From: "Benno Lossin" <lossin@kernel.org>
To: "Andreas Hindborg" <a.hindborg@kernel.org>
Cc: "Alice Ryhl" <aliceryhl@google.com>,
"Danilo Krummrich" <dakr@kernel.org>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Bjorn Helgaas" <bhelgaas@google.com>,
"Krzysztof Wilczyński" <kwilczynski@kernel.org>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Rafael J. Wysocki" <rafael@kernel.org>,
"Tamir Duberstein" <tamird@gmail.com>,
"Viresh Kumar" <viresh.kumar@linaro.org>,
rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-pci@vger.kernel.org, "Maíra Canal" <mcanal@igalia.com>
Subject: Re: [PATCH v2] rust: types: add FOREIGN_ALIGN to ForeignOwnable
Date: Wed, 11 Jun 2025 13:51:21 +0200 [thread overview]
Message-ID: <DAJOKFHW96XZ.2ANYSSFQO03ZL@kernel.org> (raw)
In-Reply-To: <87jz5izhg3.fsf@kernel.org>
On Wed Jun 11, 2025 at 12:43 PM CEST, Andreas Hindborg wrote:
> "Benno Lossin" <lossin@kernel.org> writes:
>
>> On Tue Jun 10, 2025 at 4:15 PM CEST, Alice Ryhl wrote:
>>> On Tue, Jun 10, 2025 at 4:10 PM Andreas Hindborg <a.hindborg@kernel.org> wrote:
>>>>
>>>> "Benno Lossin" <lossin@kernel.org> writes:
>>>>
>>>> > On Tue Jun 10, 2025 at 1:30 PM CEST, Andreas Hindborg wrote:
>>>> >> diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
>>>> >> index 22985b6f6982..0ccef6b5a20a 100644
>>>> >> --- a/rust/kernel/types.rs
>>>> >> +++ b/rust/kernel/types.rs
>>>> >> @@ -21,15 +21,11 @@
>>>> >> ///
>>>> >> /// # Safety
>>>> >> ///
>>>> >> -/// Implementers must ensure that [`into_foreign`] returns a pointer which meets the alignment
>>>> >> -/// requirements of [`PointedTo`].
>>>> >> -///
>>>> >> -/// [`into_foreign`]: Self::into_foreign
>>>> >> -/// [`PointedTo`]: Self::PointedTo
>>>> >> +/// Implementers must ensure that [`Self::into_foreign`] returns pointers aligned to
>>>> >> +/// [`Self::FOREIGN_ALIGN`].
>>>> >> pub unsafe trait ForeignOwnable: Sized {
>>>> >> - /// Type used when the value is foreign-owned. In practical terms only defines the alignment of
>>>> >> - /// the pointer.
>>>> >> - type PointedTo;
>>>> >> + /// The alignment of pointers returned by `into_foreign`.
>>>> >> + const FOREIGN_ALIGN: usize;
>>>> >>
>>>> >> /// Type used to immutably borrow a value that is currently foreign-owned.
>>>> >> type Borrowed<'a>;
>>>> >> @@ -39,18 +35,20 @@ pub unsafe trait ForeignOwnable: Sized {
>>>> >>
>>>> >> /// Converts a Rust-owned object to a foreign-owned one.
>>>> >> ///
>>>> >> + /// The foreign representation is a pointer to void. Aside from the guarantees listed below,
>>>> >
>>>> > I feel like this reads better:
>>>> >
>>>> > s/guarantees/ones/
>>>> >
>>>> >> + /// there are no other guarantees for this pointer. For example, it might be invalid, dangling
>>>> >
>>>> > We should also mention that it could be null. (or is that assumption
>>>> > wrong?)
>>>>
>>>> It is probably not going to be null, but it is allowed to. I can add it.
>>>>
>>>> The list does not claim to be exhaustive, and a null pointer is just a
>>>> special case of an invalid pointer.
>>>
>>> We probably should not allow null pointers. If we do, then
>>> try_from_foreign does not make sense.
>>
>> That's a good point. Then let's add that as a safety requirement for the
>> trait.
>
> I disagree. It does not matter for the safety of the trait.
>
> From the point of the user, the pointer is opaque and can be any value.
> In fact, one could do a safe implementation where the returned value is
> a key into some mapping structure. Probably not super fast, but the user
> should not care.
Then we'll have to remove `try_from_foreign`.
---
Cheers,
Benno
next prev parent reply other threads:[~2025-06-11 11:51 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-10 11:30 [PATCH v2] rust: types: add FOREIGN_ALIGN to ForeignOwnable Andreas Hindborg
2025-06-10 11:37 ` Miguel Ojeda
2025-06-10 11:58 ` Andreas Hindborg
2025-06-10 12:28 ` Miguel Ojeda
2025-06-10 12:49 ` Benno Lossin
2025-06-10 14:10 ` Andreas Hindborg
2025-06-10 14:15 ` Alice Ryhl
2025-06-11 6:36 ` Benno Lossin
2025-06-11 10:43 ` Andreas Hindborg
2025-06-11 11:51 ` Benno Lossin [this message]
2025-06-11 12:14 ` Andreas Hindborg
2025-06-11 12:24 ` Alice Ryhl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DAJOKFHW96XZ.2ANYSSFQO03ZL@kernel.org \
--to=lossin@kernel.org \
--cc=a.hindborg@kernel.org \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=bhelgaas@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=gary@garyguo.net \
--cc=gregkh@linuxfoundation.org \
--cc=kwilczynski@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=mcanal@igalia.com \
--cc=ojeda@kernel.org \
--cc=rafael@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=tamird@gmail.com \
--cc=tmgross@umich.edu \
--cc=viresh.kumar@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.