From: Tamir Duberstein <tamird@gmail.com>
To: Benno Lossin <benno.lossin@proton.me>
Cc: "Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Bjorn Helgaas" <bhelgaas@google.com>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Rafael J. Wysocki" <rafael@kernel.org>,
"Danilo Krummrich" <dakr@kernel.org>,
rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-pci@vger.kernel.org
Subject: Re: [PATCH 2/2] rust: workqueue: remove HasWork::OFFSET
Date: Sat, 15 Mar 2025 11:37:39 -0400 [thread overview]
Message-ID: <CAJ-ks9mUPkP=QDGekbi1PRfpKKigXj87-_a25JBGHVRSiEe_AA@mail.gmail.com> (raw)
In-Reply-To: <D8GQGCVTK0IL.16YO67C0IKLHA@proton.me>
On Sat, Mar 15, 2025 at 5:30 AM Benno Lossin <benno.lossin@proton.me> wrote:
>
> On Fri Mar 14, 2025 at 9:44 PM CET, Tamir Duberstein wrote:
> > On Fri, Mar 14, 2025 at 3:20 PM Benno Lossin <benno.lossin@proton.me> wrote:
> >>
> >> On Fri Mar 7, 2025 at 10:58 PM CET, Tamir Duberstein wrote:
> >> > Implement `HasWork::work_container_of` in `impl_has_work!`, narrowing
> >> > the interface of `HasWork` and replacing pointer arithmetic with
> >> > `container_of!`. Remove the provided implementation of
> >> > `HasWork::get_work_offset` without replacement; an implementation is
> >> > already generated in `impl_has_work!`. Remove the `Self: Sized` bound on
> >> > `HasWork::work_container_of` which was apparently necessary to access
> >> > `OFFSET` as `OFFSET` no longer exists.
> >> >
> >> > A similar API change was discussed on the hrtimer series[1].
> >> >
> >> > Link: https://lore.kernel.org/all/20250224-hrtimer-v3-v6-12-rc2-v9-1-5bd3bf0ce6cc@kernel.org/ [1]
> >> > Signed-off-by: Tamir Duberstein <tamird@gmail.com>
> >> > ---
> >> > rust/kernel/workqueue.rs | 45 ++++++++++++---------------------------------
> >> > 1 file changed, 12 insertions(+), 33 deletions(-)
> >>
> >> What is the motivation of this change? I didn't follow the discussion,
> >> so if you explained it there, it would be nice if you could also add it
> >> to this commit message.
> >
> > The motivation is right at the top: it narrows the interface and
> > replaces pointer arithmetic with an existing macro, and then deletes
> > unnecessary code.
> >
> >> > diff --git a/rust/kernel/workqueue.rs b/rust/kernel/workqueue.rs
> >> > index 0cd100d2aefb..0e2e0ecc58a6 100644
> >> > --- a/rust/kernel/workqueue.rs
> >> > +++ b/rust/kernel/workqueue.rs
> >> > @@ -429,51 +429,23 @@ pub unsafe fn raw_get(ptr: *const Self) -> *mut bindings::work_struct {
> >> > ///
> >> > /// # Safety
> >> > ///
> >> > -/// The [`OFFSET`] constant must be the offset of a field in `Self` of type [`Work<T, ID>`]. The
> >> > -/// methods on this trait must have exactly the behavior that the definitions given below have.
> >> > +/// The methods on this trait must have exactly the behavior that the definitions given below have.
> >> > ///
> >> > /// [`impl_has_work!`]: crate::impl_has_work
> >> > -/// [`OFFSET`]: HasWork::OFFSET
> >> > pub unsafe trait HasWork<T, const ID: u64 = 0> {
> >> > - /// The offset of the [`Work<T, ID>`] field.
> >> > - const OFFSET: usize;
> >> > -
> >> > - /// Returns the offset of the [`Work<T, ID>`] field.
> >> > - ///
> >> > - /// This method exists because the [`OFFSET`] constant cannot be accessed if the type is not
> >> > - /// [`Sized`].
> >> > - ///
> >> > - /// [`OFFSET`]: HasWork::OFFSET
> >> > - #[inline]
> >> > - fn get_work_offset(&self) -> usize {
> >> > - Self::OFFSET
> >> > - }
> >> > -
> >> > /// Returns a pointer to the [`Work<T, ID>`] field.
> >> > ///
> >> > /// # Safety
> >> > ///
> >> > /// The provided pointer must point at a valid struct of type `Self`.
> >> > - #[inline]
> >> > - unsafe fn raw_get_work(ptr: *mut Self) -> *mut Work<T, ID> {
> >> > - // SAFETY: The caller promises that the pointer is valid.
> >> > - unsafe { (ptr as *mut u8).add(Self::OFFSET) as *mut Work<T, ID> }
> >> > - }
> >> > + unsafe fn raw_get_work(ptr: *mut Self) -> *mut Work<T, ID>;
> >> >
> >> > /// Returns a pointer to the struct containing the [`Work<T, ID>`] field.
> >> > ///
> >> > /// # Safety
> >> > ///
> >> > /// The pointer must point at a [`Work<T, ID>`] field in a struct of type `Self`.
> >> > - #[inline]
> >> > - unsafe fn work_container_of(ptr: *mut Work<T, ID>) -> *mut Self
> >> > - where
> >> > - Self: Sized,
> >>
> >> This bound is required in order to allow the usage of `dyn HasWork` (ie
> >> object safety), so it should stay.
> >>
> >> Maybe add a comment explaining why it's there.
> >
> > I guess a doctest would be better, but I still don't understand why
> > the bound is needed. Sorry, can you cite something or explain in more
> > detail please?
>
> Here is a link: https://doc.rust-lang.org/reference/items/traits.html#dyn-compatibility
>
> But I realized that the trait wasn't object safe to begin with due to
> the `OFFSET` associated constant. So I'm not sure we need this. Alice,
> do you need `dyn HasWork`?
I wrote a simple test:
diff --git a/rust/kernel/workqueue.rs b/rust/kernel/workqueue.rs
index 0e2e0ecc58a6..4f2dd2c1ebcb 100644
--- a/rust/kernel/workqueue.rs
+++ b/rust/kernel/workqueue.rs
@@ -448,6 +448,11 @@ pub unsafe trait HasWork<T, const ID: u64 = 0> {
unsafe fn work_container_of(ptr: *mut Work<T, ID>) -> *mut Self;
}
+fn has_work_object_safe<T: HasWork<T>>(has_work: T) {
+ fn _assert_object_safe(_: &dyn HasWork<()>) {}
+ _assert_object_safe(&has_work);
+}
+
/// Used to safely implement the [`HasWork<T, ID>`] trait.
///
/// # Examples
`HasWork` is not object-safe even before this patch:
> error[E0038]: the trait `workqueue::HasWork` cannot be made into an object
> --> ../rust/kernel/workqueue.rs:481:25
> |
> 481 | _assert_object_safe(&has_work);
> | ^^^^^^^^^ `workqueue::HasWork` cannot be made into an object
> |
> note: for a trait to be "dyn-compatible" it needs to allow building a vtable to allow the call to be resolvable dynamically; for more information visit <https://doc.rust-lang.org/reference/items/traits.html#object-safety>
> --> ../rust/kernel/workqueue.rs:439:11
> |
> 437 | pub unsafe trait HasWork<T, const ID: u64 = 0> {
> | ------- this trait cannot be made into an object...
> 438 | /// The offset of the [`Work<T, ID>`] field.
> 439 | const OFFSET: usize;
> | ^^^^^^ ...because it contains this associated `const`
> ...
> 458 | unsafe fn raw_get_work(ptr: *mut Self) -> *mut Work<T, ID> {
> | ^^^^^^^^^^^^ ...because associated function `raw_get_work` has no `self` parameter
> = help: consider moving `OFFSET` to another trait
> = help: only type `workqueue::ClosureWork<T>` is seen to implement the trait in this crate, consider using it directly instead
> = note: `workqueue::HasWork` can be implemented in other crates; if you want to support your users passing their own types here, you can't refer to a specific type
> help: consider turning `raw_get_work` into a method by giving it a `&self` argument
> |
> 458 | unsafe fn raw_get_work(&self, ptr: *mut Self) -> *mut Work<T, ID> {
> | ++++++
> help: alternatively, consider constraining `raw_get_work` so it does not apply to trait objects
> |
> 458 | unsafe fn raw_get_work(ptr: *mut Self) -> *mut Work<T, ID> where Self: Sized {
> | +++++++++++++++++
>
> error: aborting due to 3 previous errors
so I don't think adding the Sized bound makes sense - we'd end up
adding it on every item in the trait.
next prev parent reply other threads:[~2025-03-15 15:38 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-07 21:58 [PATCH 0/2] rust: workqueue: remove HasWork::OFFSET Tamir Duberstein
2025-03-07 21:58 ` [PATCH 1/2] rust: retain pointer mut-ness in `container_of!` Tamir Duberstein
2025-03-14 19:22 ` Benno Lossin
2025-03-17 10:52 ` Alice Ryhl
2025-03-07 21:58 ` [PATCH 2/2] rust: workqueue: remove HasWork::OFFSET Tamir Duberstein
2025-03-14 19:20 ` Benno Lossin
2025-03-14 20:44 ` Tamir Duberstein
2025-03-15 9:30 ` Benno Lossin
2025-03-15 15:37 ` Tamir Duberstein [this message]
2025-03-15 18:06 ` Benno Lossin
2025-03-15 18:12 ` Tamir Duberstein
2025-03-16 12:55 ` Tamir Duberstein
2025-03-16 17:43 ` Benno Lossin
2025-03-16 18:59 ` Tamir Duberstein
2025-03-17 10:07 ` Benno Lossin
2025-03-17 11:34 ` Alice Ryhl
2025-03-17 11:35 ` Tamir Duberstein
2025-04-09 9:45 ` Alice Ryhl
2025-03-14 12:49 ` [PATCH 0/2] " Tamir Duberstein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJ-ks9mUPkP=QDGekbi1PRfpKKigXj87-_a25JBGHVRSiEe_AA@mail.gmail.com' \
--to=tamird@gmail.com \
--cc=a.hindborg@kernel.org \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=benno.lossin@proton.me \
--cc=bhelgaas@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=gary@garyguo.net \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=ojeda@kernel.org \
--cc=rafael@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).