1. Patchew
  2. linux
  3. [PATCH v3 0/2] rust: improve `ForeignOwnable`
  4. View patch

[PATCH v3 2/2] rust: types: require `ForeignOwnable::into_foreign` return non-null

Andreas Hindborg posted 2 patches 8 months ago
[PATCH v3 2/2] rust: types: require `ForeignOwnable::into_foreign` return non-null
Posted by Andreas Hindborg 8 months ago 
The intended implementations of `ForeignOwnable` will not return null
pointers from `into_foreign`, as this would render the implementation of
`try_from_foreign` useless. Current users of `ForeignOwnable` rely on
`into_foreign` returning non-null pointers. So require `into_foreign` to
return non-null pointers.

Suggested-by: Benno Lossin <lossin@kernel.org>
Suggested-by: Alice Ryhl <aliceryhl@google.com>
Signed-off-by: Andreas Hindborg <a.hindborg@kernel.org>
---
 rust/kernel/types.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
index c156808a78d3..63a2559a545f 100644
--- a/rust/kernel/types.rs
+++ b/rust/kernel/types.rs
@@ -43,6 +43,7 @@ pub unsafe trait ForeignOwnable: Sized {
     /// # Guarantees
     ///
     /// - Minimum alignment of returned pointer is [`Self::FOREIGN_ALIGN`].
+    /// - The returned pointer is not null.
     ///
     /// [`from_foreign`]: Self::from_foreign
     /// [`try_from_foreign`]: Self::try_from_foreign

-- 
2.47.2
Re: [PATCH v3 2/2] rust: types: require `ForeignOwnable::into_foreign` return non-null
Posted by Benno Lossin 8 months ago 
On Thu Jun 12, 2025 at 3:09 PM CEST, Andreas Hindborg wrote:
> The intended implementations of `ForeignOwnable` will not return null
> pointers from `into_foreign`, as this would render the implementation of
> `try_from_foreign` useless. Current users of `ForeignOwnable` rely on
> `into_foreign` returning non-null pointers. So require `into_foreign` to
> return non-null pointers.
>
> Suggested-by: Benno Lossin <lossin@kernel.org>
> Suggested-by: Alice Ryhl <aliceryhl@google.com>
> Signed-off-by: Andreas Hindborg <a.hindborg@kernel.org>
> ---
>  rust/kernel/types.rs | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
> index c156808a78d3..63a2559a545f 100644
> --- a/rust/kernel/types.rs
> +++ b/rust/kernel/types.rs
> @@ -43,6 +43,7 @@ pub unsafe trait ForeignOwnable: Sized {
>      /// # Guarantees
>      ///
>      /// - Minimum alignment of returned pointer is [`Self::FOREIGN_ALIGN`].
> +    /// - The returned pointer is not null.

This also needs to be mentioned in the `Safety` section of this trait.
Alternatively you can put "Implementers must ensure the guarantees on
[`into_foreign`] are upheld." or similar.

---
Cheers,
Benno

>      ///
>      /// [`from_foreign`]: Self::from_foreign
>      /// [`try_from_foreign`]: Self::try_from_foreign
Re: [PATCH v3 2/2] rust: types: require `ForeignOwnable::into_foreign` return non-null
Posted by Andreas Hindborg 8 months ago 
"Benno Lossin" <lossin@kernel.org> writes:

> On Thu Jun 12, 2025 at 3:09 PM CEST, Andreas Hindborg wrote:
>> The intended implementations of `ForeignOwnable` will not return null
>> pointers from `into_foreign`, as this would render the implementation of
>> `try_from_foreign` useless. Current users of `ForeignOwnable` rely on
>> `into_foreign` returning non-null pointers. So require `into_foreign` to
>> return non-null pointers.
>>
>> Suggested-by: Benno Lossin <lossin@kernel.org>
>> Suggested-by: Alice Ryhl <aliceryhl@google.com>
>> Signed-off-by: Andreas Hindborg <a.hindborg@kernel.org>
>> ---
>>  rust/kernel/types.rs | 1 +
>>  1 file changed, 1 insertion(+)
>>
>> diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
>> index c156808a78d3..63a2559a545f 100644
>> --- a/rust/kernel/types.rs
>> +++ b/rust/kernel/types.rs
>> @@ -43,6 +43,7 @@ pub unsafe trait ForeignOwnable: Sized {
>>      /// # Guarantees
>>      ///
>>      /// - Minimum alignment of returned pointer is [`Self::FOREIGN_ALIGN`].
>> +    /// - The returned pointer is not null.
>
> This also needs to be mentioned in the `Safety` section of this trait.
> Alternatively you can put "Implementers must ensure the guarantees on
> [`into_foreign`] are upheld." or similar.

Which is exactly what I did :)


Best regards,
Andreas Hindborg
Re: [PATCH v3 2/2] rust: types: require `ForeignOwnable::into_foreign` return non-null
Posted by Benno Lossin 8 months ago 
On Fri Jun 13, 2025 at 2:53 PM CEST, Andreas Hindborg wrote:
> "Benno Lossin" <lossin@kernel.org> writes:
>
>> On Thu Jun 12, 2025 at 3:09 PM CEST, Andreas Hindborg wrote:
>>> The intended implementations of `ForeignOwnable` will not return null
>>> pointers from `into_foreign`, as this would render the implementation of
>>> `try_from_foreign` useless. Current users of `ForeignOwnable` rely on
>>> `into_foreign` returning non-null pointers. So require `into_foreign` to
>>> return non-null pointers.
>>>
>>> Suggested-by: Benno Lossin <lossin@kernel.org>
>>> Suggested-by: Alice Ryhl <aliceryhl@google.com>
>>> Signed-off-by: Andreas Hindborg <a.hindborg@kernel.org>
>>> ---
>>>  rust/kernel/types.rs | 1 +
>>>  1 file changed, 1 insertion(+)
>>>
>>> diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
>>> index c156808a78d3..63a2559a545f 100644
>>> --- a/rust/kernel/types.rs
>>> +++ b/rust/kernel/types.rs
>>> @@ -43,6 +43,7 @@ pub unsafe trait ForeignOwnable: Sized {
>>>      /// # Guarantees
>>>      ///
>>>      /// - Minimum alignment of returned pointer is [`Self::FOREIGN_ALIGN`].
>>> +    /// - The returned pointer is not null.
>>
>> This also needs to be mentioned in the `Safety` section of this trait.
>> Alternatively you can put "Implementers must ensure the guarantees on
>> [`into_foreign`] are upheld." or similar.
>
> Which is exactly what I did :)

Ah didn't look at the first patch again, then it's fine :)

Reviewed-by: Benno Lossin <lossin@kernel.org>

---
Cheers,
Benno

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.