From: Andreas Hindborg <nmi@metaspace.dk>
To: Asahi Lina <lina@asahilina.net>
Cc: "Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Wedson Almeida Filho" <wedsonaf@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Sven Van Asbroeck" <thesven73@gmail.com>,
"Fox Chen" <foxhlchen@gmail.com>,
rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org,
asahi@lists.linux.dev
Subject: Re: [PATCH 4/5] rust: error: Add a helper to convert a C ERR_PTR to a `Result`
Date: Mon, 27 Feb 2023 14:41:25 +0100 [thread overview]
Message-ID: <87a60z9qb2.fsf@metaspace.dk> (raw)
In-Reply-To: <20230224-rust-error-v1-4-f8f9a9a87303@asahilina.net>
Asahi Lina <lina@asahilina.net> writes:
> From: Sven Van Asbroeck <thesven73@gmail.com>
>
> Some kernel C API functions return a pointer which embeds an optional
> `errno`. Callers are supposed to check the returned pointer with
> `IS_ERR()` and if this returns `true`, retrieve the `errno` using
> `PTR_ERR()`.
>
> Create a Rust helper function to implement the Rust equivalent:
> transform a `*mut T` to `Result<*mut T>`.
>
> Lina: Imported from rust-for-linux/linux, with subsequent refactoring
> and contributions squashed in and attributed below. Replaced usage of
> from_kernel_errno_unchecked() with an open-coded constructor, since this
> is the only user anyway.
>
> Co-developed-by: Boqun Feng <boqun.feng@gmail.com>
> Signed-off-by: Boqun Feng <boqun.feng@gmail.com>
> Co-developed-by: Miguel Ojeda <ojeda@kernel.org>
> Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
> Co-developed-by: Fox Chen <foxhlchen@gmail.com>
> Signed-off-by: Fox Chen <foxhlchen@gmail.com>
> Co-developed-by: Gary Guo <gary@garyguo.net>
> Signed-off-by: Gary Guo <gary@garyguo.net>
> Signed-off-by: Sven Van Asbroeck <thesven73@gmail.com>
> Signed-off-by: Asahi Lina <lina@asahilina.net>
> ---
> rust/helpers.c | 12 ++++++++++++
> rust/kernel/error.rs | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 61 insertions(+)
>
> diff --git a/rust/helpers.c b/rust/helpers.c
> index 89f4cd1e0df3..04b9be46e887 100644
> --- a/rust/helpers.c
> +++ b/rust/helpers.c
> @@ -53,6 +53,18 @@ __force void *rust_helper_ERR_PTR(long err)
> }
> EXPORT_SYMBOL_GPL(rust_helper_ERR_PTR);
>
> +bool rust_helper_IS_ERR(__force const void *ptr)
> +{
> + return IS_ERR(ptr);
> +}
> +EXPORT_SYMBOL_GPL(rust_helper_IS_ERR);
> +
> +long rust_helper_PTR_ERR(__force const void *ptr)
> +{
> + return PTR_ERR(ptr);
> +}
> +EXPORT_SYMBOL_GPL(rust_helper_PTR_ERR);
> +
> /*
> * We use `bindgen`'s `--size_t-is-usize` option to bind the C `size_t` type
> * as the Rust `usize` type, so we can use it in contexts where Rust
> diff --git a/rust/kernel/error.rs b/rust/kernel/error.rs
> index 1e8371f28746..cf3d089477d2 100644
> --- a/rust/kernel/error.rs
> +++ b/rust/kernel/error.rs
> @@ -177,3 +177,52 @@ pub fn to_result(err: core::ffi::c_int) -> Result {
> Ok(())
> }
> }
> +
> +/// Transform a kernel "error pointer" to a normal pointer.
> +///
> +/// Some kernel C API functions return an "error pointer" which optionally
> +/// embeds an `errno`. Callers are supposed to check the returned pointer
> +/// for errors. This function performs the check and converts the "error pointer"
> +/// to a normal pointer in an idiomatic fashion.
> +///
> +/// # Examples
> +///
> +/// ```ignore
> +/// # use kernel::from_kernel_err_ptr;
> +/// # use kernel::bindings;
> +/// fn devm_platform_ioremap_resource(
> +/// pdev: &mut PlatformDevice,
> +/// index: u32,
> +/// ) -> Result<*mut core::ffi::c_void> {
> +/// // SAFETY: FFI call.
> +/// unsafe {
> +/// from_kernel_err_ptr(bindings::devm_platform_ioremap_resource(
> +/// pdev.to_ptr(),
> +/// index,
> +/// ))
> +/// }
> +/// }
> +/// ```
> +// TODO: Remove `dead_code` marker once an in-kernel client is available.
> +#[allow(dead_code)]
> +pub(crate) fn from_kernel_err_ptr<T>(ptr: *mut T) -> Result<*mut T> {
For consistency, if `from_kernel_errno()` should be `from_errno()` this
should be `from_err_ptr()` as well?
BR Andreas
> + // CAST: Casting a pointer to `*const core::ffi::c_void` is always valid.
> + let const_ptr: *const core::ffi::c_void = ptr.cast();
> + // SAFETY: The FFI function does not deref the pointer.
> + if unsafe { bindings::IS_ERR(const_ptr) } {
> + // SAFETY: The FFI function does not deref the pointer.
> + let err = unsafe { bindings::PTR_ERR(const_ptr) };
> + // CAST: If `IS_ERR()` returns `true`,
> + // then `PTR_ERR()` is guaranteed to return a
> + // negative value greater-or-equal to `-bindings::MAX_ERRNO`,
> + // which always fits in an `i16`, as per the invariant above.
> + // And an `i16` always fits in an `i32`. So casting `err` to
> + // an `i32` can never overflow, and is always valid.
> + //
> + // SAFETY: `IS_ERR()` ensures `err` is a
> + // negative value greater-or-equal to `-bindings::MAX_ERRNO`.
> + #[cfg_attr(CONFIG_ARM, allow(clippy::unnecessary_cast))]
> + return Err(Error(err as i32));
> + }
> + Ok(ptr)
> +}
next prev parent reply other threads:[~2023-02-27 13:43 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-24 8:50 [PATCH 0/5] rust: error: Add missing wrappers to convert to/from kernel error codes Asahi Lina
2023-02-24 8:50 ` [PATCH 1/5] rust: error: Add Error::to_ptr() Asahi Lina
2023-02-25 22:14 ` Gary Guo
2023-02-26 14:26 ` Miguel Ojeda
2023-03-07 20:21 ` Miguel Ojeda
2023-02-24 8:50 ` [PATCH 2/5] rust: error: Add Error::from_kernel_errno() Asahi Lina
2023-02-25 22:19 ` Gary Guo
2023-02-26 13:56 ` Miguel Ojeda
2023-02-27 13:27 ` Andreas Hindborg
2023-02-24 8:50 ` [PATCH 3/5] rust: error: Add to_result() helper Asahi Lina
2023-02-27 13:26 ` Andreas Hindborg
2023-02-24 8:50 ` [PATCH 4/5] rust: error: Add a helper to convert a C ERR_PTR to a `Result` Asahi Lina
2023-02-27 13:41 ` Andreas Hindborg [this message]
2023-02-27 13:52 ` Miguel Ojeda
2023-02-24 8:50 ` [PATCH 5/5] rust: error: Add from_kernel_result!() macro Asahi Lina
2023-02-24 23:56 ` Boqun Feng
2023-02-25 2:31 ` Asahi Lina
2023-02-25 22:23 ` Gary Guo
2023-02-26 2:22 ` Boqun Feng
2023-02-26 13:36 ` Gary Guo
2023-02-26 18:16 ` Boqun Feng
2023-02-26 20:59 ` Miguel Ojeda
2023-02-26 22:13 ` Boqun Feng
2023-02-27 12:10 ` Miguel Ojeda
2023-02-27 16:11 ` Boqun Feng
2023-02-27 13:59 ` Martin Rodriguez Reboredo
2023-02-26 13:40 ` Miguel Ojeda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a60z9qb2.fsf@metaspace.dk \
--to=nmi@metaspace.dk \
--cc=alex.gaynor@gmail.com \
--cc=asahi@lists.linux.dev \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=foxhlchen@gmail.com \
--cc=gary@garyguo.net \
--cc=lina@asahilina.net \
--cc=linux-kernel@vger.kernel.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=thesven73@gmail.com \
--cc=wedsonaf@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.