From nobody Sun Nov 24 12:21:40 2024 Received: from mail-yw1-f171.google.com (mail-yw1-f171.google.com [209.85.128.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 902FA1A2574; Wed, 20 Nov 2024 11:46:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.171 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732103182; cv=none; b=VGWc3W4aG65X2RBF80B6LlGONShXOHJTVKo6m3z/RO+NUL9diOM7tKDV3Hpz5KpsVgenWocXBWG4+UOjozdj9xHzjrJYpCJh6F4UEfaGFERR4m2RnlO6ys66KNfmdACA6A+ai2DbHVogWUh0ohg72bv0oaJv3HXNY1Yz/EJDCOA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732103182; c=relaxed/simple; bh=vAXIWL5Tm5HEkpTkeRvs/PY9xzGMkmxPQXPP5BPzwao=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=FY+mks2Pizg2v1b2WpUgqVus0Vd5yOlN4aMQGA8WBElTyJCmQXLNns8xd/3rqt4ac8ByU87EVfHgJ2gZRwaNrNCPR9QBlNKjJcxn1Vp9J8uffs95hMFP4shKHnFzjXo31ZMwWmpURypAdazqCnN2PuT2MhgHd43S0o53JN+BhOk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=j4qSMobI; arc=none smtp.client-ip=209.85.128.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="j4qSMobI" Received: by mail-yw1-f171.google.com with SMTP id 00721157ae682-6ee9b571665so29640027b3.2; Wed, 20 Nov 2024 03:46:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732103177; x=1732707977; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=X50QSvdQW6opJ3/PyTKFvmBHXrn62CTGlZAsB4b1Dnk=; b=j4qSMobIc7Zd2lAFSZmrsP5h8kq8fy21ToBwvT4Jumiejhk3POj2EuFRaXc7OdbmTb OYL5CfWRlYhTOhxviW8GJUQzcyA1pOmTULJEH89Z3b2x12+WXXjDNF2+g0Q2rTmuJMaR IqoGO0sZnhEY/AzrH+J/e/dJ5q+SeWk8wXr6xkmSE6O6CI1ImqSE4fneOQ9bGJGWAt48 HC2lQbm37mjAv6wladRGIXpUMlZN2PEJ/9FYkVtQT3lXUcz1H0hrkmvZYRPIHTkp0zDH EwkGg2iLvr7DhoEv4zuYnOs0wl1PH0vZSVj5HyrLavGOZLQneBFtWk4CFXyvlaLPWV77 I/WA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732103177; x=1732707977; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=X50QSvdQW6opJ3/PyTKFvmBHXrn62CTGlZAsB4b1Dnk=; b=JUEBa6AZDZMTn8SJ1HFJkZLtpAADGIoBxe5SkHPYfimFDuRPPS8sNrbhZ/LDGZgyjV SvvvUMO12oiUrQFpWO/AQlkIbBoNc/F1yAjo+izt82XjACeW+lwB54VflwUvwFpE4/Fw b4Yfw59bR3JPVmd5x4OkZQvMDN4uWRA7r4lbkyQwCTFFkyJosPkyAWfPdc2OqFOOAO8v OQyBzmRaePdn1lgUGVGncvRulonWC8ywAJM6mhS7MRHjutJG5/jcA5pdaplGtqMNRqIi xBGcHh07DLlipLWJfRE9Xu7hdWzX8vHipqwqqjpZykIDL9z7gWQUuzsLlrKSL8sEeBlK DUkQ== X-Forwarded-Encrypted: i=1; AJvYcCX15g8oypuXtvCtuvX2wfPYX75+9neilajtbL4fx3ANedJ+FymK5aRaTcjYb+5UdCqWSEomWWLfija4HsA=@vger.kernel.org X-Gm-Message-State: AOJu0Yy12KrfmhsTaDdmFlu/reyEKy7JaRDl61e9PlxYHLDKOtELyZte BzYeY80O27pfFjntevAbdWSPVXMB/2fTYwgytO/niOW5nugwrF5g X-Google-Smtp-Source: AGHT+IGM1Q0T3oM/qQch/jNqcAddd9VPHjOd0zxV+/Z2ATQZmth5lo+0Pfigdkr0Qk8OdPGptqYFQA== X-Received: by 2002:a05:690c:9987:b0:6ee:a89e:af3b with SMTP id 00721157ae682-6eebd141e35mr28682117b3.9.1732103177396; Wed, 20 Nov 2024 03:46:17 -0800 (PST) Received: from tamirs-macbook-pro.local ([2600:4041:5be7:7c00:8dca:61d2:c8fb:a544]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6d4380b6390sm9705696d6.5.2024.11.20.03.46.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Nov 2024 03:46:16 -0800 (PST) From: Tamir Duberstein Date: Wed, 20 Nov 2024 06:46:00 -0500 Subject: [PATCH v6 1/6] rust: arc: use `NonNull::new_unchecked` Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20241120-borrow-mut-v6-1-80dbadd00951@gmail.com> References: <20241120-borrow-mut-v6-0-80dbadd00951@gmail.com> In-Reply-To: <20241120-borrow-mut-v6-0-80dbadd00951@gmail.com> To: Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, Tamir Duberstein X-Mailer: b4 0.15-dev There is no need to check (and panic on violations of) the safety requirements on `ForeignOwnable` functions. Avoiding the check is consistent with the implementation of `ForeignOwnable` for `Box`. Reviewed-by: Alice Ryhl Reviewed-by: Andreas Hindborg Signed-off-by: Tamir Duberstein --- rust/kernel/sync/arc.rs | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index fa4509406ee909ca0677b78d5ece966089ce6366..b4e492dd712137c7c39e3de3d39= c0c833944828c 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -337,9 +337,9 @@ fn into_foreign(self) -> *const crate::ffi::c_void { } =20 unsafe fn borrow<'a>(ptr: *const crate::ffi::c_void) -> ArcBorrow<'a, = T> { - // By the safety requirement of this function, we know that `ptr` = came from - // a previous call to `Arc::into_foreign`. - let inner =3D NonNull::new(ptr as *mut ArcInner).unwrap(); + // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous + // call to `Self::into_foreign`. + let inner =3D unsafe { NonNull::new_unchecked(ptr as *mut ArcInner= ) }; =20 // SAFETY: The safety requirements of `from_foreign` ensure that t= he object remains alive // for the lifetime of the returned value. @@ -347,10 +347,14 @@ unsafe fn borrow<'a>(ptr: *const crate::ffi::c_void) = -> ArcBorrow<'a, T> { } =20 unsafe fn from_foreign(ptr: *const crate::ffi::c_void) -> Self { + // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous + // call to `Self::into_foreign`. + let inner =3D unsafe { NonNull::new_unchecked(ptr as *mut ArcInner= ) }; + // SAFETY: By the safety requirement of this function, we know tha= t `ptr` came from // a previous call to `Arc::into_foreign`, which guarantees that `= ptr` is valid and // holds a reference count increment that is transferrable to us. - unsafe { Self::from_inner(NonNull::new(ptr as _).unwrap()) } + unsafe { Self::from_inner(inner) } } } =20 --=20 2.47.0 From nobody Sun Nov 24 12:21:40 2024 Received: from mail-qv1-f49.google.com (mail-qv1-f49.google.com [209.85.219.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5DABC1A256E; Wed, 20 Nov 2024 11:46:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732103182; cv=none; b=MuIWDxSA0y0C9r+7nEHCMsH3SjS1egY0cxq5v0kdnNl68a5NbotMVgAJEE6Rq8Kd1txJlSJS/ubengSqnlVHtdI6pf34Ih83LpdknAt5Pfedo4ihaUykJSP8ABGZ3s3WG7RABDOGwkXRJPE1Vl8mqDDZHMwS1i0EIbLmjijCJPc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732103182; c=relaxed/simple; bh=7mJvIeb2noE9wZ0A4dhqRLCY/zejQZMbM6X2lVHwQ10=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=kWg/FVf3FJCf6IkRIJf7HkwV1PMFnkGLKYjWugGqTRGn+QfQVtPFfuQUGxf8p8t3j++KQVlQPnm8m7DynJJ6GslbIexgNgCQA2LqrDWIJQv+DqlNYNwKy7vYJ+SvzGEJUspe0hvVS5xsqJzPkJYepa/kTIBw2ABnTWeZwUjBI4w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Nqddv/Y/; arc=none smtp.client-ip=209.85.219.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Nqddv/Y/" Received: by mail-qv1-f49.google.com with SMTP id 6a1803df08f44-6d40e69577dso12560106d6.3; Wed, 20 Nov 2024 03:46:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732103179; x=1732707979; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=Su+Qnr8zKK34gJVF+kBwkn9a8J+ydzKanTU7K+DUb6Y=; b=Nqddv/Y/f7SS/7m0HPisSTAo6OHfHY+zTl3MLTd0CLMvHz5WCI/jydcKM5GTHJ6xl0 UlQO3a+oOJlMd2dzIKKZ7e+7C7Zs4gvQyPtxyKaioPcZnJk8afWCn5GKZ3QlRU+ueOU5 bUe3EKjOGmEuNpA4UA0EzIx07f8zrT5/ub6vm7Zq0lQwdHI8ZDmwekrvUFqH+MVl8xQ+ AbW1OdCHc5Ns+ZuxlHX3Lj3TGvS3bz8QdwhLB5wmEHvM3G087LOG9rbp5JrLM/LkZ6Ue LysQdeSKuJRMAZoOofi5ApSAoX/mmjfnXADE7ZqXMrrYq6rs4br+uq79CJHJL9JUw8BF 03tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732103179; x=1732707979; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Su+Qnr8zKK34gJVF+kBwkn9a8J+ydzKanTU7K+DUb6Y=; b=E51sUhwf81q18yEvJ7BkmVUebQZktiUH2ulB6UbPNPpQ/MREXoXrqM6ONg7H/ZjL1u PWsX1+1LaK6oBMmrNLft8Fef8C1hag7bE+ikoETYF8E/dXLxao/uyqyuIB8jBOgmbCz8 0pI689rnt2u2MvzugyPa5NQrLHa4XzZjb9NZA6203fy9clZNf59S1HUmgJDo1rHNdb57 eCpmD9zr6U9Rvotc7ZMlcLLgYUz/nYimYuKLqoFWlesgMcvixPjHpXRqjXaH6yWPRfoO qCKyoPP4aH5BKFmaBPjNvHZ7NYNRAIXiH/XVEbbpbHs7OxycJfU8Zd6ty4k8GxdbAiQ/ AlVA== X-Forwarded-Encrypted: i=1; AJvYcCW5FGfSKoGpIn90YTQ1SMaL4ED/Vc8JChKFFZBvrR1qZ3CucGYQ/t0AkjeWe3RfRHTeYWb1Z2rjsKMXNXA=@vger.kernel.org X-Gm-Message-State: AOJu0Yzg4FxpJRcr7fzKyqF51iVa43inLDxE6rxte4NLa5CQ5eJ3iJ7T WBtdWTpX2xRmeknBddfB9UT4SxYStzofrwNyYl2Kk0UJ0fM1dvkH X-Google-Smtp-Source: AGHT+IEeDv4NJrNJU5Pvt8dmlRpsTDsrvAvd6gavsZ5P2bNhDwCDM/L6weIL6DR5hiIoYLxok+FoWA== X-Received: by 2002:ad4:5761:0:b0:6d3:f51b:3ee4 with SMTP id 6a1803df08f44-6d4377b1f60mr30321746d6.7.1732103179314; Wed, 20 Nov 2024 03:46:19 -0800 (PST) Received: from tamirs-macbook-pro.local ([2600:4041:5be7:7c00:8dca:61d2:c8fb:a544]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6d4380b6390sm9705696d6.5.2024.11.20.03.46.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Nov 2024 03:46:18 -0800 (PST) From: Tamir Duberstein Date: Wed, 20 Nov 2024 06:46:01 -0500 Subject: [PATCH v6 2/6] rust: types: avoid `as` casts Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20241120-borrow-mut-v6-2-80dbadd00951@gmail.com> References: <20241120-borrow-mut-v6-0-80dbadd00951@gmail.com> In-Reply-To: <20241120-borrow-mut-v6-0-80dbadd00951@gmail.com> To: Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, Tamir Duberstein X-Mailer: b4 0.15-dev Replace `as` casts with `cast{,_mut}` calls which are a bit safer. In one instance, remove an unnecessary `as` cast without replacement. Reviewed-by: Alice Ryhl Reviewed-by: Andreas Hindborg Signed-off-by: Tamir Duberstein --- rust/kernel/alloc/kbox.rs | 8 ++++---- rust/kernel/sync/arc.rs | 9 +++++---- rust/kernel/types.rs | 2 +- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/rust/kernel/alloc/kbox.rs b/rust/kernel/alloc/kbox.rs index 9ce414361c2c6dd8eea09b11041f6c307cbc7864..3f0b04609bd487e3f50247f9f1a= bd5394b749c7e 100644 --- a/rust/kernel/alloc/kbox.rs +++ b/rust/kernel/alloc/kbox.rs @@ -356,13 +356,13 @@ impl ForeignOwnable for Box type Borrowed<'a> =3D &'a T; =20 fn into_foreign(self) -> *const crate::ffi::c_void { - Box::into_raw(self) as _ + Box::into_raw(self).cast() } =20 unsafe fn from_foreign(ptr: *const crate::ffi::c_void) -> Self { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. - unsafe { Box::from_raw(ptr as _) } + unsafe { Box::from_raw(ptr.cast_mut().cast()) } } =20 unsafe fn borrow<'a>(ptr: *const crate::ffi::c_void) -> &'a T { @@ -380,13 +380,13 @@ impl ForeignOwnable for Pin> =20 fn into_foreign(self) -> *const crate::ffi::c_void { // SAFETY: We are still treating the box as pinned. - Box::into_raw(unsafe { Pin::into_inner_unchecked(self) }) as _ + Box::into_raw(unsafe { Pin::into_inner_unchecked(self) }).cast() } =20 unsafe fn from_foreign(ptr: *const crate::ffi::c_void) -> Self { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. - unsafe { Pin::new_unchecked(Box::from_raw(ptr as _)) } + unsafe { Pin::new_unchecked(Box::from_raw(ptr.cast_mut().cast())) } } =20 unsafe fn borrow<'a>(ptr: *const crate::ffi::c_void) -> Pin<&'a T> { diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index b4e492dd712137c7c39e3de3d39c0c833944828c..50645660a9c33cb121ee1b24690= 03b325000d840 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -201,10 +201,11 @@ pub fn new(contents: T, flags: Flags) -> Result { }; =20 let inner =3D KBox::new(value, flags)?; + let inner =3D KBox::leak(inner).into(); =20 // SAFETY: We just created `inner` with a reference count of 1, wh= ich is owned by the new // `Arc` object. - Ok(unsafe { Self::from_inner(KBox::leak(inner).into()) }) + Ok(unsafe { Self::from_inner(inner) }) } } =20 @@ -333,13 +334,13 @@ impl ForeignOwnable for Arc { type Borrowed<'a> =3D ArcBorrow<'a, T>; =20 fn into_foreign(self) -> *const crate::ffi::c_void { - ManuallyDrop::new(self).ptr.as_ptr() as _ + ManuallyDrop::new(self).ptr.as_ptr().cast() } =20 unsafe fn borrow<'a>(ptr: *const crate::ffi::c_void) -> ArcBorrow<'a, = T> { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. - let inner =3D unsafe { NonNull::new_unchecked(ptr as *mut ArcInner= ) }; + let inner =3D unsafe { NonNull::new_unchecked(ptr.cast_mut().cast:= :>()) }; =20 // SAFETY: The safety requirements of `from_foreign` ensure that t= he object remains alive // for the lifetime of the returned value. @@ -349,7 +350,7 @@ unsafe fn borrow<'a>(ptr: *const crate::ffi::c_void) ->= ArcBorrow<'a, T> { unsafe fn from_foreign(ptr: *const crate::ffi::c_void) -> Self { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. - let inner =3D unsafe { NonNull::new_unchecked(ptr as *mut ArcInner= ) }; + let inner =3D unsafe { NonNull::new_unchecked(ptr.cast_mut().cast:= :>()) }; =20 // SAFETY: By the safety requirement of this function, we know tha= t `ptr` came from // a previous call to `Arc::into_foreign`, which guarantees that `= ptr` is valid and diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs index ec6457bb3084ae327c38ba4ba79b1601aef38244..318d2140470a90568100f86fd8c= 6d8084031f556 100644 --- a/rust/kernel/types.rs +++ b/rust/kernel/types.rs @@ -434,7 +434,7 @@ pub unsafe fn from_raw(ptr: NonNull) -> Self { /// } /// /// let mut data =3D Empty {}; - /// let ptr =3D NonNull::::new(&mut data as *mut _).unwrap(); + /// let ptr =3D NonNull::::new(&mut data).unwrap(); /// # // SAFETY: TODO. /// let data_ref: ARef =3D unsafe { ARef::from_raw(ptr) }; /// let raw_ptr: NonNull =3D ARef::into_raw(data_ref); --=20 2.47.0 From nobody Sun Nov 24 12:21:40 2024 Received: from mail-qv1-f45.google.com (mail-qv1-f45.google.com [209.85.219.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8E2B21A7265; Wed, 20 Nov 2024 11:46:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.45 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732103183; cv=none; b=rpUoRr2sZUDibqEIZ1pXVW8gfT/nxbp7Zv3/W//AxkM97UVAippXTOo3jm432x0owIXAQrIcb5YFceBGHocyR34WPbSrewE1U46f0YXtBLr6AnHA9ErByGkHAptyGcZpKiDDBdt6uGlFHhT7FuL96nICbSsBLhCeujx1e3nBp18= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732103183; c=relaxed/simple; bh=akhMarqEAGs2r0ixu78494NfI3AtdtjayQYRt4CjG88=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=KkqqQRqYvsONTsB2HFQSpXDUwbCS24i77LI8vZ629nlqaZwKE/BYk84jIj8Q4ofzXMD73ZDWmaPezolfjn1vYgfMbWQ3LanqZsesoWrAhoh3xeFds0jBBnJaBU7Kt5uXwPmoej2lskEAUDCOKoVv5CejaeZIJHsByA18YjmQ8e8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=g5x3M8S/; arc=none smtp.client-ip=209.85.219.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="g5x3M8S/" Received: by mail-qv1-f45.google.com with SMTP id 6a1803df08f44-6d41d46162eso19192056d6.0; Wed, 20 Nov 2024 03:46:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732103180; x=1732707980; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=5PwKabn9mlzVsv9jDUI6+PuwLrpvjcn+d7aup2iIUyE=; b=g5x3M8S/2zxdzNqsKhUxKNq5OhIlA6le6bZ6Fip9CcTKxQqDxwd3H7Teu57GAc9oG+ NmnODjEhYce7hQsRlQayaae62P+DSI2OCqRBVob8WD2K+Ra4BgZM/LRv8H2Jbic0eke0 vL+uYS4G30Sxf77lPSpatIkVB+LHGIrWLZqB9Cf0JkIMTk5x8znb59pTLQXTexX0xdry a93O6cTzComf4o/k9AN/6Cr/qKLNLhZKXHwAsbZiNXbFsGJwze94J1+7XsNl3JyyiO5G Vyol6Ejs/I2jj7ec2p7ZdA8lGTPp0sTtEAEZLEL2/f54mRkJRGXGoFN48xE6CWCjc9mC 4smA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732103180; x=1732707980; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5PwKabn9mlzVsv9jDUI6+PuwLrpvjcn+d7aup2iIUyE=; b=K55XZceqiwKOsgatOfUgT102zjrupCHR7mnWVk0SRvKogGfo+kOSph7mwn1V/OVLEx kUizQNAxBA0t9AisaUeBSCXiy+ZbWaETsMOZPhO1AVsIuAFjNOqOYVt6EBtlsDx5PG7r FNJUo9JL1niJuvyGxvyw1Ah9cIoDn2QJ9E6kH3Fj6709skKRS03GOlMhidLyRqHl8cMG uZsHOnmoQQ+hpXG7xmLRTYco37ARMmAUEPwfTFK2kWsKSUwtJM77Z8uvR72lZtEYcSD8 zWXpcR2vX1heMh3BpkmnsiGDSnxxM1Evnw/v1LJNkNca1qf2e6/mLgGT/WkYhMT8J7XC 1Mag== X-Forwarded-Encrypted: i=1; AJvYcCVCAeZwUfoqwhdweF3Oj9PEj3SmEZEGZtSEnb1bYQqtvZGcdwweBwAEN8Dg3HtTK2n4vQDfP4hzKTDQVKs=@vger.kernel.org X-Gm-Message-State: AOJu0YziKi/edSBGgFuF6FN1VGdp0Bgbh7YPE9nMWB7zBN3uIPW2AylA WQ6TDJp8/VAmla0bRP3eBsdssLy+HtBOHkvgrlXzALTZcpQsd5uu X-Google-Smtp-Source: AGHT+IEjkLvjpxcldh0B1LlHeA+ZV6tzfkCqXOkEyNLzsS6AVw2cEL9Qe2YHPAjXVazcSJW7ctOMKg== X-Received: by 2002:a05:6214:2127:b0:6d4:586:6291 with SMTP id 6a1803df08f44-6d437825009mr40752366d6.25.1732103180512; Wed, 20 Nov 2024 03:46:20 -0800 (PST) Received: from tamirs-macbook-pro.local ([2600:4041:5be7:7c00:8dca:61d2:c8fb:a544]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6d4380b6390sm9705696d6.5.2024.11.20.03.46.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Nov 2024 03:46:19 -0800 (PST) From: Tamir Duberstein Date: Wed, 20 Nov 2024 06:46:02 -0500 Subject: [PATCH v6 3/6] rust: arc: split unsafe block, add missing comment Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20241120-borrow-mut-v6-3-80dbadd00951@gmail.com> References: <20241120-borrow-mut-v6-0-80dbadd00951@gmail.com> In-Reply-To: <20241120-borrow-mut-v6-0-80dbadd00951@gmail.com> To: Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, Tamir Duberstein X-Mailer: b4 0.15-dev The new SAFETY comment style is taken from existing comments in `deref` and `drop. Reviewed-by: Alice Ryhl Reviewed-by: Andreas Hindborg Signed-off-by: Tamir Duberstein --- rust/kernel/sync/arc.rs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index 50645660a9c33cb121ee1b2469003b325000d840..a11f267ce5d40b987f1f3c45927= 1e5317ea0bae8 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -377,10 +377,14 @@ fn as_ref(&self) -> &T { =20 impl Clone for Arc { fn clone(&self) -> Self { + // SAFETY: By the type invariant, there is necessarily a reference= to the object, so it is + // safe to dereference it. + let refcount =3D unsafe { self.ptr.as_ref() }.refcount.get(); + // INVARIANT: C `refcount_inc` saturates the refcount, so it canno= t overflow to zero. // SAFETY: By the type invariant, there is necessarily a reference= to the object, so it is // safe to increment the refcount. - unsafe { bindings::refcount_inc(self.ptr.as_ref().refcount.get()) = }; + unsafe { bindings::refcount_inc(refcount) }; =20 // SAFETY: We just incremented the refcount. This increment is now= owned by the new `Arc`. unsafe { Self::from_inner(self.ptr) } --=20 2.47.0 From nobody Sun Nov 24 12:21:40 2024 Received: from mail-qv1-f52.google.com (mail-qv1-f52.google.com [209.85.219.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A41711AA1C8; Wed, 20 Nov 2024 11:46:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.52 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732103185; cv=none; b=ccG31tSvO7TYLQ0CAjp4J5Ql3IkN5Oee1vKId5YYK+s5NV7JA/UrTqJToe5ISjpq0DTgsjGH4omz/eVTZxLKvWSefsA19I+ZSB/65WE884rUlW1TDzlIWPAwqfUxvA3CyWeT3w7JE7pHgsfeJyUllpZ+IR/W8hJ5qR64iqm1mG8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732103185; c=relaxed/simple; bh=q2eREYf/gb5j6ID/Z4keUIY9t2Rhfyb/VmEbsUUDvvs=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=uhqn4N9oNOhIUGuPrbwwijTZqVmYxlEJchwlyfwhWNwzRtDJbY2ORLN/7pGlR4hWp+JxxCKospalREIoO5CHGv2rSwUBmcsVO3gebRtomQ31FIabsapOrzj8daFeNWG2uS72fw+gsXp8YJcjBZmcwmJd2YsEOB3xJVVdcuaZsXc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=J47pkn74; arc=none smtp.client-ip=209.85.219.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="J47pkn74" Received: by mail-qv1-f52.google.com with SMTP id 6a1803df08f44-6d410b5a94eso13281706d6.2; Wed, 20 Nov 2024 03:46:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732103183; x=1732707983; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=wq5NQqKxw72RrjJpmlLapu+Z3rZyKaWgokca6MUC0p8=; b=J47pkn74FJQ4l+F8DlZ15pe4QMnjOy1i1T+yQoz20wqqp7ocAicWAQhMn1vdXyDDw3 HYEkvevFg4j1lqxEC/uwJk/0fa6OLhIek8JsCXqp4s9FjU5Oy4i1jM0M/yVvwze7PD/f rqYjmkNNznl0HK96yMIt+vr4H+rK9tIU1OUDYZz7iwtE2Lrnk4edxKonGmzSnsg5NZDm jd5nELKJpfhQ8Hn4f2orP+r89WJw8fp6Gqh9JiK8qoaMgfzlST2dZOX2094KCcz43Rxz a2hnzVskA0/uTfRryisLuNRlAu7+NipYs6HB/QKYRF8mcymf8eMkQ4NdqErYvL98oIxJ 3xpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732103183; x=1732707983; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wq5NQqKxw72RrjJpmlLapu+Z3rZyKaWgokca6MUC0p8=; b=UHfzkCuxgteGlSy6zIikjXyJzGqHIWIGa3cU1rOCwImFEQfTotR1GU7QhWl5+d5gHR V+v0hvAKNhqwKWfdTvmyVACvQ5rAMojeejA04dyA5KYup9rRaRsuBHBEWHd6okDts5Ma TsioXGqrH2cPO0S7OebKJGiiomlVkNZgZDysvvyuetMruyvVzL3OxG3XQoDz2t3gu3cE uTiJR1nYle01asLnecUm8Kgio/25QsZKgNtoSnUuey8jiEcCyqncH5K0lsWWO8hXPUwh FlgdRcNBwLq78BDtHJLwbNfoO7vUnZ4gtNo96kod44rxgQso5xZor4xrR2TDEVVcDhVT yGxA== X-Forwarded-Encrypted: i=1; AJvYcCVXafRs5/zDM5ocw/XOh1c+OLYGlivl4yYuYlSB+EtOTgZgFGY09e/rjDv2NIpTb9aAnQthD9DWzibxk50=@vger.kernel.org X-Gm-Message-State: AOJu0YzNma6crAikcgQ4swuD5Fi2gYC9gAKW50GSKPDyK9DXakfGgF7D 3Hm3lPW/2fBPToKBd/jdYxhqt5gJMNiNa/fga9XZa3l3SmLWYXf9 X-Gm-Gg: ASbGncuB+YbCCVT8+PoEQym6rtzIgPS2EMH8VwL6zULxxN/Vi82H6+MzlMNlkjKuv4+ 4Dm7g8lnfFmSZqNGXiJU7Ld1pCQ7PLsSDi9yveLrNdk17nSZQ9mWXYJmUCryLC8zw9cMpwzomCv sfHoFfNhT0mDHy1DaKTYssUjr/kmnH6cYUyO2fb4jGzezp7KKF7b+F1AXkVT0TfXdRa1fbDN6yP vkb5ONI9bSNYXukfDz7M3kleRO9u5hMsMDnUou28KQfGtuWoBNcW3Wh9U6MGT7aUIlQUspFS+j5 joX6Si8E X-Google-Smtp-Source: AGHT+IEjjsmM1uiB1Z6LTzvR7A9UmA4w4nJjVtAFo1iIz3eK9xF+Himibgegb7HZA2AYtfsELtpphg== X-Received: by 2002:a05:6214:c86:b0:6d4:257a:99 with SMTP id 6a1803df08f44-6d4378638edmr32306276d6.44.1732103182621; Wed, 20 Nov 2024 03:46:22 -0800 (PST) Received: from tamirs-macbook-pro.local ([2600:4041:5be7:7c00:8dca:61d2:c8fb:a544]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6d4380b6390sm9705696d6.5.2024.11.20.03.46.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Nov 2024 03:46:21 -0800 (PST) From: Tamir Duberstein Date: Wed, 20 Nov 2024 06:46:03 -0500 Subject: [PATCH v6 4/6] rust: change `ForeignOwnable` pointer to mut Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20241120-borrow-mut-v6-4-80dbadd00951@gmail.com> References: <20241120-borrow-mut-v6-0-80dbadd00951@gmail.com> In-Reply-To: <20241120-borrow-mut-v6-0-80dbadd00951@gmail.com> To: Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, Tamir Duberstein X-Mailer: b4 0.15-dev It is slightly more convenient to operate on mut pointers, and this also properly conveys the desired ownership semantics of the trait. Reviewed-by: Alice Ryhl Reviewed-by: Andreas Hindborg Signed-off-by: Tamir Duberstein --- rust/kernel/alloc/kbox.rs | 16 ++++++++-------- rust/kernel/miscdevice.rs | 2 +- rust/kernel/sync/arc.rs | 10 +++++----- rust/kernel/types.rs | 14 +++++++------- 4 files changed, 21 insertions(+), 21 deletions(-) diff --git a/rust/kernel/alloc/kbox.rs b/rust/kernel/alloc/kbox.rs index 3f0b04609bd487e3f50247f9f1abd5394b749c7e..e00c14053efbfb08d053e0f0b11= 247fa25d9d516 100644 --- a/rust/kernel/alloc/kbox.rs +++ b/rust/kernel/alloc/kbox.rs @@ -355,17 +355,17 @@ impl ForeignOwnable for Box { type Borrowed<'a> =3D &'a T; =20 - fn into_foreign(self) -> *const crate::ffi::c_void { + fn into_foreign(self) -> *mut crate::ffi::c_void { Box::into_raw(self).cast() } =20 - unsafe fn from_foreign(ptr: *const crate::ffi::c_void) -> Self { + unsafe fn from_foreign(ptr: *mut crate::ffi::c_void) -> Self { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. - unsafe { Box::from_raw(ptr.cast_mut().cast()) } + unsafe { Box::from_raw(ptr.cast()) } } =20 - unsafe fn borrow<'a>(ptr: *const crate::ffi::c_void) -> &'a T { + unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> &'a T { // SAFETY: The safety requirements of this method ensure that the = object remains alive and // immutable for the duration of 'a. unsafe { &*ptr.cast() } @@ -378,18 +378,18 @@ impl ForeignOwnable for Pin> { type Borrowed<'a> =3D Pin<&'a T>; =20 - fn into_foreign(self) -> *const crate::ffi::c_void { + fn into_foreign(self) -> *mut crate::ffi::c_void { // SAFETY: We are still treating the box as pinned. Box::into_raw(unsafe { Pin::into_inner_unchecked(self) }).cast() } =20 - unsafe fn from_foreign(ptr: *const crate::ffi::c_void) -> Self { + unsafe fn from_foreign(ptr: *mut crate::ffi::c_void) -> Self { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. - unsafe { Pin::new_unchecked(Box::from_raw(ptr.cast_mut().cast())) } + unsafe { Pin::new_unchecked(Box::from_raw(ptr.cast())) } } =20 - unsafe fn borrow<'a>(ptr: *const crate::ffi::c_void) -> Pin<&'a T> { + unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> Pin<&'a T> { // SAFETY: The safety requirements for this function ensure that t= he object is still alive, // so it is safe to dereference the raw pointer. // The safety requirements of `from_foreign` also ensure that the = object remains alive for diff --git a/rust/kernel/miscdevice.rs b/rust/kernel/miscdevice.rs index 7e2a79b3ae263659b7e0781c05cb130d10c8accb..e58807ad28dc644fa384e9c1fb4= 1fd6e53abea7a 100644 --- a/rust/kernel/miscdevice.rs +++ b/rust/kernel/miscdevice.rs @@ -193,7 +193,7 @@ impl VtableHelper { }; =20 // SAFETY: The open call of a file owns the private data. - unsafe { (*file).private_data =3D ptr.into_foreign().cast_mut() }; + unsafe { (*file).private_data =3D ptr.into_foreign() }; =20 0 } diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index a11f267ce5d40b987f1f3c459271e5317ea0bae8..01d85da799d77127fc99a9b270b= 8a7b1ef435b6f 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -333,24 +333,24 @@ pub fn into_unique_or_drop(self) -> Option>> { impl ForeignOwnable for Arc { type Borrowed<'a> =3D ArcBorrow<'a, T>; =20 - fn into_foreign(self) -> *const crate::ffi::c_void { + fn into_foreign(self) -> *mut crate::ffi::c_void { ManuallyDrop::new(self).ptr.as_ptr().cast() } =20 - unsafe fn borrow<'a>(ptr: *const crate::ffi::c_void) -> ArcBorrow<'a, = T> { + unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> ArcBorrow<'a, T>= { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. - let inner =3D unsafe { NonNull::new_unchecked(ptr.cast_mut().cast:= :>()) }; + let inner =3D unsafe { NonNull::new_unchecked(ptr.cast::>()) }; =20 // SAFETY: The safety requirements of `from_foreign` ensure that t= he object remains alive // for the lifetime of the returned value. unsafe { ArcBorrow::new(inner) } } =20 - unsafe fn from_foreign(ptr: *const crate::ffi::c_void) -> Self { + unsafe fn from_foreign(ptr: *mut crate::ffi::c_void) -> Self { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. - let inner =3D unsafe { NonNull::new_unchecked(ptr.cast_mut().cast:= :>()) }; + let inner =3D unsafe { NonNull::new_unchecked(ptr.cast::>()) }; =20 // SAFETY: By the safety requirement of this function, we know tha= t `ptr` came from // a previous call to `Arc::into_foreign`, which guarantees that `= ptr` is valid and diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs index 318d2140470a90568100f86fd8c6d8084031f556..f9b398ee31fd5303f0224995f51= d314a0c4ecbf2 100644 --- a/rust/kernel/types.rs +++ b/rust/kernel/types.rs @@ -29,7 +29,7 @@ pub trait ForeignOwnable: Sized { /// For example, it might be invalid, dangling or pointing to uninitia= lized memory. Using it in /// any way except for [`ForeignOwnable::from_foreign`], [`ForeignOwna= ble::borrow`], /// [`ForeignOwnable::try_from_foreign`] can result in undefined behav= ior. - fn into_foreign(self) -> *const crate::ffi::c_void; + fn into_foreign(self) -> *mut crate::ffi::c_void; =20 /// Borrows a foreign-owned object. /// @@ -37,7 +37,7 @@ pub trait ForeignOwnable: Sized { /// /// `ptr` must have been returned by a previous call to [`ForeignOwnab= le::into_foreign`] for /// which a previous matching [`ForeignOwnable::from_foreign`] hasn't = been called yet. - unsafe fn borrow<'a>(ptr: *const crate::ffi::c_void) -> Self::Borrowed= <'a>; + unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> Self::Borrowed<'= a>; =20 /// Converts a foreign-owned object back to a Rust-owned one. /// @@ -47,7 +47,7 @@ pub trait ForeignOwnable: Sized { /// which a previous matching [`ForeignOwnable::from_foreign`] hasn't = been called yet. /// Additionally, all instances (if any) of values returned by [`Forei= gnOwnable::borrow`] for /// this object must have been dropped. - unsafe fn from_foreign(ptr: *const crate::ffi::c_void) -> Self; + unsafe fn from_foreign(ptr: *mut crate::ffi::c_void) -> Self; =20 /// Tries to convert a foreign-owned object back to a Rust-owned one. /// @@ -58,7 +58,7 @@ pub trait ForeignOwnable: Sized { /// /// `ptr` must either be null or satisfy the safety requirements for /// [`ForeignOwnable::from_foreign`]. - unsafe fn try_from_foreign(ptr: *const crate::ffi::c_void) -> Option { + unsafe fn try_from_foreign(ptr: *mut crate::ffi::c_void) -> Option { if ptr.is_null() { None } else { @@ -72,13 +72,13 @@ unsafe fn try_from_foreign(ptr: *const crate::ffi::c_vo= id) -> Option { impl ForeignOwnable for () { type Borrowed<'a> =3D (); =20 - fn into_foreign(self) -> *const crate::ffi::c_void { + fn into_foreign(self) -> *mut crate::ffi::c_void { core::ptr::NonNull::dangling().as_ptr() } =20 - unsafe fn borrow<'a>(_: *const crate::ffi::c_void) -> Self::Borrowed<'= a> {} + unsafe fn borrow<'a>(_: *mut crate::ffi::c_void) -> Self::Borrowed<'a>= {} =20 - unsafe fn from_foreign(_: *const crate::ffi::c_void) -> Self {} + unsafe fn from_foreign(_: *mut crate::ffi::c_void) -> Self {} } =20 /// Runs a cleanup function/closure when dropped. --=20 2.47.0 From nobody Sun Nov 24 12:21:40 2024 Received: from mail-vk1-f173.google.com (mail-vk1-f173.google.com [209.85.221.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E95281AA7B1; Wed, 20 Nov 2024 11:46:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732103186; cv=none; b=hc/NBEBorReH/K3gP2bm6Tx1l1RdvnCbc7aFE9Cb272ho6luBngUXTqelF2M4MTaPa09+KajF2JVXdKGf9FmeQc7MT4L6rBJroOd7wFglbipdg4ofcmlkgliy/VGz1vzAEUReBsKLspbK5SohaC424sU4YzNYarUOhtFPmPw+bc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732103186; c=relaxed/simple; bh=QyDSZQBjHFvzc3jqrmkvwyqKXSdwBmye0UohP/XlAzQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=hphGpuxkXpQVY1xez71SBUix4Y5kafaGrrGMOsSGVftIRRmMBKZWp8CDP+0CQrxcDyBLDffDocxGBdkaSC6E4eLHy+mWHolE1kjl1KQNbfPlATIoH0N8203XD43RONFZTuvJBWnTK046rep5e/pXHwTyMb1zY+rFAXie9+bwncE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=WclUGSCO; arc=none smtp.client-ip=209.85.221.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="WclUGSCO" Received: by mail-vk1-f173.google.com with SMTP id 71dfb90a1353d-5101c718439so760300e0c.1; Wed, 20 Nov 2024 03:46:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732103184; x=1732707984; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=jmuQvct1rZEhDqASgfImNoAGyNp06jovTOXwI5ij+5Q=; b=WclUGSCOJ/rR4Kbj1WZlv6mQg1DzmhL9BdOFb4dyka2aWn8y1stCXKHhdv9J+X1TYx 3xOorXNOPErmn72uadwJivLrd1rDzBvoIB3T2eW/bbnIfhFBmyRHv6jOFefam/V3M+wh 16VpusVZB6SmnyXleTRnu6LkphiYvfSx5BMXI/PRgMh3DaIAbuWmPScgJx/JDH1CECor xU6G7BDlHunHNevLCHbB4qwu3KXbXOGZHnsqnPUVzXri0Be5mRS/xoESWPFb1qA9XRc2 MJ0HMmvpZ+2YwoqEeUjySaKLQ5Z7ZV9UAhB63rwocQF613bX9hSIKmDwPRYPRUoUGxpo OyxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732103184; x=1732707984; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jmuQvct1rZEhDqASgfImNoAGyNp06jovTOXwI5ij+5Q=; b=BkbdyuSQmjgjWHojipWJDOXX0Zj51sDAgoFicr2OgZLx6VJi5OIgJwbf3Vgbzp4sfj UrG0B/VG85sIBLJGmyRFWWyWIbOmH/MdPq4Voyuxa04MaurzRU4DgGQgRsYEKzd3P3aQ +WYq5C5fRpjA9W44/B0cUlfWrVS/vqEAsZWYGiOLlewAoMayyoRhNuft0et3YidybzKp nyupfTCf50SzDPFbh1sXI2MHJDXuXUHMz2Hgr2+GbfF6+WWxiIgpiS8fYIrxb6PIFc52 FfVqJ4cCrjK4gRM7GZLURwWES8ReUJjIFYJIZ/6bW5A4m7/P2ZOw99vGIVc5mJGMk5dA E8xg== X-Forwarded-Encrypted: i=1; AJvYcCXKewExSI8DMCnGB1FBG8TzhWij3xFdTvZ9qfm1oVM9/jIW9+BAJ/xzZN0JfEHVjfgjuN3sfSZRdvkifVA=@vger.kernel.org X-Gm-Message-State: AOJu0YzTF1TbvLgp8wlqbBAcMF3vvmKC+a6TQzl5bYTWjfWHf2hP6F62 ESUjI+utMJxmzafm/wlIBtdpLJtSA/rZymSjV2j/u2dYryAuXqM6 X-Google-Smtp-Source: AGHT+IHQckk6WHTvkZoxgSxKIwuZ1Zwe69cv69+2Z+2HnojVP8umQtmApqzijhUdOqsTt2ZudBxrIA== X-Received: by 2002:a05:6122:513:b0:510:3a9:c3f0 with SMTP id 71dfb90a1353d-514cf894dc1mr2327015e0c.1.1732103183613; Wed, 20 Nov 2024 03:46:23 -0800 (PST) Received: from tamirs-macbook-pro.local ([2600:4041:5be7:7c00:8dca:61d2:c8fb:a544]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6d4380b6390sm9705696d6.5.2024.11.20.03.46.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Nov 2024 03:46:23 -0800 (PST) From: Tamir Duberstein Date: Wed, 20 Nov 2024 06:46:04 -0500 Subject: [PATCH v6 5/6] rust: reorder `ForeignOwnable` items Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20241120-borrow-mut-v6-5-80dbadd00951@gmail.com> References: <20241120-borrow-mut-v6-0-80dbadd00951@gmail.com> In-Reply-To: <20241120-borrow-mut-v6-0-80dbadd00951@gmail.com> To: Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, Tamir Duberstein X-Mailer: b4 0.15-dev `{into,from}_foreign` before `borrow` is slightly more logical. This removes an inconsistency with `kbox.rs` which already uses this ordering. Reviewed-by: Alice Ryhl Reviewed-by: Andreas Hindborg Signed-off-by: Tamir Duberstein --- rust/kernel/sync/arc.rs | 18 +++++++++--------- rust/kernel/types.rs | 20 ++++++++++---------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index 01d85da799d77127fc99a9b270b8a7b1ef435b6f..1d26c309d21db53f1fc769562c2= afb4e881c3b5b 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -337,25 +337,25 @@ fn into_foreign(self) -> *mut crate::ffi::c_void { ManuallyDrop::new(self).ptr.as_ptr().cast() } =20 - unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> ArcBorrow<'a, T>= { + unsafe fn from_foreign(ptr: *mut crate::ffi::c_void) -> Self { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. let inner =3D unsafe { NonNull::new_unchecked(ptr.cast::>()) }; =20 - // SAFETY: The safety requirements of `from_foreign` ensure that t= he object remains alive - // for the lifetime of the returned value. - unsafe { ArcBorrow::new(inner) } + // SAFETY: By the safety requirement of this function, we know tha= t `ptr` came from + // a previous call to `Arc::into_foreign`, which guarantees that `= ptr` is valid and + // holds a reference count increment that is transferrable to us. + unsafe { Self::from_inner(inner) } } =20 - unsafe fn from_foreign(ptr: *mut crate::ffi::c_void) -> Self { + unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> ArcBorrow<'a, T>= { // SAFETY: The safety requirements of this function ensure that `p= tr` comes from a previous // call to `Self::into_foreign`. let inner =3D unsafe { NonNull::new_unchecked(ptr.cast::>()) }; =20 - // SAFETY: By the safety requirement of this function, we know tha= t `ptr` came from - // a previous call to `Arc::into_foreign`, which guarantees that `= ptr` is valid and - // holds a reference count increment that is transferrable to us. - unsafe { Self::from_inner(inner) } + // SAFETY: The safety requirements of `from_foreign` ensure that t= he object remains alive + // for the lifetime of the returned value. + unsafe { ArcBorrow::new(inner) } } } =20 diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs index f9b398ee31fd5303f0224995f51d314a0c4ecbf2..af316e291908123407f08c665c9= 1113a666fc593 100644 --- a/rust/kernel/types.rs +++ b/rust/kernel/types.rs @@ -31,14 +31,6 @@ pub trait ForeignOwnable: Sized { /// [`ForeignOwnable::try_from_foreign`] can result in undefined behav= ior. fn into_foreign(self) -> *mut crate::ffi::c_void; =20 - /// Borrows a foreign-owned object. - /// - /// # Safety - /// - /// `ptr` must have been returned by a previous call to [`ForeignOwnab= le::into_foreign`] for - /// which a previous matching [`ForeignOwnable::from_foreign`] hasn't = been called yet. - unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> Self::Borrowed<'= a>; - /// Converts a foreign-owned object back to a Rust-owned one. /// /// # Safety @@ -67,6 +59,14 @@ unsafe fn try_from_foreign(ptr: *mut crate::ffi::c_void)= -> Option { unsafe { Some(Self::from_foreign(ptr)) } } } + + /// Borrows a foreign-owned object. + /// + /// # Safety + /// + /// `ptr` must have been returned by a previous call to [`ForeignOwnab= le::into_foreign`] for + /// which a previous matching [`ForeignOwnable::from_foreign`] hasn't = been called yet. + unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> Self::Borrowed<'= a>; } =20 impl ForeignOwnable for () { @@ -76,9 +76,9 @@ fn into_foreign(self) -> *mut crate::ffi::c_void { core::ptr::NonNull::dangling().as_ptr() } =20 - unsafe fn borrow<'a>(_: *mut crate::ffi::c_void) -> Self::Borrowed<'a>= {} - unsafe fn from_foreign(_: *mut crate::ffi::c_void) -> Self {} + + unsafe fn borrow<'a>(_: *mut crate::ffi::c_void) -> Self::Borrowed<'a>= {} } =20 /// Runs a cleanup function/closure when dropped. --=20 2.47.0 From nobody Sun Nov 24 12:21:40 2024 Received: from mail-oi1-f174.google.com (mail-oi1-f174.google.com [209.85.167.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 18DA21AB6CD; Wed, 20 Nov 2024 11:46:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732103190; cv=none; b=LoF+4jLuRqoytaj/ohuFQoTVX5tqScvfm/1i9IEi2NUQv4hdSzLU1BWsUsFXWeBz9M19os+wkLzZuvGiJuhw3hrTPY5QL8RBiZmCA/hNb7HHWN5Nq/uHH9KkLlFB6hQPvKOIbekqG6IOpS7OttrvccJKJXfKg04LkHzHnKu837o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732103190; c=relaxed/simple; bh=eriiqR6Dqx15OewfJ6/J7anxwKEo1pQayQbYfxnaSrI=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=T4BFQCm/55RcENv/IG7Q640sbveHgc6vbPjsckVma89MGu3YybvZTdrr4EqQd0QsfTiKxPdaNkwngaJgjsgO7GqoP8LS310x0WT7ve/3xfDLHK7v7kre4uyMylWSFUC+dEDRAj3dtdGGrifQFSObLhoDaY+qwz8eb881yQ2ln1I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=NNwM/mbA; arc=none smtp.client-ip=209.85.167.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="NNwM/mbA" Received: by mail-oi1-f174.google.com with SMTP id 5614622812f47-3e600add5dcso1672838b6e.2; Wed, 20 Nov 2024 03:46:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732103186; x=1732707986; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=SONU16xHBNjBt4uYb6vytstSCR1xGbZXHyoVwR4jlYI=; b=NNwM/mbAb07sAmPxXw/1kAUXGil68JaQBwYrK9b/v+7UKo/DgA4715aRMqu1OXxEiL YaruwWcGQ+tlZjNOftnKuSO9/5u0aKYAfmAH57/QOn+Wgx2NIDx3Ux1Bs3aCk27ciXSJ BqlrdzeC5BmsNVK+yQDrPigIij0vmdT+qGx5L13IbjeCYdKO/fxdswtc3N+QdeHYq2ML VLGVFe+12bLR+fjXI/wFrJrOI3Fc6hhn3GtUa+pq8EHzKNYhYz3r1Jm9tzWwqR7ZQhBX LugpFMLPiy3qBwhHqERNuJl/61EvMpnrCtRLvMrGqWSVR6337DRNKnYmv0WFwvTyy7K4 O4tg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732103186; x=1732707986; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=SONU16xHBNjBt4uYb6vytstSCR1xGbZXHyoVwR4jlYI=; b=emlwJdVDQNta3s5fSsaPPs2B45kbuZBouBT56TdkM6KnPezFL4YCHa8PPQ90s1H6Z1 h0Nmnpmh0spyVL+XjloIV7Vg7JmQDL1pgmM1pTWtaUUdLq+Eq6msLp07xkj9n00vLjSZ E4rtJy8cGXzaxPvU9tNJI1OSn8y2H79Iljg9WMPMsHJ/AaMRfDQ5f919v0oB9hneRVoQ +R+r4xgXvSQPUz9t8jaYc5VmMp1Mwplo88YIWUDApd8ZWGx/kCNefj6DQMuIFzj+JlIj 70o7JXR8XF8fkuK5KbK4k6I9UNt/6Pf4tPbqCeAU3In/usTBfZW54kXcq2CbES2c5OHB SYHg== X-Forwarded-Encrypted: i=1; AJvYcCXXLp4vnpGl6EulX1kU9oeNedIBFX8mXsqel42csmAUjmODPuSjTFkZl9lSIeGsUeqst5vrtSotKBlCGAg=@vger.kernel.org X-Gm-Message-State: AOJu0Yx1LAQd59fGVQg6QrghmfEV0oVP+9q/oAmcHqVVSZMd8eQLsQXX IOglQEzkLFkfbpyM6ljsqB7Z5a6Ye6CM+MN5r7/HanjpYpXOZGx7 X-Google-Smtp-Source: AGHT+IE1D+e4Yva8zfTtR1PCBPexgWEfjfKtCs0QNMiVx5PMkxksQjm/JmzzEjUuPaG7Xtt8wPQVvg== X-Received: by 2002:a05:6808:318f:b0:3e7:b7f8:f9ac with SMTP id 5614622812f47-3e7eb6cb78dmr2586532b6e.12.1732103185836; Wed, 20 Nov 2024 03:46:25 -0800 (PST) Received: from tamirs-macbook-pro.local ([2600:4041:5be7:7c00:8dca:61d2:c8fb:a544]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6d4380b6390sm9705696d6.5.2024.11.20.03.46.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Nov 2024 03:46:24 -0800 (PST) From: Tamir Duberstein Date: Wed, 20 Nov 2024 06:46:05 -0500 Subject: [PATCH v6 6/6] rust: add improved version of `ForeignOwnable::borrow_mut` Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20241120-borrow-mut-v6-6-80dbadd00951@gmail.com> References: <20241120-borrow-mut-v6-0-80dbadd00951@gmail.com> In-Reply-To: <20241120-borrow-mut-v6-0-80dbadd00951@gmail.com> To: Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, Tamir Duberstein , Martin Rodriguez Reboredo X-Mailer: b4 0.15-dev From: Alice Ryhl Previously, the `ForeignOwnable` trait had a method called `borrow_mut` that was intended to provide mutable access to the inner value. However, the method accidentally made it possible to change the address of the object being modified, which usually isn't what we want. (And when we want that, it can be done by calling `from_foreign` and `into_foreign`, like how the old `borrow_mut` was implemented.) In this patch, we introduce an alternate definition of `borrow_mut` that solves the previous problem. Conceptually, given a pointer type `P` that implements `ForeignOwnable`, the `borrow_mut` method gives you the same kind of access as an `&mut P` would, except that it does not let you change the pointer `P` itself. This is analogous to how the existing `borrow` method provides the same kind of access to the inner value as an `&P`. Note that for types like `Arc`, having an `&mut Arc` only gives you immutable access to the inner `T`. This is because mutable references assume exclusive access, but there might be other handles to the same reference counted value, so the access isn't exclusive. The `Arc` type implements this by making `borrow_mut` return the same type as `borrow`. Signed-off-by: Alice Ryhl Reviewed-by: Boqun Feng Reviewed-by: Benno Lossin Reviewed-by: Martin Rodriguez Reboredo Reviewed-by: Andreas Hindborg Signed-off-by: Tamir Duberstein --- rust/kernel/alloc/kbox.rs | 21 ++++++++++++++ rust/kernel/sync/arc.rs | 7 +++++ rust/kernel/types.rs | 71 ++++++++++++++++++++++++++++++++++++++-----= ---- 3 files changed, 86 insertions(+), 13 deletions(-) diff --git a/rust/kernel/alloc/kbox.rs b/rust/kernel/alloc/kbox.rs index e00c14053efbfb08d053e0f0b11247fa25d9d516..4ffc4e1b22b2b7c2ea8e8ed5b7f= 7a8534625249f 100644 --- a/rust/kernel/alloc/kbox.rs +++ b/rust/kernel/alloc/kbox.rs @@ -354,6 +354,7 @@ impl ForeignOwnable for Box A: Allocator, { type Borrowed<'a> =3D &'a T; + type BorrowedMut<'a> =3D &'a mut T; =20 fn into_foreign(self) -> *mut crate::ffi::c_void { Box::into_raw(self).cast() @@ -370,6 +371,13 @@ unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> = &'a T { // immutable for the duration of 'a. unsafe { &*ptr.cast() } } + + unsafe fn borrow_mut<'a>(ptr: *mut core::ffi::c_void) -> &'a mut T { + let ptr =3D ptr.cast(); + // SAFETY: The safety requirements of this method ensure that the = pointer is valid and that + // nothing else will access the value for the duration of 'a. + unsafe { &mut *ptr } + } } =20 impl ForeignOwnable for Pin> @@ -377,6 +385,7 @@ impl ForeignOwnable for Pin> A: Allocator, { type Borrowed<'a> =3D Pin<&'a T>; + type BorrowedMut<'a> =3D Pin<&'a mut T>; =20 fn into_foreign(self) -> *mut crate::ffi::c_void { // SAFETY: We are still treating the box as pinned. @@ -399,6 +408,18 @@ unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> = Pin<&'a T> { // SAFETY: This pointer originates from a `Pin>`. unsafe { Pin::new_unchecked(r) } } + + unsafe fn borrow_mut<'a>(ptr: *mut core::ffi::c_void) -> Pin<&'a mut T= > { + let ptr =3D ptr.cast(); + // SAFETY: The safety requirements for this function ensure that t= he object is still alive, + // so it is safe to dereference the raw pointer. + // The safety requirements of `from_foreign` also ensure that the = object remains alive for + // the lifetime of the returned value. + let r =3D unsafe { &mut *ptr }; + + // SAFETY: This pointer originates from a `Pin>`. + unsafe { Pin::new_unchecked(r) } + } } =20 impl Deref for Box diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index 1d26c309d21db53f1fc769562c2afb4e881c3b5b..eb5cd8b360a3507a527978aaf96= dbc3a80d4ae2c 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -332,6 +332,7 @@ pub fn into_unique_or_drop(self) -> Option>> { =20 impl ForeignOwnable for Arc { type Borrowed<'a> =3D ArcBorrow<'a, T>; + type BorrowedMut<'a> =3D Self::Borrowed<'a>; =20 fn into_foreign(self) -> *mut crate::ffi::c_void { ManuallyDrop::new(self).ptr.as_ptr().cast() @@ -357,6 +358,12 @@ unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> = ArcBorrow<'a, T> { // for the lifetime of the returned value. unsafe { ArcBorrow::new(inner) } } + + unsafe fn borrow_mut<'a>(ptr: *mut core::ffi::c_void) -> ArcBorrow<'a,= T> { + // SAFETY: The safety requirements for `borrow_mut` are a superset= of the safety + // requirements for `borrow`. + unsafe { Self::borrow(ptr) } + } } =20 impl Deref for Arc { diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs index af316e291908123407f08c665c91113a666fc593..0dfaf45a755c7ce702027918e5f= d3e97c407fda4 100644 --- a/rust/kernel/types.rs +++ b/rust/kernel/types.rs @@ -19,26 +19,33 @@ /// This trait is meant to be used in cases when Rust objects are stored i= n C objects and /// eventually "freed" back to Rust. pub trait ForeignOwnable: Sized { - /// Type of values borrowed between calls to [`ForeignOwnable::into_fo= reign`] and - /// [`ForeignOwnable::from_foreign`]. + /// Type used to immutably borrow a value that is currently foreign-ow= ned. type Borrowed<'a>; =20 + /// Type used to mutably borrow a value that is currently foreign-owne= d. + type BorrowedMut<'a>; + /// Converts a Rust-owned object to a foreign-owned one. /// /// The foreign representation is a pointer to void. There are no guar= antees for this pointer. /// For example, it might be invalid, dangling or pointing to uninitia= lized memory. Using it in - /// any way except for [`ForeignOwnable::from_foreign`], [`ForeignOwna= ble::borrow`], - /// [`ForeignOwnable::try_from_foreign`] can result in undefined behav= ior. + /// any way except for [`from_foreign`], [`try_from_foreign`], [`borro= w`], or [`borrow_mut`] can + /// result in undefined behavior. + /// + /// [`from_foreign`]: Self::from_foreign + /// [`try_from_foreign`]: Self::try_from_foreign + /// [`borrow`]: Self::borrow + /// [`borrow_mut`]: Self::borrow_mut fn into_foreign(self) -> *mut crate::ffi::c_void; =20 /// Converts a foreign-owned object back to a Rust-owned one. /// /// # Safety /// - /// `ptr` must have been returned by a previous call to [`ForeignOwnab= le::into_foreign`] for - /// which a previous matching [`ForeignOwnable::from_foreign`] hasn't = been called yet. - /// Additionally, all instances (if any) of values returned by [`Forei= gnOwnable::borrow`] for - /// this object must have been dropped. + /// The provided pointer must have been returned by a previous call to= [`into_foreign`], and it + /// must not be passed to `from_foreign` more than once. + /// + /// [`into_foreign`]: Self::into_foreign unsafe fn from_foreign(ptr: *mut crate::ffi::c_void) -> Self; =20 /// Tries to convert a foreign-owned object back to a Rust-owned one. @@ -48,8 +55,9 @@ pub trait ForeignOwnable: Sized { /// /// # Safety /// - /// `ptr` must either be null or satisfy the safety requirements for - /// [`ForeignOwnable::from_foreign`]. + /// `ptr` must either be null or satisfy the safety requirements for [= `from_foreign`]. + /// + /// [`from_foreign`]: Self::from_foreign unsafe fn try_from_foreign(ptr: *mut crate::ffi::c_void) -> Option { if ptr.is_null() { None @@ -60,17 +68,53 @@ unsafe fn try_from_foreign(ptr: *mut crate::ffi::c_void= ) -> Option { } } =20 - /// Borrows a foreign-owned object. + /// Borrows a foreign-owned object immutably. + /// + /// This method provides a way to access a foreign-owned value from Ru= st immutably. It provides + /// you with exactly the same abilities as an `&Self` when the value i= s Rust-owned. /// /// # Safety /// - /// `ptr` must have been returned by a previous call to [`ForeignOwnab= le::into_foreign`] for - /// which a previous matching [`ForeignOwnable::from_foreign`] hasn't = been called yet. + /// The provided pointer must have been returned by a previous call to= [`into_foreign`], and if + /// the pointer is ever passed to [`from_foreign`], then that call mus= t happen after the end of + /// the lifetime 'a. + /// + /// [`into_foreign`]: Self::into_foreign + /// [`from_foreign`]: Self::from_foreign unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> Self::Borrowed<'= a>; + + /// Borrows a foreign-owned object mutably. + /// + /// This method provides a way to access a foreign-owned value from Ru= st mutably. It provides + /// you with exactly the same abilities as an `&mut Self` when the val= ue is Rust-owned, except + /// that the address of the object must not be changed. + /// + /// Note that for types like [`Arc`], an `&mut Arc` only gives you = immutable access to the + /// inner value, so this method also only provides immutable access in= that case. + /// + /// In the case of `Box`, this method gives you the ability to modi= fy the inner `T`, but it + /// does not let you change the box itself. That is, you cannot change= which allocation the box + /// points at. + /// + /// # Safety + /// + /// The provided pointer must have been returned by a previous call to= [`into_foreign`], and if + /// the pointer is ever passed to [`from_foreign`], then that call mus= t happen after the end of + /// the lifetime 'a. + /// + /// The lifetime 'a must not overlap with the lifetime of any other ca= ll to [`borrow`] or + /// `borrow_mut` on the same object. + /// + /// [`into_foreign`]: Self::into_foreign + /// [`from_foreign`]: Self::from_foreign + /// [`borrow`]: Self::borrow + /// [`Arc`]: crate::sync::Arc + unsafe fn borrow_mut<'a>(ptr: *mut crate::ffi::c_void) -> Self::Borrow= edMut<'a>; } =20 impl ForeignOwnable for () { type Borrowed<'a> =3D (); + type BorrowedMut<'a> =3D (); =20 fn into_foreign(self) -> *mut crate::ffi::c_void { core::ptr::NonNull::dangling().as_ptr() @@ -79,6 +123,7 @@ fn into_foreign(self) -> *mut crate::ffi::c_void { unsafe fn from_foreign(_: *mut crate::ffi::c_void) -> Self {} =20 unsafe fn borrow<'a>(_: *mut crate::ffi::c_void) -> Self::Borrowed<'a>= {} + unsafe fn borrow_mut<'a>(_: *mut crate::ffi::c_void) -> Self::Borrowed= Mut<'a> {} } =20 /// Runs a cleanup function/closure when dropped. --=20 2.47.0