[PATCH v2] rust: time: warn and assert out-of-range input in fsleep() and udelay()

Rust for Linux List
 help / color / mirror / Atom feed

From: Sang-Heon Jeon <ekffu200098@gmail.com>
To: a.hindborg@kernel.org, boqun@kernel.org,
	fujita.tomonori@gmail.com, frederic@kernel.org, lyude@redhat.com,
	tglx@kernel.org, anna-maria@linutronix.de, jstultz@google.com,
	sboyd@kernel.org
Cc: rust-for-linux@vger.kernel.org,
	"Sang-Heon Jeon" <ekffu200098@gmail.com>,
	"Onur Özkan" <work@onurozkan.dev>
Subject: [PATCH v2] rust: time: warn and assert out-of-range input in fsleep() and udelay()
Date: Sat, 23 May 2026 02:25:58 +0900	[thread overview]
Message-ID: <20260522172558.137415-1-ekffu200098@gmail.com> (raw)

fsleep() documents out-of-range input as a bug but does not check
it, unlike udelay(). Add `debug_assert!` calls to catch it in
debug builds.

Also add `pr_warn_once!` calls in both fsleep() and udelay() so
the clamped path is observable at runtime.

Reviewed-by: Onur Özkan <work@onurozkan.dev>
Signed-off-by: Sang-Heon Jeon <ekffu200098@gmail.com>
---
Changes from v1 [1]
- Add pr_warn_once to fsleep() and udelay()
- Add reviewed-by tag by Onur

[1] https://lore.kernel.org/all/20260508173827.1123011-1-ekffu200098@gmail.com/
---
 rust/kernel/time/delay.rs | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/rust/kernel/time/delay.rs b/rust/kernel/time/delay.rs
index b5b1b42797a0..557130ab84e6 100644
--- a/rust/kernel/time/delay.rs
+++ b/rust/kernel/time/delay.rs
@@ -8,6 +8,7 @@
 //! C header: [`include/linux/delay.h`](srctree/include/linux/delay.h).
 
 use super::Delta;
+use crate::pr_warn_once;
 use crate::prelude::*;
 
 /// Sleeps for a given duration at least.
@@ -18,8 +19,7 @@
 /// `delta` must be within `[0, i32::MAX]` microseconds;
 /// otherwise, it is erroneous behavior. That is, it is considered a bug
 /// to call this function with an out-of-range value, in which case the function
-/// will sleep for at least the maximum value in the range and may warn
-/// in the future.
+/// will sleep for at least the maximum value in the range and warns once.
 ///
 /// The behavior above differs from the C side [`fsleep()`] for which out-of-range
 /// values mean "infinite timeout" instead.
@@ -32,10 +32,13 @@ pub fn fsleep(delta: Delta) {
     // overflow inside fsleep, which could lead to unintentional infinite sleep.
     const MAX_DELTA: Delta = Delta::from_micros(i32::MAX as i64);
 
+    debug_assert!(delta.as_nanos() >= 0);
+    debug_assert!(delta <= MAX_DELTA);
+
     let delta = if (Delta::ZERO..=MAX_DELTA).contains(&delta) {
         delta
     } else {
-        // TODO: Add WARN_ONCE() when it's supported.
+        pr_warn_once!("attempted to fsleep() with out of range delta\n");
         MAX_DELTA
     };
 
@@ -54,7 +57,8 @@ pub fn fsleep(delta: Delta) {
 ///
 /// `delta` must be within `[0, MAX_UDELAY_MS]` in milliseconds;
 /// otherwise, it is erroneous behavior. That is, it is considered a bug to
-/// call this function with an out-of-range value.
+/// call this function with an out-of-range value, in which case the function
+/// will delay for at least the maximum value in the range and warns once.
 ///
 /// The behavior above differs from the C side [`udelay()`] for which out-of-range
 /// values could lead to an overflow and unexpected behavior.
@@ -69,6 +73,7 @@ pub fn udelay(delta: Delta) {
     let delta = if (Delta::ZERO..=MAX_UDELAY_DELTA).contains(&delta) {
         delta
     } else {
+        pr_warn_once!("attempted to udelay() with out of range delta\n");
         MAX_UDELAY_DELTA
     };
 
-- 
2.43.0

next             reply	other threads:[~2026-05-22 17:26 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-22 17:25 Sang-Heon Jeon [this message]
2026-06-15 18:14 ` [PATCH v2] rust: time: warn and assert out-of-range input in fsleep() and udelay() Sang-Heon Jeon
2026-06-15 18:43   ` Miguel Ojeda
2026-06-15 19:13     ` Sang-Heon Jeon
2026-06-16  9:16       ` Miguel Ojeda
2026-06-17  9:16   ` Andreas Hindborg
2026-06-17  9:38     ` Sang-Heon Jeon

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:b5b1b42797a dfblob:557130ab84e )
 OR (
bs:"[PATCH v2] rust: time: warn and assert out-of-range input in fsleep() and udelay()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260522172558.137415-1-ekffu200098@gmail.com \
    --to=ekffu200098@gmail.com \
    --cc=a.hindborg@kernel.org \
    --cc=anna-maria@linutronix.de \
    --cc=boqun@kernel.org \
    --cc=frederic@kernel.org \
    --cc=fujita.tomonori@gmail.com \
    --cc=jstultz@google.com \
    --cc=lyude@redhat.com \
    --cc=rust-for-linux@vger.kernel.org \
    --cc=sboyd@kernel.org \
    --cc=tglx@kernel.org \
    --cc=work@onurozkan.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox