Re: [PATCH] rust: time: Seal the ClockSource trait

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Boqun Feng <boqun.feng@gmail.com>
To: FUJITA Tomonori <fujita.tomonori@gmail.com>
Cc: a.hindborg@kernel.org, alex.gaynor@gmail.com, ojeda@kernel.org,
	aliceryhl@google.com, anna-maria@linutronix.de,
	bjorn3_gh@protonmail.com, dakr@kernel.org, frederic@kernel.org,
	gary@garyguo.net, jstultz@google.com,
	linux-kernel@vger.kernel.org, lossin@kernel.org,
	lyude@redhat.com, rust-for-linux@vger.kernel.org,
	sboyd@kernel.org, tglx@linutronix.de, tmgross@umich.edu
Subject: Re: [PATCH] rust: time: Seal the ClockSource trait
Date: Tue, 17 Jun 2025 22:01:40 -0700	[thread overview]
Message-ID: <aFJINI8ImfxMnvrx@Mac.home> (raw)
In-Reply-To: <aFIEAiDKnxsZQ8s4@tardis.local>

On Tue, Jun 17, 2025 at 05:10:42PM -0700, Boqun Feng wrote:
> On Wed, Jun 18, 2025 at 08:20:53AM +0900, FUJITA Tomonori wrote:
> > Prevent downstream crates or drivers from implementing `ClockSource`
> > for arbitrary types, which could otherwise leads to unsupported
> > behavior.
> > 
> 
> Hmm.. I don't think other impl of `ClockSource` is a problem, IIUC, as
> long as the ktime_get() can return a value in [0, i64::MAX). Also this
> means ClockSource should be an `unsafe` trait, because the correct
> implementaion relies on ktime_get() returns the correct value. This is
> needed even if you sealed ClockSource trait.
> 
> Could you drop this and fix that the ClockSource trait instead? Thanks!
> 

For example:

    /// Trait for clock sources.
    ///
    /// ...
    /// # Safety
    /// 
    /// Implementers must ensure `ktime_get()` return a value in [0,
    //  KTIME_MAX (i.e. i64::MAX)).
    pub unsafe trait ClockSource {
        ...
    }

Regards,
Boqun

> Regards,
> Boqun
> 
> > Introduce a `private::Sealed` trait and implement it for all types
> > that implement `ClockSource`.
> > 
> > Signed-off-by: FUJITA Tomonori <fujita.tomonori@gmail.com>
> > ---
> >  rust/kernel/time.rs | 11 ++++++++++-
> >  1 file changed, 10 insertions(+), 1 deletion(-)
> > 
> > diff --git a/rust/kernel/time.rs b/rust/kernel/time.rs
> > index eaa6d9ab5737..b1961652c884 100644
> > --- a/rust/kernel/time.rs
> > +++ b/rust/kernel/time.rs
> > @@ -51,6 +51,15 @@ pub fn msecs_to_jiffies(msecs: Msecs) -> Jiffies {
> >      unsafe { bindings::__msecs_to_jiffies(msecs) }
> >  }
> >  
> > +mod private {
> > +    pub trait Sealed {}
> > +
> > +    impl Sealed for super::Monotonic {}
> > +    impl Sealed for super::RealTime {}
> > +    impl Sealed for super::BootTime {}
> > +    impl Sealed for super::Tai {}
> > +}
> > +
> >  /// Trait for clock sources.
> >  ///
> >  /// Selection of the clock source depends on the use case. In some cases the usage of a
> > @@ -58,7 +67,7 @@ pub fn msecs_to_jiffies(msecs: Msecs) -> Jiffies {
> >  /// cases the user of the clock has to decide which clock is best suited for the
> >  /// purpose. In most scenarios clock [`Monotonic`] is the best choice as it
> >  /// provides a accurate monotonic notion of time (leap second smearing ignored).
> > -pub trait ClockSource {
> > +pub trait ClockSource: private::Sealed {
> >      /// The kernel clock ID associated with this clock source.
> >      ///
> >      /// This constant corresponds to the C side `clockid_t` value.
> > 
> > base-commit: 994393295c89711531583f6de8f296a30b0d944a
> > -- 
> > 2.43.0
> >

next prev parent reply	other threads:[~2025-06-18  5:01 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-06-17 23:20 [PATCH] rust: time: Seal the ClockSource trait FUJITA Tomonori
2025-06-18  0:10 ` Boqun Feng
2025-06-18  5:01   ` Boqun Feng [this message]
2025-06-18 19:13     ` Andreas Hindborg
2025-06-18 19:29       ` Boqun Feng
2025-06-19  0:23         ` FUJITA Tomonori
2025-06-19  0:27           ` Boqun Feng
2025-06-19  0:28       ` FUJITA Tomonori
2025-06-19  9:31         ` Andreas Hindborg
2025-06-19 11:33           ` FUJITA Tomonori
2025-06-19 12:57             ` Andreas Hindborg
2025-06-19 13:38               ` Boqun Feng

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aFJINI8ImfxMnvrx@Mac.home \
    --to=boqun.feng@gmail.com \
    --cc=a.hindborg@kernel.org \
    --cc=alex.gaynor@gmail.com \
    --cc=aliceryhl@google.com \
    --cc=anna-maria@linutronix.de \
    --cc=bjorn3_gh@protonmail.com \
    --cc=dakr@kernel.org \
    --cc=frederic@kernel.org \
    --cc=fujita.tomonori@gmail.com \
    --cc=gary@garyguo.net \
    --cc=jstultz@google.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lossin@kernel.org \
    --cc=lyude@redhat.com \
    --cc=ojeda@kernel.org \
    --cc=rust-for-linux@vger.kernel.org \
    --cc=sboyd@kernel.org \
    --cc=tglx@linutronix.de \
    --cc=tmgross@umich.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.