2024 17:20:32 -0400 Subject: [PATCH v2 6/6] rust: add improved version of `ForeignOwnable::borrow_mut` Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20241104-borrow-mut-v2-6-de650678648d@gmail.com> References: <20241104-borrow-mut-v2-0-de650678648d@gmail.com> In-Reply-To: <20241104-borrow-mut-v2-0-de650678648d@gmail.com> To: Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, Tamir Duberstein , Martin Rodriguez Reboredo X-Mailer: b4 0.15-dev From: Alice Ryhl Previously, the `ForeignOwnable` trait had a method called `borrow_mut` that was intended to provide mutable access to the inner value. However, the method accidentally made it possible to change the address of the object being modified, which usually isn't what we want. (And when we want that, it can be done by calling `from_foreign` and `into_foreign`, like how the old `borrow_mut` was implemented.) In this patch, we introduce an alternate definition of `borrow_mut` that solves the previous problem. Conceptually, given a pointer type `P` that implements `ForeignOwnable`, the `borrow_mut` method gives you the same kind of access as an `&mut P` would, except that it does not let you change the pointer `P` itself. This is analogous to how the existing `borrow` method provides the same kind of access to the inner value as an `&P`. Note that for types like `Arc`, having an `&mut Arc` only gives you immutable access to the inner `T`. This is because mutable references assume exclusive access, but there might be other handles to the same reference counted value, so the access isn't exclusive. The `Arc` type implements this by making `borrow_mut` return the same type as `borrow`. Signed-off-by: Alice Ryhl Reviewed-by: Boqun Feng Reviewed-by: Benno Lossin Reviewed-by: Martin Rodriguez Reboredo Signed-off-by: Tamir Duberstein Reviewed-by: Andreas Hindborg --- rust/kernel/alloc/kbox.rs | 21 ++++++++++++++ rust/kernel/sync/arc.rs | 7 +++++ rust/kernel/types.rs | 71 ++++++++++++++++++++++++++++++++++++++-----= ---- 3 files changed, 86 insertions(+), 13 deletions(-) diff --git a/rust/kernel/alloc/kbox.rs b/rust/kernel/alloc/kbox.rs index 99d0fc0148bb8779e5a769a6e74291ef8101bf77..c7edcd970fe6abe2afce5364a5f= 6c565452da85e 100644 --- a/rust/kernel/alloc/kbox.rs +++ b/rust/kernel/alloc/kbox.rs @@ -354,6 +354,7 @@ impl ForeignOwnable for Box A: Allocator, { type Borrowed<'a> =3D &'a T; + type BorrowedMut<'a> =3D &'a mut T; =20 fn into_foreign(self) -> *mut core::ffi::c_void { Box::into_raw(self).cast() @@ -370,6 +371,13 @@ unsafe fn borrow<'a>(ptr: *mut core::ffi::c_void) -> &= 'a T { // immutable for the duration of 'a. unsafe { &*ptr.cast() } } + + unsafe fn borrow_mut<'a>(ptr: *mut core::ffi::c_void) -> &'a mut T { + let ptr =3D ptr.cast(); + // SAFETY: The safety requirements of this method ensure that the = pointer is valid and that + // nothing else will access the value for the duration of 'a. + unsafe { &mut *ptr } + } } =20 impl ForeignOwnable for Pin> @@ -377,6 +385,7 @@ impl ForeignOwnable for Pin> A: Allocator, { type Borrowed<'a> =3D Pin<&'a T>; + type BorrowedMut<'a> =3D Pin<&'a mut T>; =20 fn into_foreign(self) -> *mut core::ffi::c_void { // SAFETY: We are still treating the box as pinned. @@ -399,6 +408,18 @@ unsafe fn borrow<'a>(ptr: *mut core::ffi::c_void) -> P= in<&'a T> { // SAFETY: This pointer originates from a `Pin>`. unsafe { Pin::new_unchecked(r) } } + + unsafe fn borrow_mut<'a>(ptr: *mut core::ffi::c_void) -> Pin<&'a mut T= > { + let ptr =3D ptr.cast(); + // SAFETY: The safety requirements for this function ensure that t= he object is still alive, + // so it is safe to dereference the raw pointer. + // The safety requirements of `from_foreign` also ensure that the = object remains alive for + // the lifetime of the returned value. + let r =3D unsafe { &mut *ptr }; + + // SAFETY: This pointer originates from a `Pin>`. + unsafe { Pin::new_unchecked(r) } + } } =20 impl Deref for Box diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index 3c779b343aa8c396d2d4b7efdbc0f1ef524a0f1c..8a0f44da8f732afca6009a078e9= 0bd7a14034240 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -332,6 +332,7 @@ pub fn into_unique_or_drop(self) -> Option>> { =20 impl ForeignOwnable for Arc { type Borrowed<'a> =3D ArcBorrow<'a, T>; + type BorrowedMut<'a> =3D Self::Borrowed<'a>; =20 fn into_foreign(self) -> *mut core::ffi::c_void { ManuallyDrop::new(self).ptr.as_ptr().cast() @@ -357,6 +358,12 @@ unsafe fn borrow<'a>(ptr: *mut core::ffi::c_void) -> A= rcBorrow<'a, T> { // for the lifetime of the returned value. unsafe { ArcBorrow::new(inner) } } + + unsafe fn borrow_mut<'a>(ptr: *mut core::ffi::c_void) -> ArcBorrow<'a,= T> { + // SAFETY: The safety requirements for `borrow_mut` are a superset= of the safety + // requirements for `borrow`. + unsafe { Self::borrow(ptr) } + } } =20 impl Deref for Arc { diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs index b8f3594737401a3df841f30a20c4bd85743853ef..c74223579111fe36c7c7cd135ba= 95f25f0b33fab 100644 --- a/rust/kernel/types.rs +++ b/rust/kernel/types.rs @@ -19,26 +19,33 @@ /// This trait is meant to be used in cases when Rust objects are stored i= n C objects and /// eventually "freed" back to Rust. pub trait ForeignOwnable: Sized { - /// Type of values borrowed between calls to [`ForeignOwnable::into_fo= reign`] and - /// [`ForeignOwnable::from_foreign`]. + /// Type used to immutably borrow a value that is currently foreign-ow= ned. type Borrowed<'a>; =20 + /// Type used to mutably borrow a value that is currently foreign-owne= d. + type BorrowedMut<'a>; + /// Converts a Rust-owned object to a foreign-owned one. /// /// The foreign representation is a pointer to void. There are no guar= antees for this pointer. /// For example, it might be invalid, dangling or pointing to uninitia= lized memory. Using it in - /// any way except for [`ForeignOwnable::from_foreign`], [`ForeignOwna= ble::borrow`], - /// [`ForeignOwnable::try_from_foreign`] can result in undefined behav= ior. + /// any way except for [`from_foreign`], [`try_from_foreign`], [`borro= w`], or [`borrow_mut`] can + /// result in undefined behavior. + /// + /// [`from_foreign`]: Self::from_foreign + /// [`try_from_foreign`]: Self::try_from_foreign + /// [`borrow`]: Self::borrow + /// [`borrow_mut`]: Self::borrow_mut fn into_foreign(self) -> *mut core::ffi::c_void; =20 /// Converts a foreign-owned object back to a Rust-owned one. /// /// # Safety /// - /// `ptr` must have been returned by a previous call to [`ForeignOwnab= le::into_foreign`] for - /// which a previous matching [`ForeignOwnable::from_foreign`] hasn't = been called yet. - /// Additionally, all instances (if any) of values returned by [`Forei= gnOwnable::borrow`] for - /// this object must have been dropped. + /// The provided pointer must have been returned by a previous call to= [`into_foreign`], and it + /// must not be passed to `from_foreign` more than once. + /// + /// [`into_foreign`]: Self::into_foreign unsafe fn from_foreign(ptr: *mut core::ffi::c_void) -> Self; =20 /// Tries to convert a foreign-owned object back to a Rust-owned one. @@ -48,8 +55,9 @@ pub trait ForeignOwnable: Sized { /// /// # Safety /// - /// `ptr` must either be null or satisfy the safety requirements for - /// [`ForeignOwnable::from_foreign`]. + /// `ptr` must either be null or satisfy the safety requirements for [= `from_foreign`]. + /// + /// [`from_foreign`]: Self::from_foreign unsafe fn try_from_foreign(ptr: *mut core::ffi::c_void) -> Option { if ptr.is_null() { None @@ -60,17 +68,53 @@ unsafe fn try_from_foreign(ptr: *mut core::ffi::c_void)= -> Option { } } =20 - /// Borrows a foreign-owned object. + /// Borrows a foreign-owned object immutably. + /// + /// This method provides a way to access a foreign-owned value from Ru= st immutably. It provides + /// you with exactly the same abilities as an `&Self` when the value i= s Rust-owned. /// /// # Safety /// - /// `ptr` must have been returned by a previous call to [`ForeignOwnab= le::into_foreign`] for - /// which a previous matching [`ForeignOwnable::from_foreign`] hasn't = been called yet. + /// The provided pointer must have been returned by a previous call to= [`into_foreign`], and if + /// the pointer is ever passed to [`from_foreign`], then that call mus= t happen after the end of + /// the lifetime 'a. + /// + /// [`into_foreign`]: Self::into_foreign + /// [`from_foreign`]: Self::from_foreign unsafe fn borrow<'a>(ptr: *mut core::ffi::c_void) -> Self::Borrowed<'a= >; + + /// Borrows a foreign-owned object mutably. + /// + /// This method provides a way to access a foreign-owned value from Ru= st mutably. It provides + /// you with exactly the same abilities as an `&mut Self` when the val= ue is Rust-owned, except + /// that the address of the object must not be changed. + /// + /// Note that for types like [`Arc`], an `&mut Arc` only gives you = immutable access to the + /// inner value, so this method also only provides immutable access in= that case. + /// + /// In the case of `Box`, this method gives you the ability to modi= fy the inner `T`, but it + /// does not let you change the box itself. That is, you cannot change= which allocation the box + /// points at. + /// + /// # Safety + /// + /// The provided pointer must have been returned by a previous call to= [`into_foreign`], and if + /// the pointer is ever passed to [`from_foreign`], then that call mus= t happen after the end of + /// the lifetime 'a. + /// + /// The lifetime 'a must not overlap with the lifetime of any other ca= ll to [`borrow`] or + /// `borrow_mut` on the same object. + /// + /// [`into_foreign`]: Self::into_foreign + /// [`from_foreign`]: Self::from_foreign + /// [`borrow`]: Self::borrow + /// [`Arc`]: crate::sync::Arc + unsafe fn borrow_mut<'a>(ptr: *mut core::ffi::c_void) -> Self::Borrowe= dMut<'a>; } =20 impl ForeignOwnable for () { type Borrowed<'a> =3D (); + type BorrowedMut<'a> =3D (); =20 fn into_foreign(self) -> *mut core::ffi::c_void { core::ptr::NonNull::dangling().as_ptr() @@ -79,6 +123,7 @@ fn into_foreign(self) -> *mut core::ffi::c_void { unsafe fn from_foreign(_: *mut core::ffi::c_void) -> Self {} =20 unsafe fn borrow<'a>(_: *mut core::ffi::c_void) -> Self::Borrowed<'a> = {} + unsafe fn borrow_mut<'a>(_: *mut core::ffi::c_void) -> Self::BorrowedM= ut<'a> {} } =20 /// Runs a cleanup function/closure when dropped. --=20 2.47.0