From nobody Fri Nov 22 16:33:14 2024 Received: from mail-qk1-f176.google.com (mail-qk1-f176.google.com [209.85.222.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8F8421D5AD3; Fri, 15 Nov 2024 16:00:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731686454; cv=none; b=n16SKroR5O4kcf1PVI5y06Lycudx5dr6nSq7lEsr1QY21x1jBeQ+K23F5/7cIfBNBOYfXhbuyKifh9PCZYhcqbqhYvmcD+7MVEIu1clK4aTlLTEVojZx6awHot5DsJ3v6IZMuDNtET6H64GfNaUSyzMIOAD0f9yoSDGK+2pzsgo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731686454; c=relaxed/simple; bh=vAXIWL5Tm5HEkpTkeRvs/PY9xzGMkmxPQXPP5BPzwao=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=PMHorWw2/ZYaWBv7cJNlLvi6Uq5QBWOmxfo4jVohIXk2kR/D7nWXUOXveGw5YYyhbfCpdv4ZgFIQlbHDF+CsPOOVRPEFZu1TT2oLzuks3Xlvvw3F54OEdO4WuxBks1bkutCalj2K/E3QlGUQSrTWEy+/lHeU/wi23W4KLfidzfE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=VTGY3sj/; arc=none smtp.client-ip=209.85.222.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="VTGY3sj/" Received: by mail-qk1-f176.google.com with SMTP id af79cd13be357-7b161fa1c7bso105887685a.0; Fri, 15 Nov 2024 08:00:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1731686451; x=1732291251; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=X50QSvdQW6opJ3/PyTKFvmBHXrn62CTGlZAsB4b1Dnk=; b=VTGY3sj/VYhKkqmHO4NENmAxsMd32mnC+j2A9hVZLHJUAHrKYM4h06giH8z6FKlnMq zTLKAAPtHIYMMOX2XGOjRoym+LqcI1L1iUfbxJg2SR5O2Xx/xCUVCQ7qhWELdIfyPv0A t/ACxtKY1awhi8B4M9l2QMgB5vJCYqKLc07nqQZtmQOb0qLvTfLwh83c/fnQD9zV6Y+Z 3KfzCy26OFjEnL2T/H5NUzrCo4VIZ3bAoIfTztBiQvs1M0wEyI6WRCauht4x8+suSc2z K8ov0S3Kc90F6aHu87k9TPAl/9cETbKIlZjsrqBRvpgQV6r9maOU8fW+n1d+T+cRC7aY A0Mw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731686451; x=1732291251; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=X50QSvdQW6opJ3/PyTKFvmBHXrn62CTGlZAsB4b1Dnk=; b=uqOdkQym2hDybJFA2i6I6+e4jPELOeekycImaeRnuuCv1Wxp4qKTWztR4UyCKoGndV ElqVJNJ23OFe5856SWAAvbxmdgutvcmGbZxNK5Z/j3QVPAsbKA8PYz3GEhPKIp+BUatO e1xxYPV8O3lIrr2ryfhiTote71S6E7M5kMr7NOpeOZIqcE5J+ZnPIiiVlQ7GCLTUNKkV VDuHZUu799hJxkvs4U9Ifgg9Q/ehXrYLssXmmaj5Cylf/szkrSDPp9vykwAJFAJ0Wlvq DxtuYD0bl0ESf8LWx4FOZFBALTIElzFqWa2aOLelutgUxS1tmdSIjEmPKcVnXdObvikg VFYg== X-Forwarded-Encrypted: i=1; AJvYcCWlGudwFeEWBm7F/zaKS34f45PWS+tEDGNhqTRA7AmI92SuqA3+TjpJjVJFI2hFVrTRz3TZ2CJZ8NyqwrA=@vger.kernel.org X-Gm-Message-State: AOJu0Yy09rWQmw2eJ9fvTE99nRwcrUQxDPNvUqr1/9DYx4H6bXj3T1jM Z7LdVb1V/NjY4Q6ITXetW5e3DpaFLz7pjGM0H81Wl8ZWotPygrGmyFQx6iKw X-Google-Smtp-Source: AGHT+IEG++nyV1g12pFTNgO4j1BHuK1yqdxwRxHnI+K6/3Eg7wV2UuiAfVTQPM3kCfSQ3n/Gcprf2w== X-Received: by 2002:a05:620a:4594:b0:7b1:5f49:6bf7 with SMTP id af79cd13be357-7b3623718e1mr384988785a.56.1731686450038; Fri, 15 Nov 2024 08:00:50 -0800 (PST) Received: from 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa ([2600:4041:5be7:7c00:edce:cf6f:2815:775e]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7b35c984576sm171108785a.25.2024.11.15.08.00.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Nov 2024 08:00:49 -0800 (PST) From: Tamir Duberstein Date: Fri, 15 Nov 2024 11:00:44 -0500 Subject: [PATCH v5 1/6] rust: arc: use `NonNull::new_unchecked` Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20241115-borrow-mut-v5-1-86204b249667@gmail.com> References: <20241115-borrow-mut-v5-0-86204b249667@gmail.com> In-Reply-To: <20241115-borrow-mut-v5-0-86204b249667@gmail.com> To: Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, Tamir Duberstein X-Mailer: b4 0.15-dev There is no need to check (and panic on violations of) the safety requirements on `ForeignOwnable` functions. Avoiding the check is consistent with the implementation of `ForeignOwnable` for `Box`. Reviewed-by: Alice Ryhl Reviewed-by: Andreas Hindborg Signed-off-by: Tamir Duberstein --- rust/kernel/sync/arc.rs | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index fa4509406ee909ca0677b78d5ece966089ce6366..b4e492dd712137c7c39e3de3d39= c0c833944828c 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -337,9 +337,9 @@ fn into_foreign(self) -> *const crate::ffi::c_void { } =20 unsafe fn borrow<'a>(ptr: *const crate::ffi::c_void) -> ArcBorrow<'a, = T> { - // By the safety requirement of this function, we know that `ptr` = came from - // a previous call to `Arc::into_foreign`. - let inner =3D NonNull::new(ptr as *mut ArcInner).unwrap(); + // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous + // call to `Self::into_foreign`. + let inner =3D unsafe { NonNull::new_unchecked(ptr as *mut ArcInner= ) }; =20 // SAFETY: The safety requirements of `from_foreign` ensure that t= he object remains alive // for the lifetime of the returned value. @@ -347,10 +347,14 @@ unsafe fn borrow<'a>(ptr: *const crate::ffi::c_void) = -> ArcBorrow<'a, T> { } =20 unsafe fn from_foreign(ptr: *const crate::ffi::c_void) -> Self { + // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous + // call to `Self::into_foreign`. + let inner =3D unsafe { NonNull::new_unchecked(ptr as *mut ArcInner= ) }; + // SAFETY: By the safety requirement of this function, we know tha= t `ptr` came from // a previous call to `Arc::into_foreign`, which guarantees that `= ptr` is valid and // holds a reference count increment that is transferrable to us. - unsafe { Self::from_inner(NonNull::new(ptr as _).unwrap()) } + unsafe { Self::from_inner(inner) } } } =20 --=20 2.47.0 From nobody Fri Nov 22 16:33:14 2024 Received: from mail-qk1-f173.google.com (mail-qk1-f173.google.com [209.85.222.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BDED11D63CF; Fri, 15 Nov 2024 16:00:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731686455; cv=none; b=hx1Sapb7qDx25qQCtpzRtKjd2mKIRdhEcnrVstfPgy6oHFSSGE0b3wmnLtpnt4F7gxlcDZfB2TrrTHTXI2uMtxyRuIxw+0hPQdBg2jCCFc/xMl9qv4Aol3xvoWgYMwFfeHsPxPT0R3e5SC9zjS0TckgKm38U+sjGRebCUBJoLZ0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731686455; c=relaxed/simple; bh=zqqeVLO2qNcpbmAl6URmXHfYvsjiUsA8EfKduPUx/w4=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ApLFkz8vdkmU7OdJwfmHgyvl4WoH4VmAuIpIbFqLtHiDtc3enJSGmGnNYRypP4A/G/ecx43IOh0YPDsJgtxfdvfDdHR2x7x3v6D90I9eUyYmOyWxzAeDY5KZXGEDgtw3SI/lH9P3tRwc4cYAs4q7nZ2wf5AYfmZiXPHwkw32BSI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=c5zTv5L6; arc=none smtp.client-ip=209.85.222.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="c5zTv5L6" Received: by mail-qk1-f173.google.com with SMTP id af79cd13be357-7b35b1ca0c2so206341185a.0; Fri, 15 Nov 2024 08:00:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1731686453; x=1732291253; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=mgZJqR6zDxqZPtY0MpN8/3DWRajRDw9cKKhSk/KNZmI=; b=c5zTv5L6E2ejrajb2PNOTpahDm6czRoOeFlDhHS3KKiPLD5+7olm5eM6Ye4wkJg1I7 PMrtv/o42fz846OiIClyR1IQHhlN32xBP8LeG/IoUgOO0UIRCWsCnKQ2W6AsW2SYquZq hM4OybDVEAA4HIPQEW33tAB92HXu3Sv8pA2qZtIZFnAnBc4vJzYr7LrU5/qKXZHLsvrX jHxAuI4pM2pG7DUu5k1QZ+vy1pgv2O58BRxLA7wo/YRPA+Q2xHK2yeAMOZUAF1PvRRmz BKtRc31U4KJ7zzQR0IyDDCFh0XNsY9GsOfSVnRypxpwYu9eWgFjjSCSDSmGmvbji6taj ItTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731686453; x=1732291253; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mgZJqR6zDxqZPtY0MpN8/3DWRajRDw9cKKhSk/KNZmI=; b=PjkPuksAA6qmtwT+KrcO+kM3a5RrgA3/3lb1wpEeGlE6ZTVx+Dl279osSOk3sujq9b n+IJ4eHLLiCYQ9QOYXpOhnYgPNLNKE4FSnYqurzD5p7k+QauELciKFlZ0hVSDGCDpcT9 A2uT3oru7Ykyc3qZlgTsCklaOtzzIqZ2HKXcqjL+L884IqoSrW6gzRXtfK5rDTKzoavu nSL/EOejg+52EoDYLyZz2hFuu+3umTsFvTfDz7eSvN6lT9dyjqhHL+mQiWJbNs2TAU/x RWLPYQXfmoI0k4HMnypxAYgGwnthI/XbySxdVcbpy2vk//omEqwbast8udP2lJun59uq GjHw== X-Forwarded-Encrypted: i=1; AJvYcCXOLuul51C8JF1NtJY7shCrBGUET+w60MIQsZR5zoqbgrtJH55rBZBDsaQ5gl9ApuJGW0REfNtkKq3Bk+A=@vger.kernel.org X-Gm-Message-State: AOJu0YxsfzxcwyDl+HMjxU4GjwquuApcJNeOE/ThgJnmbREFnZK8arjA cdCemBuroxKcxnxH3ei0Nyb3OM4ajAMu4Je40R83eFoZaCmpnMQ/ X-Google-Smtp-Source: AGHT+IFj8nJX3PEH0JvUZxiPEDPISwsk/z2HiCDUTWD20Ice8QWc6PiPAvSySlqvkc4AGHrPuHLJpQ== X-Received: by 2002:a05:620a:280e:b0:7b1:1216:ef33 with SMTP id af79cd13be357-7b35a47ddc1mr1316516885a.7.1731686451084; Fri, 15 Nov 2024 08:00:51 -0800 (PST) Received: from 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa ([2600:4041:5be7:7c00:edce:cf6f:2815:775e]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7b35c984576sm171108785a.25.2024.11.15.08.00.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Nov 2024 08:00:50 -0800 (PST) From: Tamir Duberstein Date: Fri, 15 Nov 2024 11:00:45 -0500 Subject: [PATCH v5 2/6] rust: types: avoid `as` casts Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20241115-borrow-mut-v5-2-86204b249667@gmail.com> References: <20241115-borrow-mut-v5-0-86204b249667@gmail.com> In-Reply-To: <20241115-borrow-mut-v5-0-86204b249667@gmail.com> To: Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, Tamir Duberstein X-Mailer: b4 0.15-dev Replace `as` casts with `cast{,_mut}` calls which are a bit safer. In one instance, remove an unnecessary `as` cast without replacement. Reviewed-by: Alice Ryhl Reviewed-by: Andreas Hindborg Signed-off-by: Tamir Duberstein --- rust/kernel/alloc/kbox.rs | 8 ++++---- rust/kernel/sync/arc.rs | 9 +++++---- rust/kernel/types.rs | 2 +- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/rust/kernel/alloc/kbox.rs b/rust/kernel/alloc/kbox.rs index 9ce414361c2c6dd8eea09b11041f6c307cbc7864..3f0b04609bd487e3f50247f9f1a= bd5394b749c7e 100644 --- a/rust/kernel/alloc/kbox.rs +++ b/rust/kernel/alloc/kbox.rs @@ -356,13 +356,13 @@ impl ForeignOwnable for Box type Borrowed<'a> =3D &'a T; =20 fn into_foreign(self) -> *const crate::ffi::c_void { - Box::into_raw(self) as _ + Box::into_raw(self).cast() } =20 unsafe fn from_foreign(ptr: *const crate::ffi::c_void) -> Self { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. - unsafe { Box::from_raw(ptr as _) } + unsafe { Box::from_raw(ptr.cast_mut().cast()) } } =20 unsafe fn borrow<'a>(ptr: *const crate::ffi::c_void) -> &'a T { @@ -380,13 +380,13 @@ impl ForeignOwnable for Pin> =20 fn into_foreign(self) -> *const crate::ffi::c_void { // SAFETY: We are still treating the box as pinned. - Box::into_raw(unsafe { Pin::into_inner_unchecked(self) }) as _ + Box::into_raw(unsafe { Pin::into_inner_unchecked(self) }).cast() } =20 unsafe fn from_foreign(ptr: *const crate::ffi::c_void) -> Self { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. - unsafe { Pin::new_unchecked(Box::from_raw(ptr as _)) } + unsafe { Pin::new_unchecked(Box::from_raw(ptr.cast_mut().cast())) } } =20 unsafe fn borrow<'a>(ptr: *const crate::ffi::c_void) -> Pin<&'a T> { diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index b4e492dd712137c7c39e3de3d39c0c833944828c..50645660a9c33cb121ee1b24690= 03b325000d840 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -201,10 +201,11 @@ pub fn new(contents: T, flags: Flags) -> Result { }; =20 let inner =3D KBox::new(value, flags)?; + let inner =3D KBox::leak(inner).into(); =20 // SAFETY: We just created `inner` with a reference count of 1, wh= ich is owned by the new // `Arc` object. - Ok(unsafe { Self::from_inner(KBox::leak(inner).into()) }) + Ok(unsafe { Self::from_inner(inner) }) } } =20 @@ -333,13 +334,13 @@ impl ForeignOwnable for Arc { type Borrowed<'a> =3D ArcBorrow<'a, T>; =20 fn into_foreign(self) -> *const crate::ffi::c_void { - ManuallyDrop::new(self).ptr.as_ptr() as _ + ManuallyDrop::new(self).ptr.as_ptr().cast() } =20 unsafe fn borrow<'a>(ptr: *const crate::ffi::c_void) -> ArcBorrow<'a, = T> { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. - let inner =3D unsafe { NonNull::new_unchecked(ptr as *mut ArcInner= ) }; + let inner =3D unsafe { NonNull::new_unchecked(ptr.cast_mut().cast:= :>()) }; =20 // SAFETY: The safety requirements of `from_foreign` ensure that t= he object remains alive // for the lifetime of the returned value. @@ -349,7 +350,7 @@ unsafe fn borrow<'a>(ptr: *const crate::ffi::c_void) ->= ArcBorrow<'a, T> { unsafe fn from_foreign(ptr: *const crate::ffi::c_void) -> Self { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. - let inner =3D unsafe { NonNull::new_unchecked(ptr as *mut ArcInner= ) }; + let inner =3D unsafe { NonNull::new_unchecked(ptr.cast_mut().cast:= :>()) }; =20 // SAFETY: By the safety requirement of this function, we know tha= t `ptr` came from // a previous call to `Arc::into_foreign`, which guarantees that `= ptr` is valid and diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs index a7eaa29f08a40a0f46d616c5b6aab8f9897a0f62..f51d965c54ced5d6653b7d3f8f2= 9fb206a5ad2b6 100644 --- a/rust/kernel/types.rs +++ b/rust/kernel/types.rs @@ -418,7 +418,7 @@ pub unsafe fn from_raw(ptr: NonNull) -> Self { /// } /// /// let mut data =3D Empty {}; - /// let ptr =3D NonNull::::new(&mut data as *mut _).unwrap(); + /// let ptr =3D NonNull::::new(&mut data).unwrap(); /// # // SAFETY: TODO. /// let data_ref: ARef =3D unsafe { ARef::from_raw(ptr) }; /// let raw_ptr: NonNull =3D ARef::into_raw(data_ref); --=20 2.47.0 From nobody Fri Nov 22 16:33:14 2024 Received: from mail-qk1-f177.google.com (mail-qk1-f177.google.com [209.85.222.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C4C541D88D7; Fri, 15 Nov 2024 16:00:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731686457; cv=none; b=g4EqYrrVjMmT/nIXNQATiLX8+HgpugnN3BcXSMfXNiky6+CjqsT5CvR3uabB8pjred5VkeLsEepV4piQW+GApwImfkkpzrcx0oUfZjNrOK30/PFLePm1mIaNd5Fu43ky0cKlZlEFHWGo6xssw68OcHPpqz356+oSBc+qV1M+V+8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731686457; c=relaxed/simple; bh=akhMarqEAGs2r0ixu78494NfI3AtdtjayQYRt4CjG88=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=DDt5fGT2CmS/CDHlqR3opfu4qgu+zLznjLXpk5LxafZjoWgreuwoY3Fe6qJMiGgJrL2wfIMjjPt0hSxViiEPzl+m0vLW/OYL7EWyVeD6W/7DW515ACJ5XihNaflX1t/A0l+Q10COuw7eVR6eGRhphC0ZbD5EvEK/AxkfO7zPD7U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=RVHJfBaz; arc=none smtp.client-ip=209.85.222.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="RVHJfBaz" Received: by mail-qk1-f177.google.com with SMTP id af79cd13be357-7b15eadee87so61821785a.2; Fri, 15 Nov 2024 08:00:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1731686455; x=1732291255; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=5PwKabn9mlzVsv9jDUI6+PuwLrpvjcn+d7aup2iIUyE=; b=RVHJfBazZjOFWCVjS36lLyKHFHCx4Hodz3/c59b9dlI4zdVXMqFkNHK9YREJj4b1uS hf6gK/dRgR9lBXDr/rJUTkhcusFIHYyKp36KwemdItR0qdPwNY4XYwITNNjfwr0GtJPP lxQ2TUfhkdMUoSYbMsl9ZAr2/TG1ycS7OfO5mXVRNH3FjHuZSm9M0oo03plZUksaLshp 6qBNepFbPaZqj1VceCgyT9uotgT4YGTVnpwN8S3FzGQsnDOk4hVfZBXS/7Fe4DpssktZ 4M3f8eH/aJMP7XDb+OGsFUITHBIF0TsgM21QNNXtPK4yIwDuKuHNE35T/KiyFbuEOUi4 nr6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731686455; x=1732291255; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5PwKabn9mlzVsv9jDUI6+PuwLrpvjcn+d7aup2iIUyE=; b=in9zGL/Cz5YPTsypdc3NMlceiuF7HBDLk6/+1AxQCvuqhfA7rK1mSYmgDvCkargrg9 wGPT+YOif2jwe7rDW/vJ0H57fbEQ2AyPk7qL4PZ0dPSdu9TaJ4DXMIjfokbJmXpp1G3R 10efx5SsRA8dYPBweAUsDIWFMl/E83Ptk9HhDrzNN9SM6x0z0aqq9D8c2TWkGSEf4dwr Hf2UO7M/A0+1LDDW4MSu+G0YMSBexwXOHocN+ny8TpjiEN3blisJWx3YhsxgYnZEGWTm l/8wcThhXqoqqrVsBmwQjmzkRLrfeHz1TZeeqrDVMPsJGiFXUqnTMIvYfaqhN6kal7jK tt/w== X-Forwarded-Encrypted: i=1; AJvYcCXU3Y8UkBURxAtLKytriFZyQzRmcuk+AmCaqTVAVM5XoE0VKFQ1YktCB1n4QAGMfQPIAyNEL3xCSTAtWiA=@vger.kernel.org X-Gm-Message-State: AOJu0YxgpT3G07ErBdtbimrmDtotR8FE6rbcU3EymCFnzsHUvL/NZLLb 3ffj84hpxOXpRsXklDCcBErqK6H1L52WSQ10GoReaHVos88wfOlR X-Google-Smtp-Source: AGHT+IGGtij8MAipt9Wpbx1uiowQ/EDmNiw2rUXf3eZKNRpo+/YfWCyerO7sNMGBBdtsKI3P/TlSNg== X-Received: by 2002:a05:620a:1aa8:b0:7b1:4605:29c6 with SMTP id af79cd13be357-7b362397b60mr382506685a.62.1731686453189; Fri, 15 Nov 2024 08:00:53 -0800 (PST) Received: from 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa ([2600:4041:5be7:7c00:edce:cf6f:2815:775e]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7b35c984576sm171108785a.25.2024.11.15.08.00.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Nov 2024 08:00:52 -0800 (PST) From: Tamir Duberstein Date: Fri, 15 Nov 2024 11:00:46 -0500 Subject: [PATCH v5 3/6] rust: arc: split unsafe block, add missing comment Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20241115-borrow-mut-v5-3-86204b249667@gmail.com> References: <20241115-borrow-mut-v5-0-86204b249667@gmail.com> In-Reply-To: <20241115-borrow-mut-v5-0-86204b249667@gmail.com> To: Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, Tamir Duberstein X-Mailer: b4 0.15-dev The new SAFETY comment style is taken from existing comments in `deref` and `drop. Reviewed-by: Alice Ryhl Reviewed-by: Andreas Hindborg Signed-off-by: Tamir Duberstein --- rust/kernel/sync/arc.rs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index 50645660a9c33cb121ee1b2469003b325000d840..a11f267ce5d40b987f1f3c45927= 1e5317ea0bae8 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -377,10 +377,14 @@ fn as_ref(&self) -> &T { =20 impl Clone for Arc { fn clone(&self) -> Self { + // SAFETY: By the type invariant, there is necessarily a reference= to the object, so it is + // safe to dereference it. + let refcount =3D unsafe { self.ptr.as_ref() }.refcount.get(); + // INVARIANT: C `refcount_inc` saturates the refcount, so it canno= t overflow to zero. // SAFETY: By the type invariant, there is necessarily a reference= to the object, so it is // safe to increment the refcount. - unsafe { bindings::refcount_inc(self.ptr.as_ref().refcount.get()) = }; + unsafe { bindings::refcount_inc(refcount) }; =20 // SAFETY: We just incremented the refcount. This increment is now= owned by the new `Arc`. unsafe { Self::from_inner(self.ptr) } --=20 2.47.0 From nobody Fri Nov 22 16:33:14 2024 Received: from mail-qv1-f48.google.com (mail-qv1-f48.google.com [209.85.219.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 608AE1D63FC; Fri, 15 Nov 2024 16:00:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.48 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731686457; cv=none; b=hLeGLJd/4e5oSr45OYB4mAiyKMYOR77Ip3mi91msoyKcFg9xS6etOhBZLzDkSyqxPGtmx3+NB/i7eUJQbTA9ZDnvIhiM4jAU5SP6Zz3Xb/3nzlNiYJVd7qvk2StYg5cY/IGLiww48h5gKKyJbxVG0bYLOJQrASnweiYIoixwaBM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731686457; c=relaxed/simple; bh=HNy+9nUqOcFliTBXO2gfEmlBwkeMaQCGKYGJHlnZAFI=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Y3N8EbvDCrZgTSJVcjoicVkFNzool1GCle6ux97DEWHSq67wJT3lPZokbCMczXvvARBOiYl8p9+pNkWrJhp3nat7vsyniGV6696WPqzVxjp78Yu/H/nI/dAbGRbFtDwHA6+PsfHFlyulLiim35THmmLh5+kROZ9vlA+EFKCIX5o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Xw1HeUph; arc=none smtp.client-ip=209.85.219.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Xw1HeUph" Received: by mail-qv1-f48.google.com with SMTP id 6a1803df08f44-6d3e9e854b8so17740916d6.1; Fri, 15 Nov 2024 08:00:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1731686454; x=1732291254; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=K8RL6IVuwbU3Nzq4s8WpDXT1DA1rRZrDISccJYcmcYQ=; b=Xw1HeUphOpVmfqhW2LlXBi+TdfI7fPdM0UURUEhGLERVFnqI+zj7DqoxE+UkdHJ/RH iNUH/IZDPVKBguGZ6CYft7aGZ3y5JbQ6J0TsrFdGEBDmci+HiC/Bwxb+SUksocwF31rE s67kA5NojDFmPORSnYx5DrQVGxOyUssaF/I9W+nm/LsSng0HM1oUbob4utnDMOb64TWB 3cSPB4BRnVDEjMiyFrC3nxG6g8RK93mB8hAGfH8aogoJ1ptcd3PeIGQIN2N+SBvd59oN w/hxHq/js3Nax5vILAOlg3BRYd3qut1V4hG7CwX3Ua8vor14Xk4msvQ0m1WDZXBBSiRF zUXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731686454; x=1732291254; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=K8RL6IVuwbU3Nzq4s8WpDXT1DA1rRZrDISccJYcmcYQ=; b=Baw4owioRKx+SYLvix9ocUQBfO93dZPZyrNm92ddBraOY5zFUZ/eLAvMLdf4bzhcEC GVG8u+GSxIfi5kaZhRhBm/MejYZmtau7cAcTLt0+gJ/1yxQb6tRZ8PS35AIXZ+zSEU6Z W+3VrSP2N4WG2d0iIi7EtqV0ZuOv9LQFXkgXFUSE0MJxlGpcv6liQ5ZKGWs4YcFsiPch NYKhfHGf/BtZG99zLlqdzScYgimjMCOghvVLIDGwDRs392mE5C7pU660acQutY8I9aMX b1vyAsr535CBKkunry8qa9PsxYYn+wjz24mE6iaPBY4md7O93rPQG03c8F7fDVn2ekCy ymZg== X-Forwarded-Encrypted: i=1; AJvYcCW4kNcaloTofVZjkMfEUy5wjv1aMgeIN9EXdVItusUkVCQ/JCgd/tzSCpumkxZ3RujhDl+NuoV7iwob4TI=@vger.kernel.org X-Gm-Message-State: AOJu0YwBRbiaEX+eOp8gUsLlkmCIgTmWo3lg6Fd7yvn2RPlIzPG83C/o glfePdQI2EkNab77NubjnWdKtJag+23o6jd/awpruB2XNfcWmhTL X-Google-Smtp-Source: AGHT+IF9kEAzxcPhzWOt1ayU20i6D0IVqA/Wg13JazP8oSyHkVpsqyDZVwzmdCNXYq847983HlmHyw== X-Received: by 2002:a05:6214:ac1:b0:6c3:6344:d4e1 with SMTP id 6a1803df08f44-6d3e9099ec9mr129398346d6.20.1731686454319; Fri, 15 Nov 2024 08:00:54 -0800 (PST) Received: from 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa ([2600:4041:5be7:7c00:edce:cf6f:2815:775e]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7b35c984576sm171108785a.25.2024.11.15.08.00.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Nov 2024 08:00:53 -0800 (PST) From: Tamir Duberstein Date: Fri, 15 Nov 2024 11:00:47 -0500 Subject: [PATCH v5 4/6] rust: change `ForeignOwnable` pointer to mut Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20241115-borrow-mut-v5-4-86204b249667@gmail.com> References: <20241115-borrow-mut-v5-0-86204b249667@gmail.com> In-Reply-To: <20241115-borrow-mut-v5-0-86204b249667@gmail.com> To: Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, Tamir Duberstein X-Mailer: b4 0.15-dev It is slightly more convenient to operate on mut pointers, and this also properly conveys the desired ownership semantics of the trait. Reviewed-by: Alice Ryhl Reviewed-by: Andreas Hindborg Signed-off-by: Tamir Duberstein --- rust/kernel/alloc/kbox.rs | 16 ++++++++-------- rust/kernel/sync/arc.rs | 10 +++++----- rust/kernel/types.rs | 14 +++++++------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/rust/kernel/alloc/kbox.rs b/rust/kernel/alloc/kbox.rs index 3f0b04609bd487e3f50247f9f1abd5394b749c7e..e00c14053efbfb08d053e0f0b11= 247fa25d9d516 100644 --- a/rust/kernel/alloc/kbox.rs +++ b/rust/kernel/alloc/kbox.rs @@ -355,17 +355,17 @@ impl ForeignOwnable for Box { type Borrowed<'a> =3D &'a T; =20 - fn into_foreign(self) -> *const crate::ffi::c_void { + fn into_foreign(self) -> *mut crate::ffi::c_void { Box::into_raw(self).cast() } =20 - unsafe fn from_foreign(ptr: *const crate::ffi::c_void) -> Self { + unsafe fn from_foreign(ptr: *mut crate::ffi::c_void) -> Self { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. - unsafe { Box::from_raw(ptr.cast_mut().cast()) } + unsafe { Box::from_raw(ptr.cast()) } } =20 - unsafe fn borrow<'a>(ptr: *const crate::ffi::c_void) -> &'a T { + unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> &'a T { // SAFETY: The safety requirements of this method ensure that the = object remains alive and // immutable for the duration of 'a. unsafe { &*ptr.cast() } @@ -378,18 +378,18 @@ impl ForeignOwnable for Pin> { type Borrowed<'a> =3D Pin<&'a T>; =20 - fn into_foreign(self) -> *const crate::ffi::c_void { + fn into_foreign(self) -> *mut crate::ffi::c_void { // SAFETY: We are still treating the box as pinned. Box::into_raw(unsafe { Pin::into_inner_unchecked(self) }).cast() } =20 - unsafe fn from_foreign(ptr: *const crate::ffi::c_void) -> Self { + unsafe fn from_foreign(ptr: *mut crate::ffi::c_void) -> Self { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. - unsafe { Pin::new_unchecked(Box::from_raw(ptr.cast_mut().cast())) } + unsafe { Pin::new_unchecked(Box::from_raw(ptr.cast())) } } =20 - unsafe fn borrow<'a>(ptr: *const crate::ffi::c_void) -> Pin<&'a T> { + unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> Pin<&'a T> { // SAFETY: The safety requirements for this function ensure that t= he object is still alive, // so it is safe to dereference the raw pointer. // The safety requirements of `from_foreign` also ensure that the = object remains alive for diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index a11f267ce5d40b987f1f3c459271e5317ea0bae8..01d85da799d77127fc99a9b270b= 8a7b1ef435b6f 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -333,24 +333,24 @@ pub fn into_unique_or_drop(self) -> Option>> { impl ForeignOwnable for Arc { type Borrowed<'a> =3D ArcBorrow<'a, T>; =20 - fn into_foreign(self) -> *const crate::ffi::c_void { + fn into_foreign(self) -> *mut crate::ffi::c_void { ManuallyDrop::new(self).ptr.as_ptr().cast() } =20 - unsafe fn borrow<'a>(ptr: *const crate::ffi::c_void) -> ArcBorrow<'a, = T> { + unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> ArcBorrow<'a, T>= { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. - let inner =3D unsafe { NonNull::new_unchecked(ptr.cast_mut().cast:= :>()) }; + let inner =3D unsafe { NonNull::new_unchecked(ptr.cast::>()) }; =20 // SAFETY: The safety requirements of `from_foreign` ensure that t= he object remains alive // for the lifetime of the returned value. unsafe { ArcBorrow::new(inner) } } =20 - unsafe fn from_foreign(ptr: *const crate::ffi::c_void) -> Self { + unsafe fn from_foreign(ptr: *mut crate::ffi::c_void) -> Self { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. - let inner =3D unsafe { NonNull::new_unchecked(ptr.cast_mut().cast:= :>()) }; + let inner =3D unsafe { NonNull::new_unchecked(ptr.cast::>()) }; =20 // SAFETY: By the safety requirement of this function, we know tha= t `ptr` came from // a previous call to `Arc::into_foreign`, which guarantees that `= ptr` is valid and diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs index f51d965c54ced5d6653b7d3f8f29fb206a5ad2b6..fd7685921c7c9866f963adef122= dfe45a7afd87b 100644 --- a/rust/kernel/types.rs +++ b/rust/kernel/types.rs @@ -29,7 +29,7 @@ pub trait ForeignOwnable: Sized { /// For example, it might be invalid, dangling or pointing to uninitia= lized memory. Using it in /// any way except for [`ForeignOwnable::from_foreign`], [`ForeignOwna= ble::borrow`], /// [`ForeignOwnable::try_from_foreign`] can result in undefined behav= ior. - fn into_foreign(self) -> *const crate::ffi::c_void; + fn into_foreign(self) -> *mut crate::ffi::c_void; =20 /// Borrows a foreign-owned object. /// @@ -37,7 +37,7 @@ pub trait ForeignOwnable: Sized { /// /// `ptr` must have been returned by a previous call to [`ForeignOwnab= le::into_foreign`] for /// which a previous matching [`ForeignOwnable::from_foreign`] hasn't = been called yet. - unsafe fn borrow<'a>(ptr: *const crate::ffi::c_void) -> Self::Borrowed= <'a>; + unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> Self::Borrowed<'= a>; =20 /// Converts a foreign-owned object back to a Rust-owned one. /// @@ -47,7 +47,7 @@ pub trait ForeignOwnable: Sized { /// which a previous matching [`ForeignOwnable::from_foreign`] hasn't = been called yet. /// Additionally, all instances (if any) of values returned by [`Forei= gnOwnable::borrow`] for /// this object must have been dropped. - unsafe fn from_foreign(ptr: *const crate::ffi::c_void) -> Self; + unsafe fn from_foreign(ptr: *mut crate::ffi::c_void) -> Self; =20 /// Tries to convert a foreign-owned object back to a Rust-owned one. /// @@ -58,7 +58,7 @@ pub trait ForeignOwnable: Sized { /// /// `ptr` must either be null or satisfy the safety requirements for /// [`ForeignOwnable::from_foreign`]. - unsafe fn try_from_foreign(ptr: *const crate::ffi::c_void) -> Option { + unsafe fn try_from_foreign(ptr: *mut crate::ffi::c_void) -> Option { if ptr.is_null() { None } else { @@ -72,13 +72,13 @@ unsafe fn try_from_foreign(ptr: *const crate::ffi::c_vo= id) -> Option { impl ForeignOwnable for () { type Borrowed<'a> =3D (); =20 - fn into_foreign(self) -> *const crate::ffi::c_void { + fn into_foreign(self) -> *mut crate::ffi::c_void { core::ptr::NonNull::dangling().as_ptr() } =20 - unsafe fn borrow<'a>(_: *const crate::ffi::c_void) -> Self::Borrowed<'= a> {} + unsafe fn borrow<'a>(_: *mut crate::ffi::c_void) -> Self::Borrowed<'a>= {} =20 - unsafe fn from_foreign(_: *const crate::ffi::c_void) -> Self {} + unsafe fn from_foreign(_: *mut crate::ffi::c_void) -> Self {} } =20 /// Runs a cleanup function/closure when dropped. --=20 2.47.0 From nobody Fri Nov 22 16:33:14 2024 Received: from mail-qk1-f178.google.com (mail-qk1-f178.google.com [209.85.222.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 03DF31D90A7; Fri, 15 Nov 2024 16:00:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731686458; cv=none; b=L5VN4WMsCedrs4fcAc+anGnAJy5wXAbNUZBpnEbnd96vKM5lRpVwYUKxToc8mUP7FL92FM8MiyVG+lESOm+szv43kEliHlPt+wKLpr6ZNznTQW7HnOh7Db5IH0kRtV5snBOGRo6I9yy/HCNYOYPV6rkksP/28BRPyvv/bE/IlE0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731686458; c=relaxed/simple; bh=fH92snzceKk4eLxhpIkJVtTGzy859oiwahfncz/Oy0k=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=JD9Xc8fkoL/QgGz0KgYwE9hrhweOqFUpm3HOh8Gkb8EOYGTubypqGMPpFAVTtKHGRBAkN0yJFyqmF33g8ZjqNz4c/pMgZH9SjooKnS1VOt0vsp5xAr/U2wc4TBgdFL3J6r25Ayuif5sEvBbZHeJgBWRqdFbGybip/+vyv4M6n6Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=LOOgq20Z; arc=none smtp.client-ip=209.85.222.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="LOOgq20Z" Received: by mail-qk1-f178.google.com with SMTP id af79cd13be357-7b14554468fso114142485a.1; Fri, 15 Nov 2024 08:00:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1731686456; x=1732291256; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=1DEX5pxhpjG/jUyf+2MYvISOzDGV5P67ztR+W135scA=; b=LOOgq20Ztw+9FKKCLYKgD0PBiv70J+hPyE0nTKjF358r95WVFHoJuu9xRouMsPeU85 +2TSFZa8Q3TDMdJiYQj7UmGcOZaHc2JF4k/wdahHo1ceEAQaYVvnCWn89Uz6FMviE3f/ /xU+h/ls1S2rn6AjQOB4/EamqK9XAYlg4tgjRe8NymZVgqcXlYLGF0c7prk2q8rXXJtX 77qINH3GzaMODHgwIyPZR90n/kfl8ZbMLEL82wt6tnJB2NDF/nPzkTBFwTKgA/WvSxrH WH902LI68mLlGeWzfZjIAwE8P1kD5t0Gu8WlL4thnfmUYLS6nsxYt4iBqExSViIjRpWM DOww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731686456; x=1732291256; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1DEX5pxhpjG/jUyf+2MYvISOzDGV5P67ztR+W135scA=; b=eT2MGHr9CbFetwNiEVRQfmC1+pHAlyyG5Is/Mc32n2PgW1yFe3pqXQkBSWk5nVpAa/ fKzcGRYjsjGAJnpaHPHxeRNZwYdEwkXOO48xYxsJ96vepNOo9O01YMSUx6riwUrQdpWE lx5GEWOmXffpvY1zMvfObnm8uM9hiXqbrrwY6aDlBIFkzWMLM1QnTnWfLapdhB729KHC dg7vVKWck/hmCIZbwzK5Xe9s5rh70Xzhctv7/oEILDr2SJPczdS83ZmvcB0pZMRW4cCW QKjSmb2SnVsfflmHKmJ16uTEvLf/kNx1HikPv3a4xa1Ywlk3WQ3+R67RML/tizYYO6sc sBYg== X-Forwarded-Encrypted: i=1; AJvYcCWuXaaLeJIq3F2dZa9B0kklVkVMIEzVnT0144zGiWDWtAK9Y2lWbAMPkxlBR9Knlv2w1aCe1KM1JYTBzeo=@vger.kernel.org X-Gm-Message-State: AOJu0YzMFA24NGFsy5ZAOKySy1WCKTaAtouM/GtEuKNtJG8P2VxMKxYo osx+FMNWpOKSyN1XnN+rgr9xvkD3dQfHSHSZpi694nwoX+n5Utq3 X-Google-Smtp-Source: AGHT+IFe+QU+wg5N9XavpDWq+PX3XEbWW6HEvIvwg6+ZUCMH18ICQ/FYJdk5fHlULHNJlunV4weqvw== X-Received: by 2002:a05:620a:4594:b0:7b1:5f49:6bf7 with SMTP id af79cd13be357-7b3623718e1mr385035785a.56.1731686455712; Fri, 15 Nov 2024 08:00:55 -0800 (PST) Received: from 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa ([2600:4041:5be7:7c00:edce:cf6f:2815:775e]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7b35c984576sm171108785a.25.2024.11.15.08.00.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Nov 2024 08:00:55 -0800 (PST) From: Tamir Duberstein Date: Fri, 15 Nov 2024 11:00:48 -0500 Subject: [PATCH v5 5/6] rust: reorder `ForeignOwnable` items Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20241115-borrow-mut-v5-5-86204b249667@gmail.com> References: <20241115-borrow-mut-v5-0-86204b249667@gmail.com> In-Reply-To: <20241115-borrow-mut-v5-0-86204b249667@gmail.com> To: Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, Tamir Duberstein X-Mailer: b4 0.15-dev `{into,from}_foreign` before `borrow` is slightly more logical. This removes an inconsistency with `kbox.rs` which already uses this ordering. Reviewed-by: Alice Ryhl Reviewed-by: Andreas Hindborg Signed-off-by: Tamir Duberstein --- rust/kernel/sync/arc.rs | 18 +++++++++--------- rust/kernel/types.rs | 20 ++++++++++---------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index 01d85da799d77127fc99a9b270b8a7b1ef435b6f..1d26c309d21db53f1fc769562c2= afb4e881c3b5b 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -337,25 +337,25 @@ fn into_foreign(self) -> *mut crate::ffi::c_void { ManuallyDrop::new(self).ptr.as_ptr().cast() } =20 - unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> ArcBorrow<'a, T>= { + unsafe fn from_foreign(ptr: *mut crate::ffi::c_void) -> Self { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. let inner =3D unsafe { NonNull::new_unchecked(ptr.cast::>()) }; =20 - // SAFETY: The safety requirements of `from_foreign` ensure that t= he object remains alive - // for the lifetime of the returned value. - unsafe { ArcBorrow::new(inner) } + // SAFETY: By the safety requirement of this function, we know tha= t `ptr` came from + // a previous call to `Arc::into_foreign`, which guarantees that `= ptr` is valid and + // holds a reference count increment that is transferrable to us. + unsafe { Self::from_inner(inner) } } =20 - unsafe fn from_foreign(ptr: *mut crate::ffi::c_void) -> Self { + unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> ArcBorrow<'a, T>= { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. let inner =3D unsafe { NonNull::new_unchecked(ptr.cast::>()) }; =20 - // SAFETY: By the safety requirement of this function, we know tha= t `ptr` came from - // a previous call to `Arc::into_foreign`, which guarantees that `= ptr` is valid and - // holds a reference count increment that is transferrable to us. - unsafe { Self::from_inner(inner) } + // SAFETY: The safety requirements of `from_foreign` ensure that t= he object remains alive + // for the lifetime of the returned value. + unsafe { ArcBorrow::new(inner) } } } =20 diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs index fd7685921c7c9866f963adef122dfe45a7afd87b..c2ac1626f8ddff7397ec00f502a= bcfe78829b532 100644 --- a/rust/kernel/types.rs +++ b/rust/kernel/types.rs @@ -31,14 +31,6 @@ pub trait ForeignOwnable: Sized { /// [`ForeignOwnable::try_from_foreign`] can result in undefined behav= ior. fn into_foreign(self) -> *mut crate::ffi::c_void; =20 - /// Borrows a foreign-owned object. - /// - /// # Safety - /// - /// `ptr` must have been returned by a previous call to [`ForeignOwnab= le::into_foreign`] for - /// which a previous matching [`ForeignOwnable::from_foreign`] hasn't = been called yet. - unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> Self::Borrowed<'= a>; - /// Converts a foreign-owned object back to a Rust-owned one. /// /// # Safety @@ -67,6 +59,14 @@ unsafe fn try_from_foreign(ptr: *mut crate::ffi::c_void)= -> Option { unsafe { Some(Self::from_foreign(ptr)) } } } + + /// Borrows a foreign-owned object. + /// + /// # Safety + /// + /// `ptr` must have been returned by a previous call to [`ForeignOwnab= le::into_foreign`] for + /// which a previous matching [`ForeignOwnable::from_foreign`] hasn't = been called yet. + unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> Self::Borrowed<'= a>; } =20 impl ForeignOwnable for () { @@ -76,9 +76,9 @@ fn into_foreign(self) -> *mut crate::ffi::c_void { core::ptr::NonNull::dangling().as_ptr() } =20 - unsafe fn borrow<'a>(_: *mut crate::ffi::c_void) -> Self::Borrowed<'a>= {} - unsafe fn from_foreign(_: *mut crate::ffi::c_void) -> Self {} + + unsafe fn borrow<'a>(_: *mut crate::ffi::c_void) -> Self::Borrowed<'a>= {} } =20 /// Runs a cleanup function/closure when dropped. --=20 2.47.0 From nobody Fri Nov 22 16:33:14 2024 Received: from mail-qv1-f46.google.com (mail-qv1-f46.google.com [209.85.219.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9949A1E0DEC; Fri, 15 Nov 2024 16:00:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.46 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731686460; cv=none; b=IszFrVSEksbKynzCGBdDCzR9e7GaYExkN5T3q9e/u081FRby6pgnIZgIOPrtlbx5OjkNKfg0JqEJLjTX6c44G0NVVguHNJjt9XLE5qA8z6Ch483qzm2Kk0QIB5m26tX1+GmYAV2FAjCcy+ujb6MjZ1jlxexbchYS2eUM5OZZeXQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731686460; c=relaxed/simple; bh=98Pj0Z9DLydkYx2nVYCuGoX4eIzcDL77SCfZfWGm6rU=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Zhk6YO9OGJ4vbNkrGOOtXk/oe/CMo7itep/LKEt9Tl8Ivy3GRjvCIWYXQux+GrhoAj9i4gOLBWEeoasTNfsnkMSDTvdp7GHxjDb2qSy4RaSmG1om3K2WPLAIDaoZbpz/QTFew3SiPdNYMo1mkC9xw4lmAXoKa+dBXmhk1G/ujgA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ikWoDf34; arc=none smtp.client-ip=209.85.219.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ikWoDf34" Received: by mail-qv1-f46.google.com with SMTP id 6a1803df08f44-6d3f64df14aso10366706d6.1; Fri, 15 Nov 2024 08:00:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1731686457; x=1732291257; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=p7nAvvaPKLedoC6lSOgYyDXcfx4J0P0Lmm09BFLkS4A=; b=ikWoDf34bAJWeqWSJrozXupdElgVGQuwMsYezl5Za1ld03RnG8MUvQJ2o0U2E8n47j ZRbuPjQCORAtBddAdhNV6NOm+JIoRnXksgWuxzsqhcP0GfCVi0vOJnfGfHOU0UQYSHJ0 /vUHQUe3KY+acnOkAvGxfCiTaVfcKg3UXzjCJt69YzLPEDP8NMfQ80Gkl2un4ACW8xRX jneCNoPmkF4ixfI56t4bQZPGJMoq+JEczhRO1jBGD+eav11qzgryfaM/yA7T9FTYAy+R 9dMgFdCIUkuyhIoW/0cRL8lNM4wCSEp/QYTEXV3KgOwTWWCe+P6kO4njKgjUWKo/2R0/ 9LIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731686457; x=1732291257; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=p7nAvvaPKLedoC6lSOgYyDXcfx4J0P0Lmm09BFLkS4A=; b=IwzLVhLeT+dzIgPZDAUybik4t0I9ckecT3fOQJyAd86Vz7v8WPWTuMalY17NaW3IO9 Pw8cSJW3WmlnNgtA8ZKD9+rA4vjCP2n2yf1RB9IL4yEQOpYXrGoav7iy3pXRX77YpoMp pRkIP1cg5sDKCFV2s3vOdqcMJJP7sw1n1A/fFKRGKQLeYkSVDIq8qsOkCJ6PO8lssfFp ho3/5RLgqqu0YIrgrWm4i+7jyoyh47tEBBBqec5VkUznSbC5PKOuECuEGNrE4SBZxFOJ rJTDGOGSBs4o/fHUbMVQxI14Paua/kW29c6/4J5IeSSYdzcCvFfxhVIXi4ggTAd9aYPp /Fiw== X-Forwarded-Encrypted: i=1; AJvYcCUefyLS3rstGez5m+koH1tTSIVtOI99lAr8f+WBADmYOFwEfHYEqLFAsIFZYyGzOTVN2sAp5wEVLZUYv9M=@vger.kernel.org X-Gm-Message-State: AOJu0YxB3rCq8wrMUKRztZzocx4OEojP1rKDbZvi8DwiTxrwUakCW7Zk 5MFwkzOQlPpoG/gX+p1gAAetDyselrsoM2Ce2R7WJxeyZO8lhGjn X-Google-Smtp-Source: AGHT+IGWn9ZH9qRY/Dzpua105ZqOkSOHO+Gq3Cst9kcedFv7AUHtwlHBWhrB4e1nYjZ5nJQ8jzbLBg== X-Received: by 2002:a05:6214:451d:b0:6d3:fa75:e9ed with SMTP id 6a1803df08f44-6d3fb8579afmr40413746d6.41.1731686457358; Fri, 15 Nov 2024 08:00:57 -0800 (PST) Received: from 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa ([2600:4041:5be7:7c00:edce:cf6f:2815:775e]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7b35c984576sm171108785a.25.2024.11.15.08.00.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Nov 2024 08:00:56 -0800 (PST) From: Tamir Duberstein Date: Fri, 15 Nov 2024 11:00:49 -0500 Subject: [PATCH v5 6/6] rust: add improved version of `ForeignOwnable::borrow_mut` Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20241115-borrow-mut-v5-6-86204b249667@gmail.com> References: <20241115-borrow-mut-v5-0-86204b249667@gmail.com> In-Reply-To: <20241115-borrow-mut-v5-0-86204b249667@gmail.com> To: Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, Tamir Duberstein , Martin Rodriguez Reboredo X-Mailer: b4 0.15-dev From: Alice Ryhl Previously, the `ForeignOwnable` trait had a method called `borrow_mut` that was intended to provide mutable access to the inner value. However, the method accidentally made it possible to change the address of the object being modified, which usually isn't what we want. (And when we want that, it can be done by calling `from_foreign` and `into_foreign`, like how the old `borrow_mut` was implemented.) In this patch, we introduce an alternate definition of `borrow_mut` that solves the previous problem. Conceptually, given a pointer type `P` that implements `ForeignOwnable`, the `borrow_mut` method gives you the same kind of access as an `&mut P` would, except that it does not let you change the pointer `P` itself. This is analogous to how the existing `borrow` method provides the same kind of access to the inner value as an `&P`. Note that for types like `Arc`, having an `&mut Arc` only gives you immutable access to the inner `T`. This is because mutable references assume exclusive access, but there might be other handles to the same reference counted value, so the access isn't exclusive. The `Arc` type implements this by making `borrow_mut` return the same type as `borrow`. Signed-off-by: Alice Ryhl Reviewed-by: Boqun Feng Reviewed-by: Benno Lossin Reviewed-by: Martin Rodriguez Reboredo Reviewed-by: Andreas Hindborg Signed-off-by: Tamir Duberstein --- rust/kernel/alloc/kbox.rs | 21 ++++++++++++++ rust/kernel/sync/arc.rs | 7 +++++ rust/kernel/types.rs | 71 ++++++++++++++++++++++++++++++++++++++-----= ---- 3 files changed, 86 insertions(+), 13 deletions(-) diff --git a/rust/kernel/alloc/kbox.rs b/rust/kernel/alloc/kbox.rs index e00c14053efbfb08d053e0f0b11247fa25d9d516..4ffc4e1b22b2b7c2ea8e8ed5b7f= 7a8534625249f 100644 --- a/rust/kernel/alloc/kbox.rs +++ b/rust/kernel/alloc/kbox.rs @@ -354,6 +354,7 @@ impl ForeignOwnable for Box A: Allocator, { type Borrowed<'a> =3D &'a T; + type BorrowedMut<'a> =3D &'a mut T; =20 fn into_foreign(self) -> *mut crate::ffi::c_void { Box::into_raw(self).cast() @@ -370,6 +371,13 @@ unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> = &'a T { // immutable for the duration of 'a. unsafe { &*ptr.cast() } } + + unsafe fn borrow_mut<'a>(ptr: *mut core::ffi::c_void) -> &'a mut T { + let ptr =3D ptr.cast(); + // SAFETY: The safety requirements of this method ensure that the = pointer is valid and that + // nothing else will access the value for the duration of 'a. + unsafe { &mut *ptr } + } } =20 impl ForeignOwnable for Pin> @@ -377,6 +385,7 @@ impl ForeignOwnable for Pin> A: Allocator, { type Borrowed<'a> =3D Pin<&'a T>; + type BorrowedMut<'a> =3D Pin<&'a mut T>; =20 fn into_foreign(self) -> *mut crate::ffi::c_void { // SAFETY: We are still treating the box as pinned. @@ -399,6 +408,18 @@ unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> = Pin<&'a T> { // SAFETY: This pointer originates from a `Pin>`. unsafe { Pin::new_unchecked(r) } } + + unsafe fn borrow_mut<'a>(ptr: *mut core::ffi::c_void) -> Pin<&'a mut T= > { + let ptr =3D ptr.cast(); + // SAFETY: The safety requirements for this function ensure that t= he object is still alive, + // so it is safe to dereference the raw pointer. + // The safety requirements of `from_foreign` also ensure that the = object remains alive for + // the lifetime of the returned value. + let r =3D unsafe { &mut *ptr }; + + // SAFETY: This pointer originates from a `Pin>`. + unsafe { Pin::new_unchecked(r) } + } } =20 impl Deref for Box diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index 1d26c309d21db53f1fc769562c2afb4e881c3b5b..eb5cd8b360a3507a527978aaf96= dbc3a80d4ae2c 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -332,6 +332,7 @@ pub fn into_unique_or_drop(self) -> Option>> { =20 impl ForeignOwnable for Arc { type Borrowed<'a> =3D ArcBorrow<'a, T>; + type BorrowedMut<'a> =3D Self::Borrowed<'a>; =20 fn into_foreign(self) -> *mut crate::ffi::c_void { ManuallyDrop::new(self).ptr.as_ptr().cast() @@ -357,6 +358,12 @@ unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> = ArcBorrow<'a, T> { // for the lifetime of the returned value. unsafe { ArcBorrow::new(inner) } } + + unsafe fn borrow_mut<'a>(ptr: *mut core::ffi::c_void) -> ArcBorrow<'a,= T> { + // SAFETY: The safety requirements for `borrow_mut` are a superset= of the safety + // requirements for `borrow`. + unsafe { Self::borrow(ptr) } + } } =20 impl Deref for Arc { diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs index c2ac1626f8ddff7397ec00f502abcfe78829b532..c150cf509d52fd5006834cf1c67= 45e4ea3504a55 100644 --- a/rust/kernel/types.rs +++ b/rust/kernel/types.rs @@ -19,26 +19,33 @@ /// This trait is meant to be used in cases when Rust objects are stored i= n C objects and /// eventually "freed" back to Rust. pub trait ForeignOwnable: Sized { - /// Type of values borrowed between calls to [`ForeignOwnable::into_fo= reign`] and - /// [`ForeignOwnable::from_foreign`]. + /// Type used to immutably borrow a value that is currently foreign-ow= ned. type Borrowed<'a>; =20 + /// Type used to mutably borrow a value that is currently foreign-owne= d. + type BorrowedMut<'a>; + /// Converts a Rust-owned object to a foreign-owned one. /// /// The foreign representation is a pointer to void. There are no guar= antees for this pointer. /// For example, it might be invalid, dangling or pointing to uninitia= lized memory. Using it in - /// any way except for [`ForeignOwnable::from_foreign`], [`ForeignOwna= ble::borrow`], - /// [`ForeignOwnable::try_from_foreign`] can result in undefined behav= ior. + /// any way except for [`from_foreign`], [`try_from_foreign`], [`borro= w`], or [`borrow_mut`] can + /// result in undefined behavior. + /// + /// [`from_foreign`]: Self::from_foreign + /// [`try_from_foreign`]: Self::try_from_foreign + /// [`borrow`]: Self::borrow + /// [`borrow_mut`]: Self::borrow_mut fn into_foreign(self) -> *mut crate::ffi::c_void; =20 /// Converts a foreign-owned object back to a Rust-owned one. /// /// # Safety /// - /// `ptr` must have been returned by a previous call to [`ForeignOwnab= le::into_foreign`] for - /// which a previous matching [`ForeignOwnable::from_foreign`] hasn't = been called yet. - /// Additionally, all instances (if any) of values returned by [`Forei= gnOwnable::borrow`] for - /// this object must have been dropped. + /// The provided pointer must have been returned by a previous call to= [`into_foreign`], and it + /// must not be passed to `from_foreign` more than once. + /// + /// [`into_foreign`]: Self::into_foreign unsafe fn from_foreign(ptr: *mut crate::ffi::c_void) -> Self; =20 /// Tries to convert a foreign-owned object back to a Rust-owned one. @@ -48,8 +55,9 @@ pub trait ForeignOwnable: Sized { /// /// # Safety /// - /// `ptr` must either be null or satisfy the safety requirements for - /// [`ForeignOwnable::from_foreign`]. + /// `ptr` must either be null or satisfy the safety requirements for [= `from_foreign`]. + /// + /// [`from_foreign`]: Self::from_foreign unsafe fn try_from_foreign(ptr: *mut crate::ffi::c_void) -> Option { if ptr.is_null() { None @@ -60,17 +68,53 @@ unsafe fn try_from_foreign(ptr: *mut crate::ffi::c_void= ) -> Option { } } =20 - /// Borrows a foreign-owned object. + /// Borrows a foreign-owned object immutably. + /// + /// This method provides a way to access a foreign-owned value from Ru= st immutably. It provides + /// you with exactly the same abilities as an `&Self` when the value i= s Rust-owned. /// /// # Safety /// - /// `ptr` must have been returned by a previous call to [`ForeignOwnab= le::into_foreign`] for - /// which a previous matching [`ForeignOwnable::from_foreign`] hasn't = been called yet. + /// The provided pointer must have been returned by a previous call to= [`into_foreign`], and if + /// the pointer is ever passed to [`from_foreign`], then that call mus= t happen after the end of + /// the lifetime 'a. + /// + /// [`into_foreign`]: Self::into_foreign + /// [`from_foreign`]: Self::from_foreign unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> Self::Borrowed<'= a>; + + /// Borrows a foreign-owned object mutably. + /// + /// This method provides a way to access a foreign-owned value from Ru= st mutably. It provides + /// you with exactly the same abilities as an `&mut Self` when the val= ue is Rust-owned, except + /// that the address of the object must not be changed. + /// + /// Note that for types like [`Arc`], an `&mut Arc` only gives you = immutable access to the + /// inner value, so this method also only provides immutable access in= that case. + /// + /// In the case of `Box`, this method gives you the ability to modi= fy the inner `T`, but it + /// does not let you change the box itself. That is, you cannot change= which allocation the box + /// points at. + /// + /// # Safety + /// + /// The provided pointer must have been returned by a previous call to= [`into_foreign`], and if + /// the pointer is ever passed to [`from_foreign`], then that call mus= t happen after the end of + /// the lifetime 'a. + /// + /// The lifetime 'a must not overlap with the lifetime of any other ca= ll to [`borrow`] or + /// `borrow_mut` on the same object. + /// + /// [`into_foreign`]: Self::into_foreign + /// [`from_foreign`]: Self::from_foreign + /// [`borrow`]: Self::borrow + /// [`Arc`]: crate::sync::Arc + unsafe fn borrow_mut<'a>(ptr: *mut crate::ffi::c_void) -> Self::Borrow= edMut<'a>; } =20 impl ForeignOwnable for () { type Borrowed<'a> =3D (); + type BorrowedMut<'a> =3D (); =20 fn into_foreign(self) -> *mut crate::ffi::c_void { core::ptr::NonNull::dangling().as_ptr() @@ -79,6 +123,7 @@ fn into_foreign(self) -> *mut crate::ffi::c_void { unsafe fn from_foreign(_: *mut crate::ffi::c_void) -> Self {} =20 unsafe fn borrow<'a>(_: *mut crate::ffi::c_void) -> Self::Borrowed<'a>= {} + unsafe fn borrow_mut<'a>(_: *mut crate::ffi::c_void) -> Self::Borrowed= Mut<'a> {} } =20 /// Runs a cleanup function/closure when dropped. --=20 2.47.0