From: Benno Lossin <benno.lossin@proton.me>
To: "Björn Roy Baron" <bjorn3_gh@protonmail.com>
Cc: Miguel Ojeda <ojeda@kernel.org>,
Wedson Almeida Filho <wedsonaf@gmail.com>,
Alex Gaynor <alex.gaynor@gmail.com>,
Boqun Feng <boqun.feng@gmail.com>, Gary Guo <gary@garyguo.net>,
Alice Ryhl <aliceryhl@google.com>,
Andreas Hindborg <nmi@metaspace.dk>,
rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org,
patches@lists.linux.dev, Asahi Lina <lina@asahilina.net>
Subject: Re: [PATCH 5/7] rust: init: add `..Zeroable::zeroed()` syntax for zeroing all missing fields
Date: Sat, 24 Jun 2023 21:14:47 +0000 [thread overview]
Message-ID: <f4bcd952-1ad9-42b7-6e0b-72a115dcbe8e@proton.me> (raw)
In-Reply-To: <W1fY0aa_v9j7lJNWXk_WNaxY2qruJo1R6k7u0g-X5L5Rxuod-VMBMmByICDwjF_fFGvNJTV41QapW0WeVduNYqxgo9S243gnNGXbexq6P3Q=@protonmail.com>
On 6/24/23 17:11, Björn Roy Baron wrote:
> On Saturday, June 24th, 2023 at 11:25, Benno Lossin <benno.lossin@proton.me> wrote:
>
>> Add the struct update syntax to the init macros, but only for
>> `..Zeroable::zeroed()`. Adding this at the end of the struct initializer
>> allows one to omit fields from the initializer, these fields will be
>> initialized with 0x00 set to every byte. Only types that implement the
>> `Zeroable` trait can utilize this.
>>
>> Suggested-by: Asahi Lina <lina@asahilina.net>
>> Signed-off-by: Benno Lossin <benno.lossin@proton.me>
>> ---
>> rust/kernel/init.rs | 16 +++++-
>> rust/kernel/init/macros.rs | 114 ++++++++++++++++++++++++++++++++++++-
>> 2 files changed, 128 insertions(+), 2 deletions(-)
>>
>> diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs
>> index ecf6a4bd0ce4..44bc3e77419a 100644
>> --- a/rust/kernel/init.rs
>> +++ b/rust/kernel/init.rs
>> @@ -508,14 +508,18 @@ macro_rules! stack_try_pin_init {
>> /// - Fields that you want to initialize in-place have to use `<-` instead of `:`.
>> /// - In front of the initializer you can write `&this in` to have access to a [`NonNull<Self>`]
>> /// pointer named `this` inside of the initializer.
>> +/// - Using struct update syntax one can place `..Zeroable::zeroed()` at the very end of the
>> +/// struct, this initializes every field with 0 and then runs all initializers specified in the
>> +/// body. This can only be done if [`Zeroable`] is implemented for the struct.
>> ///
>> /// For instance:
>> ///
>> /// ```rust
>> /// # use kernel::pin_init;
>> -/// # use macros::pin_data;
>> +/// # use macros::{pin_data, Zeroable};
>> /// # use core::{ptr::addr_of_mut, marker::PhantomPinned};
>> /// #[pin_data]
>> +/// #[derive(Zeroable)]
>> /// struct Buf {
>> /// // `ptr` points into `buf`.
>> /// ptr: *mut u8,
>> @@ -528,6 +532,10 @@ macro_rules! stack_try_pin_init {
>> /// ptr: unsafe { addr_of_mut!((*this.as_ptr()).buf).cast() },
>> /// pin: PhantomPinned,
>> /// });
>> +/// pin_init!(Buf {
>> +/// buf: [1; 64],
>> +/// ..Zeroable::zeroed(),
>> +/// });
>> /// ```
>> ///
>> /// [`try_pin_init!`]: kernel::try_pin_init
>> @@ -547,6 +555,7 @@ macro_rules! pin_init {
>> @data(PinData, use_data),
>> @has_data(HasPinData, __pin_data),
>> @construct_closure(pin_init_from_closure),
>> + @munch_fields($($fields)*),
>> )
>> };
>> }
>> @@ -603,6 +612,7 @@ macro_rules! try_pin_init {
>> @data(PinData, use_data),
>> @has_data(HasPinData, __pin_data),
>> @construct_closure(pin_init_from_closure),
>> + @munch_fields($($fields)*),
>> )
>> };
>> ($(&$this:ident in)? $t:ident $(::<$($generics:ty),* $(,)?>)? {
>> @@ -616,6 +626,7 @@ macro_rules! try_pin_init {
>> @data(PinData, use_data),
>> @has_data(HasPinData, __pin_data),
>> @construct_closure(pin_init_from_closure),
>> + @munch_fields($($fields)*),
>> )
>> };
>> }
>> @@ -650,6 +661,7 @@ macro_rules! init {
>> @data(InitData, /*no use_data*/),
>> @has_data(HasInitData, __init_data),
>> @construct_closure(init_from_closure),
>> + @munch_fields($($fields)*),
>> )
>> }
>> }
>> @@ -700,6 +712,7 @@ macro_rules! try_init {
>> @data(InitData, /*no use_data*/),
>> @has_data(HasInitData, __init_data),
>> @construct_closure(init_from_closure),
>> + @munch_fields($($fields)*),
>> )
>> };
>> ($(&$this:ident in)? $t:ident $(::<$($generics:ty),* $(,)?>)? {
>> @@ -713,6 +726,7 @@ macro_rules! try_init {
>> @data(InitData, /*no use_data*/),
>> @has_data(HasInitData, __init_data),
>> @construct_closure(init_from_closure),
>> + @munch_fields($($fields)*),
>> )
>> };
>> }
>> diff --git a/rust/kernel/init/macros.rs b/rust/kernel/init/macros.rs
>> index 1e0c4aca055a..5dcb2e513f26 100644
>> --- a/rust/kernel/init/macros.rs
>> +++ b/rust/kernel/init/macros.rs
>> @@ -989,6 +989,7 @@ impl<$($impl_generics)*> $pin_data<$($ty_generics)*>
>> ///
>> /// This macro has multiple internal call configurations, these are always the very first ident:
>> /// - nothing: this is the base case and called by the `{try_}{pin_}init!` macros.
>> +/// - `with_update_parsed`: when the `..Zeroable::zeroed()` syntax has been handled.
>> /// - `init_slot`: recursively creates the code that initializes all fields in `slot`.
>> /// - `make_initializer`: recursively create the struct initializer that guarantees that every
>> /// field has been initialized exactly once.
>> @@ -1007,6 +1008,82 @@ macro_rules! __init_internal {
>> @has_data($has_data:ident, $get_data:ident),
>> // `pin_init_from_closure` or `init_from_closure`.
>> @construct_closure($construct_closure:ident),
>> + @munch_fields(),
>> + ) => {
>> + $crate::__init_internal!(with_update_parsed:
>> + @this($($this)?),
>> + @typ($t $(::<$($generics),*>)? ),
>> + @fields($($fields)*),
>> + @error($err),
>> + @data($data, $($use_data)?),
>> + @has_data($has_data, $get_data),
>> + @construct_closure($construct_closure),
>> + @zeroed(), // nothing means default behavior.
>> + )
>> + };
>> + (
>> + @this($($this:ident)?),
>> + @typ($t:ident $(::<$($generics:ty),*>)?),
>> + @fields($($fields:tt)*),
>> + @error($err:ty),
>> + // Either `PinData` or `InitData`, `$use_data` should only be present in the `PinData`
>> + // case.
>> + @data($data:ident, $($use_data:ident)?),
>> + // `HasPinData` or `HasInitData`.
>> + @has_data($has_data:ident, $get_data:ident),
>> + // `pin_init_from_closure` or `init_from_closure`.
>> + @construct_closure($construct_closure:ident),
>> + @munch_fields(..Zeroable::zeroed()),
>> + ) => {
>> + $crate::__init_internal!(with_update_parsed:
>> + @this($($this)?),
>> + @typ($t $(::<$($generics),*>)? ),
>> + @fields($($fields)*),
>> + @error($err),
>> + @data($data, $($use_data)?),
>> + @has_data($has_data, $get_data),
>> + @construct_closure($construct_closure),
>> + @zeroed(()), // `()` means zero all fields not mentioned.
>> + )
>> + };
>> + (
>> + @this($($this:ident)?),
>> + @typ($t:ident $(::<$($generics:ty),*>)?),
>> + @fields($($fields:tt)*),
>> + @error($err:ty),
>> + // Either `PinData` or `InitData`, `$use_data` should only be present in the `PinData`
>> + // case.
>> + @data($data:ident, $($use_data:ident)?),
>> + // `HasPinData` or `HasInitData`.
>> + @has_data($has_data:ident, $get_data:ident),
>> + // `pin_init_from_closure` or `init_from_closure`.
>> + @construct_closure($construct_closure:ident),
>> + @munch_fields($ignore:tt $($rest:tt)*),
>> + ) => {
>> + $crate::__init_internal!(
>> + @this($($this)?),
>> + @typ($t $(::<$($generics),*>)? ),
>> + @fields($($fields)*),
>> + @error($err),
>> + @data($data, $($use_data)?),
>> + @has_data($has_data, $get_data),
>> + @construct_closure($construct_closure),
>> + @munch_fields($($rest)*),
>> + )
>> + };
>> + (with_update_parsed:
>> + @this($($this:ident)?),
>> + @typ($t:ident $(::<$($generics:ty),*>)?),
>> + @fields($($fields:tt)*),
>> + @error($err:ty),
>> + // Either `PinData` or `InitData`, `$use_data` should only be present in the `PinData`
>> + // case.
>> + @data($data:ident, $($use_data:ident)?),
>> + // `HasPinData` or `HasInitData`.
>> + @has_data($has_data:ident, $get_data:ident),
>> + // `pin_init_from_closure` or `init_from_closure`.
>> + @construct_closure($construct_closure:ident),
>> + @zeroed($($init_zeroed:expr)?),
>> ) => {{
>> // We do not want to allow arbitrary returns, so we declare this type as the `Ok` return
>> // type and shadow it later when we insert the arbitrary user code. That way there will be
>> @@ -1024,6 +1101,17 @@ macro_rules! __init_internal {
>> {
>> // Shadow the structure so it cannot be used to return early.
>> struct __InitOk;
>> + // If `$init_zeroed` is present we should zero the slot now and not emit an
>> + // error when fields are missing (since they will be zeroed). We also have to
>> + // check that the type actually implements `Zeroable`.
>> + $(
>> + fn is_zeroable<T: Zeroable>(ptr: *mut T) {}
>
> Maybe call this assert_zeroable?
Sure.
>
>> + // Ensure that the struct is indeed `Zeroable`.
>> + is_zeroable(slot);
>> + // SAFETY: The type implements `Zeroable` by the check above.
>> + unsafe { ::core::ptr::write_bytes(slot, 0, 1) };
>> + $init_zeroed // this will be `()` if set.
>
> How does this work? Shouldn't there be a ; after $init_zeroed to consume the () value?
It is the last expression of a block and since it is `()` it is ok
(adding a ; would also be ok, but it is not necessary).
>
>> + )?
>> // Create the `this` so it can be referenced by the user inside of the
>> // expressions creating the individual fields.
>> $(let $this = unsafe { ::core::ptr::NonNull::new_unchecked(slot) };)?
>> @@ -1064,7 +1152,7 @@ macro_rules! __init_internal {
>> @data($data:ident),
>> @slot($slot:ident),
>> @guards($($guards:ident,)*),
>> - @munch_fields($(,)?),
>> + @munch_fields($(..Zeroable::zeroed())? $(,)?),
>> ) => {
>> // Endpoint of munching, no fields are left. If execution reaches this point, all fields
>> // have been initialized. Therefore we can now dismiss the guards by forgetting them.
>> @@ -1157,6 +1245,30 @@ macro_rules! __init_internal {
>> @munch_fields($($rest)*),
>> );
>> };
>> + (make_initializer:
>> + @slot($slot:ident),
>> + @type_name($t:ident),
>> + @munch_fields(..Zeroable::zeroed() $(,)?),
>> + @acc($($acc:tt)*),
>> + ) => {
>> + // Endpoint, nothing more to munch, create the initializer. Since the users specified
>> + // `..Zeroable::zeroed()`, the slot will already have been zeroed and all field that have
>> + // not been overwritten are thus zero and initialized. We still check that all fields are
>> + // actually accessible by using the struct update syntax ourselves.
>> + // Since we are in the `if false` branch, this will never get executed. We abuse `slot` to
>> + // get the correct type inference here:
>> + unsafe {
>> + let mut zeroed = ::core::mem::zeroed();
>> + // We have to use type inference her to make zeroed have the correct type. This does
>
> *here
Will fix.
--
Cheers,
Benno
>
>> + // not get executed, so it has no effect.
>> + ::core::ptr::write($slot, zeroed);
>> + zeroed = ::core::mem::zeroed();
>> + ::core::ptr::write($slot, $t {
>> + $($acc)*
>> + ..zeroed
>> + });
>> + }
>> + };
>> (make_initializer:
>> @slot($slot:ident),
>> @type_name($t:ident),
>> --
>> 2.41.0
>
> Cheers,
> Björn
next prev parent reply other threads:[~2023-06-24 21:15 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-24 9:24 [PATCH 1/7] rust: init: consolidate init macros Benno Lossin
2023-06-24 9:25 ` [PATCH 2/7] rust: add derive macro for `Zeroable` Benno Lossin
2023-06-24 14:55 ` Björn Roy Baron
2023-06-25 20:46 ` Gary Guo
2023-07-03 11:50 ` Alice Ryhl
2023-06-24 9:25 ` [PATCH 3/7] rust: init: make guards in the init macros hygienic Benno Lossin
2023-06-24 14:58 ` Björn Roy Baron
2023-06-25 20:54 ` Gary Guo
2023-06-28 11:41 ` Benno Lossin
2023-06-28 16:48 ` Gary Guo
2023-06-24 9:25 ` [PATCH 4/7] rust: init: wrap type checking struct initializers in a closure Benno Lossin
2023-06-24 15:03 ` Björn Roy Baron
2023-06-24 21:05 ` Benno Lossin
2023-06-24 9:25 ` [PATCH 5/7] rust: init: add `..Zeroable::zeroed()` syntax for zeroing all missing fields Benno Lossin
2023-06-24 15:11 ` Björn Roy Baron
2023-06-24 21:14 ` Benno Lossin [this message]
2023-06-25 12:56 ` Björn Roy Baron
2023-06-25 13:07 ` Benno Lossin
2023-06-25 14:17 ` Björn Roy Baron
2023-06-25 16:46 ` Benno Lossin
2023-07-03 11:58 ` Alice Ryhl
2023-07-03 18:15 ` Boqun Feng
2023-07-05 17:48 ` Gary Guo
2023-07-05 21:44 ` Benno Lossin
2023-06-24 9:25 ` [PATCH 6/7] rust: init: Add functions to create array initializers Benno Lossin
2023-06-24 15:17 ` Björn Roy Baron
2023-07-03 12:03 ` Alice Ryhl
2023-06-24 9:25 ` [PATCH 7/7] rust: init: add support for arbitrary paths in init macros Benno Lossin
2023-06-24 15:20 ` Björn Roy Baron
2023-06-25 21:01 ` Gary Guo
2023-06-28 11:26 ` Benno Lossin
2023-06-28 17:13 ` Gary Guo
2023-06-24 14:49 ` [PATCH 1/7] rust: init: consolidate " Björn Roy Baron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f4bcd952-1ad9-42b7-6e0b-72a115dcbe8e@proton.me \
--to=benno.lossin@proton.me \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=gary@garyguo.net \
--cc=lina@asahilina.net \
--cc=linux-kernel@vger.kernel.org \
--cc=nmi@metaspace.dk \
--cc=ojeda@kernel.org \
--cc=patches@lists.linux.dev \
--cc=rust-for-linux@vger.kernel.org \
--cc=wedsonaf@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).