public inbox for rust-for-linux@vger.kernel.org
 help / color / mirror / Atom feed
From: Boqun Feng <boqun.feng@gmail.com>
To: FUJITA Tomonori <fujita.tomonori@gmail.com>
Cc: a.hindborg@kernel.org, alex.gaynor@gmail.com, ojeda@kernel.org,
	aliceryhl@google.com, anna-maria@linutronix.de,
	bjorn3_gh@protonmail.com, dakr@kernel.org, frederic@kernel.org,
	gary@garyguo.net, jstultz@google.com,
	linux-kernel@vger.kernel.org, lossin@kernel.org,
	lyude@redhat.com, rust-for-linux@vger.kernel.org,
	sboyd@kernel.org, tglx@linutronix.de, tmgross@umich.edu
Subject: Re: [PATCH] rust: time: Seal the ClockSource trait
Date: Tue, 17 Jun 2025 22:01:40 -0700	[thread overview]
Message-ID: <aFJINI8ImfxMnvrx@Mac.home> (raw)
In-Reply-To: <aFIEAiDKnxsZQ8s4@tardis.local>

On Tue, Jun 17, 2025 at 05:10:42PM -0700, Boqun Feng wrote:
> On Wed, Jun 18, 2025 at 08:20:53AM +0900, FUJITA Tomonori wrote:
> > Prevent downstream crates or drivers from implementing `ClockSource`
> > for arbitrary types, which could otherwise leads to unsupported
> > behavior.
> > 
> 
> Hmm.. I don't think other impl of `ClockSource` is a problem, IIUC, as
> long as the ktime_get() can return a value in [0, i64::MAX). Also this
> means ClockSource should be an `unsafe` trait, because the correct
> implementaion relies on ktime_get() returns the correct value. This is
> needed even if you sealed ClockSource trait.
> 
> Could you drop this and fix that the ClockSource trait instead? Thanks!
> 

For example:

    /// Trait for clock sources.
    ///
    /// ...
    /// # Safety
    /// 
    /// Implementers must ensure `ktime_get()` return a value in [0,
    //  KTIME_MAX (i.e. i64::MAX)).
    pub unsafe trait ClockSource {
        ...
    }

Regards,
Boqun

> Regards,
> Boqun
> 
> > Introduce a `private::Sealed` trait and implement it for all types
> > that implement `ClockSource`.
> > 
> > Signed-off-by: FUJITA Tomonori <fujita.tomonori@gmail.com>
> > ---
> >  rust/kernel/time.rs | 11 ++++++++++-
> >  1 file changed, 10 insertions(+), 1 deletion(-)
> > 
> > diff --git a/rust/kernel/time.rs b/rust/kernel/time.rs
> > index eaa6d9ab5737..b1961652c884 100644
> > --- a/rust/kernel/time.rs
> > +++ b/rust/kernel/time.rs
> > @@ -51,6 +51,15 @@ pub fn msecs_to_jiffies(msecs: Msecs) -> Jiffies {
> >      unsafe { bindings::__msecs_to_jiffies(msecs) }
> >  }
> >  
> > +mod private {
> > +    pub trait Sealed {}
> > +
> > +    impl Sealed for super::Monotonic {}
> > +    impl Sealed for super::RealTime {}
> > +    impl Sealed for super::BootTime {}
> > +    impl Sealed for super::Tai {}
> > +}
> > +
> >  /// Trait for clock sources.
> >  ///
> >  /// Selection of the clock source depends on the use case. In some cases the usage of a
> > @@ -58,7 +67,7 @@ pub fn msecs_to_jiffies(msecs: Msecs) -> Jiffies {
> >  /// cases the user of the clock has to decide which clock is best suited for the
> >  /// purpose. In most scenarios clock [`Monotonic`] is the best choice as it
> >  /// provides a accurate monotonic notion of time (leap second smearing ignored).
> > -pub trait ClockSource {
> > +pub trait ClockSource: private::Sealed {
> >      /// The kernel clock ID associated with this clock source.
> >      ///
> >      /// This constant corresponds to the C side `clockid_t` value.
> > 
> > base-commit: 994393295c89711531583f6de8f296a30b0d944a
> > -- 
> > 2.43.0
> > 

  reply	other threads:[~2025-06-18  5:01 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-06-17 23:20 [PATCH] rust: time: Seal the ClockSource trait FUJITA Tomonori
2025-06-18  0:10 ` Boqun Feng
2025-06-18  5:01   ` Boqun Feng [this message]
2025-06-18 19:13     ` Andreas Hindborg
2025-06-18 19:29       ` Boqun Feng
2025-06-19  0:23         ` FUJITA Tomonori
2025-06-19  0:27           ` Boqun Feng
2025-06-19  0:28       ` FUJITA Tomonori
2025-06-19  9:31         ` Andreas Hindborg
2025-06-19 11:33           ` FUJITA Tomonori
2025-06-19 12:57             ` Andreas Hindborg
2025-06-19 13:38               ` Boqun Feng

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aFJINI8ImfxMnvrx@Mac.home \
    --to=boqun.feng@gmail.com \
    --cc=a.hindborg@kernel.org \
    --cc=alex.gaynor@gmail.com \
    --cc=aliceryhl@google.com \
    --cc=anna-maria@linutronix.de \
    --cc=bjorn3_gh@protonmail.com \
    --cc=dakr@kernel.org \
    --cc=frederic@kernel.org \
    --cc=fujita.tomonori@gmail.com \
    --cc=gary@garyguo.net \
    --cc=jstultz@google.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lossin@kernel.org \
    --cc=lyude@redhat.com \
    --cc=ojeda@kernel.org \
    --cc=rust-for-linux@vger.kernel.org \
    --cc=sboyd@kernel.org \
    --cc=tglx@linutronix.de \
    --cc=tmgross@umich.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox