Rust for Linux List
 help / color / mirror / Atom feed
From: "Gary Guo" <gary@garyguo.net>
To: "Gary Guo" <gary@garyguo.net>, "Benno Lossin" <lossin@kernel.org>,
	"Miguel Ojeda" <ojeda@kernel.org>,
	"Boqun Feng" <boqun@kernel.org>,
	"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
	"Andreas Hindborg" <a.hindborg@kernel.org>,
	"Alice Ryhl" <aliceryhl@google.com>,
	"Trevor Gross" <tmgross@umich.edu>,
	"Danilo Krummrich" <dakr@kernel.org>
Cc: <rust-for-linux@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 8/8] rust: pin-init: internal: project using full slot
Date: Thu, 14 May 2026 20:15:40 +0100	[thread overview]
Message-ID: <DIIN281ZNCAN.3PFFJAKZXLNT8@garyguo.net> (raw)
In-Reply-To: <20260512-pin-init-sync-v1-8-81963130dfbd@garyguo.net>

On Tue May 12, 2026 at 1:09 PM BST, Gary Guo wrote:
> Instead of projecting using pointer to a field project the full slot. This
> further shifts the code generation from the initializer site to the struct
> definition site, which means less code is generated overall.
>
> It also makes the safety comment easier to justify, as now the projection
> is done by the `#[pin_data]` macro which has full visibility of pinnedness
> of fields.
>
> The field alignment could also be checked on the `#[pin_data]` side;
> however, since `init!()` macro works for other type of structs, we cannot
> remove the alignment check from `init!`/`pin_init!` side anyway, so I opted
> to still keep the alignment check in init.rs.
>
> Signed-off-by: Gary Guo <gary@garyguo.net>
> ---
>  rust/pin-init/internal/src/init.rs     |  5 ++---
>  rust/pin-init/internal/src/pin_data.rs | 12 ++++++------
>  rust/pin-init/src/lib.rs               |  2 +-
>  3 files changed, 9 insertions(+), 10 deletions(-)
>
> diff --git a/rust/pin-init/internal/src/init.rs b/rust/pin-init/internal/src/init.rs
> index e6f5ea06f91b..699b105570a5 100644
> --- a/rust/pin-init/internal/src/init.rs
> +++ b/rust/pin-init/internal/src/init.rs
> @@ -245,12 +245,11 @@ fn init_fields(
>          let slot = if pinned {
>              quote! {
>                  // SAFETY:
> -                // - `&raw mut (*slot).#ident` points to the `#ident` field of `slot`.
> -                // - `&raw mut (*slot).#ident` is valid.
> +                // - `slot` is valid and properly aligned.
>                  // - `make_field_check` checks that `&raw mut (*slot).#ident` is properly aligned.
>                  // - `make_field_check` prevents `#ident` from being used twice, therefore
>                  //   `(*slot).#ident` is exclusively accessed and has not been initialized.
> -                (unsafe { #data.#ident(&raw mut (*#slot).#ident) })
> +                (unsafe { #data.#ident(#slot) })
>              }
>          } else {
>              quote! {
> diff --git a/rust/pin-init/internal/src/pin_data.rs b/rust/pin-init/internal/src/pin_data.rs
> index 3278a54510e1..a3431863f5d6 100644
> --- a/rust/pin-init/internal/src/pin_data.rs
> +++ b/rust/pin-init/internal/src/pin_data.rs
> @@ -377,21 +377,21 @@ fn generate_the_pin_data(
>              quote! {
>                  /// # Safety
>                  ///
> -                /// - `slot` points to a `#ident` field of a pinned struct that this `__ThePinData`
> -                ///   describes.
> -                /// - `slot` is a valid, properly aligned and points to uninitialized and
> -                ///   exclusively accessed memory.
> +                /// - `slot` is valid and properly aligned.
> +                /// - `(*slot).#field_name` is properly aligned.
> +                /// - `(*slot).#field_name` points to uninitialized and exclusively accessed
> +                ///    memory.

This line has an extra space. Sometimes visually aligning doesn't mean it
actually is :)

I'll fix this up when applying.

Best,
Gary

>                  #(#attrs)*
>                  #[inline(always)]
>                  #vis unsafe fn #field_name(
>                      self,
> -                    slot: *mut #ty,
> +                    slot: *mut #struct_name #ty_generics,
>                  ) -> ::pin_init::__internal::Slot<::pin_init::__internal::#pin_marker, #ty> {
>                      // SAFETY:
>                      // - If `#pin_marker` is `Pinned`, the corresponding field is structurally
>                      //   pinned.
>                      // - Other safety requirements follows the safety requirement.
> -                    unsafe { ::pin_init::__internal::Slot::new(slot) }
> +                    unsafe { ::pin_init::__internal::Slot::new(&raw mut (*slot).#field_name) }
>                  }
>              }
>          })
> diff --git a/rust/pin-init/src/lib.rs b/rust/pin-init/src/lib.rs
> index e891d65cc469..c9e2cbe27915 100644
> --- a/rust/pin-init/src/lib.rs
> +++ b/rust/pin-init/src/lib.rs
> @@ -868,7 +868,7 @@ macro_rules! stack_try_pin_init {
>  macro_rules! assert_pinned {
>      ($ty:ty, $field:ident, $field_ty:ty, inline) => {
>          // SAFETY: This code is unreachable.
> -        let _ = move |ptr: *mut $field_ty| unsafe {
> +        let _ = move |ptr: *mut $ty| unsafe {
>              let data = <$ty as $crate::__internal::HasPinData>::__pin_data();
>              _ = data
>                  .$field(ptr)


  reply	other threads:[~2026-05-14 19:15 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-12 12:09 [PATCH 0/8] rust: pin-init: internal refactors Gary Guo
2026-05-12 12:09 ` [PATCH 1/8] rust: pin-init: internal: pin_data: use closure for `handle_field` Gary Guo
2026-05-12 12:09 ` [PATCH 2/8] rust: pin-init: internal: pin_data: add struct to record field info Gary Guo
2026-05-12 12:09 ` [PATCH 3/8] rust: pin-init: internal: add `PhantomInvariant` and `PhantomInvariantLifetime` Gary Guo
2026-05-12 12:09 ` [PATCH 4/8] rust: pin-init: internal: init: handle code blocks early Gary Guo
2026-05-12 12:09 ` [PATCH 5/8] rust: pin-init: internal: use marker on drop guard type for pinned fields Gary Guo
2026-05-12 12:09 ` [PATCH 6/8] rust: pin-init: internal: make `make_closure` inherent methods Gary Guo
2026-05-12 12:09 ` [PATCH 7/8] rust: pin-init: internal: project slots instead of references Gary Guo
2026-05-12 12:09 ` [PATCH 8/8] rust: pin-init: internal: project using full slot Gary Guo
2026-05-14 19:15   ` Gary Guo [this message]
2026-05-14 19:31 ` (subset) [PATCH 0/8] rust: pin-init: internal refactors Gary Guo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DIIN281ZNCAN.3PFFJAKZXLNT8@garyguo.net \
    --to=gary@garyguo.net \
    --cc=a.hindborg@kernel.org \
    --cc=aliceryhl@google.com \
    --cc=bjorn3_gh@protonmail.com \
    --cc=boqun@kernel.org \
    --cc=dakr@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lossin@kernel.org \
    --cc=ojeda@kernel.org \
    --cc=rust-for-linux@vger.kernel.org \
    --cc=tmgross@umich.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox