From: Philipp Stanner <phasta@kernel.org>
To: "Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <lossin@kernel.org>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Danilo Krummrich" <dakr@kernel.org>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Viresh Kumar" <viresh.kumar@linaro.org>,
"Tamir Duberstein" <tamird@gmail.com>
Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org,
Philipp Stanner <phasta@kernel.org>
Subject: [PATCH] rust: lib: Add necessary unsafes for container_of
Date: Fri, 14 Nov 2025 15:00:21 +0100 [thread overview]
Message-ID: <20251114140020.327075-2-phasta@kernel.org> (raw)
When trying to use LinkedList in the kernel crate, build fails with an
error message demanding unsafe blocks in the container_of macro:
error[E0133]: call to unsafe function `core::ptr::mut_ptr::<impl *mut T>::byte_sub`
is unsafe and requires unsafe block
--> rust/kernel/lib.rs:252:29
|
252 | let container_ptr = field_ptr.byte_sub(offset).cast::<$Container>();
| ^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function
|
::: rust/kernel/drm/jq.rs:98:1
|
98 | / impl_list_item! {
99 | | impl ListItem<0> for BasicItem { using ListLinks { self.links }; }
100 | | }
| |_- in this macro invocation
|
note: an unsafe function restricts its caller, but its body is safe by default
--> rust/kernel/list/impl_list_item_mod.rs:216:13
|
216 | unsafe fn view_value(me: *mut $crate::list::ListLinks<$num>) -> *const Self {
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
::: rust/kernel/drm/jq.rs:98:1
|
98 | / impl_list_item! {
99 | | impl ListItem<0> for BasicItem { using ListLinks { self.links }; }
100 | | }
| |_- in this macro invocation
= note: requested on the command line with `-D unsafe-op-in-unsafe-fn`
= note: this error originates in the macro `$crate::container_of` which comes
from the expansion of the macro `impl_list_item`
Add unsafe blocks to container_of to fix the issue.
Fixes: b20fbbc08a36 ("rust: check type of `$ptr` in `container_of!`")
Suggested-by: Alice Ryhl <aliceryhl@google.com>
Signed-off-by: Philipp Stanner <phasta@kernel.org>
---
I'm currently writing DrmJobqueue, a new piece of infrastructure. It
uses LinkedList and resides in the kernel crate. When using LinkedList
from within there, for reasons I don't fully understand the error above
shows up.
The other testing infrastructure doesn't seem to run into the error,
though.
P.
---
rust/kernel/lib.rs | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs
index fef97f2a5098..a26b87015e7d 100644
--- a/rust/kernel/lib.rs
+++ b/rust/kernel/lib.rs
@@ -249,8 +249,11 @@ macro_rules! container_of {
($field_ptr:expr, $Container:ty, $($fields:tt)*) => {{
let offset: usize = ::core::mem::offset_of!($Container, $($fields)*);
let field_ptr = $field_ptr;
- let container_ptr = field_ptr.byte_sub(offset).cast::<$Container>();
- $crate::assert_same_type(field_ptr, (&raw const (*container_ptr).$($fields)*).cast_mut());
+ // SAFETY: Offsetting the pointer to the container is correct because the offset was
+ // calculated validly above.
+ let container_ptr = unsafe { field_ptr.byte_sub(offset).cast::<$Container>() };
+ // SAFETY: Safe because the container_ptr was validly created above.
+ $crate::assert_same_type(field_ptr, unsafe { (&raw const (*container_ptr).$($fields)*) }.cast_mut());
container_ptr
}}
}
--
2.49.0
next reply other threads:[~2025-11-14 14:00 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-14 14:00 Philipp Stanner [this message]
2025-11-14 14:14 ` [PATCH] rust: lib: Add necessary unsafes for container_of Alice Ryhl
2025-11-17 8:24 ` Philipp Stanner
2025-11-17 8:59 ` Miguel Ojeda
2025-11-14 20:21 ` Miguel Ojeda
2025-11-17 6:36 ` Philipp Stanner
2025-11-17 6:49 ` Miguel Ojeda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251114140020.327075-2-phasta@kernel.org \
--to=phasta@kernel.org \
--cc=a.hindborg@kernel.org \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=gary@garyguo.net \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lossin@kernel.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=tamird@gmail.com \
--cc=tmgross@umich.edu \
--cc=viresh.kumar@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox