[v2,1/2] rust: types: add Opaque::try_ffi_init

Message ID	20241001-b4-miscdevice-v2-1-330d760041fa@google.com (mailing list archive)
State	New
Headers	show Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4EBEE19AD87 for <linux-fsdevel@vger.kernel.org>; Tue, 1 Oct 2024 08:22:58 +0000 (UTC) Date: Tue, 01 Oct 2024 08:22:21 +0000 In-Reply-To: <20241001-b4-miscdevice-v2-0-330d760041fa@google.com> Precedence: bulk Mime-Version: 1.0 References: <20241001-b4-miscdevice-v2-0-330d760041fa@google.com> Message-ID: <20241001-b4-miscdevice-v2-1-330d760041fa@google.com> Subject: [PATCH v2 1/2] rust: types: add Opaque::try_ffi_init From: Alice Ryhl <aliceryhl@google.com> To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Arnd Bergmann <arnd@arndb.de>, Miguel Ojeda <ojeda@kernel.org>, Alexander Viro <viro@zeniv.linux.org.uk>, Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz> Cc: Boqun Feng <boqun.feng@gmail.com>, Gary Guo <gary@garyguo.net>, " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " <bjorn3_gh@protonmail.com>, Benno Lossin <benno.lossin@proton.me>, Andreas Hindborg <a.hindborg@kernel.org>, Trevor Gross <tmgross@umich.edu>, rust-for-linux@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Alice Ryhl <aliceryhl@google.com> Content-Type: text/plain; charset="utf-8"
Series	Miscdevices in Rust \| expand [v2,0/2] Miscdevices in Rust [v2,1/2] rust: types: add Opaque::try_ffi_init [v2,2/2] rust: miscdevice: add base miscdevice abstraction

Message ID

20241001-b4-miscdevice-v2-1-330d760041fa@google.com (mailing list archive)

State

New

Headers

Date: Tue, 01 Oct 2024 08:22:21 +0000
In-Reply-To: <20241001-b4-miscdevice-v2-0-330d760041fa@google.com>
Precedence: bulk
Mime-Version: 1.0
References: <20241001-b4-miscdevice-v2-0-330d760041fa@google.com>
Message-ID: <20241001-b4-miscdevice-v2-1-330d760041fa@google.com>
Subject: [PATCH v2 1/2] rust: types: add Opaque::try_ffi_init
From: Alice Ryhl <aliceryhl@google.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
 Arnd Bergmann <arnd@arndb.de>,
	Miguel Ojeda <ojeda@kernel.org>, Alexander Viro <viro@zeniv.linux.org.uk>,
	Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>
Cc: Boqun Feng <boqun.feng@gmail.com>, Gary Guo <gary@garyguo.net>,  "
	=?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " <bjorn3_gh@protonmail.com>,
 Benno Lossin <benno.lossin@proton.me>,
  Andreas Hindborg <a.hindborg@kernel.org>, Trevor Gross <tmgross@umich.edu>,
  rust-for-linux@vger.kernel.org, linux-fsdevel@vger.kernel.org,
  linux-kernel@vger.kernel.org, Alice Ryhl <aliceryhl@google.com>
Content-Type: text/plain; charset="utf-8"

Series

Miscdevices in Rust | expand

This will be used by the miscdevice abstractions, as the C function `misc_register` is fallible. Signed-off-by: Alice Ryhl <aliceryhl@google.com> --- rust/kernel/types.rs | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)

Comments

Benno Lossin Oct. 1, 2024, 8:46 a.m. UTC | #1

On 01.10.24 10:22, Alice Ryhl wrote:
> This will be used by the miscdevice abstractions, as the C function
> `misc_register` is fallible.
> 
> Signed-off-by: Alice Ryhl <aliceryhl@google.com>

Reviewed-by: Benno Lossin <benno.lossin@proton.me>

---
Cheers,
Benno

> ---
>  rust/kernel/types.rs | 16 ++++++++++++++++
>  1 file changed, 16 insertions(+)
> 
> diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
> index 9e7ca066355c..070d03152937 100644
> --- a/rust/kernel/types.rs
> +++ b/rust/kernel/types.rs
> @@ -299,6 +299,22 @@ pub fn ffi_init(init_func: impl FnOnce(*mut T)) -> impl PinInit<Self> {
>          }
>      }
> 
> +    /// Creates a fallible pin-initializer from the given initializer closure.
> +    ///
> +    /// The returned initializer calls the given closure with the pointer to the inner `T` of this
> +    /// `Opaque`. Since this memory is uninitialized, the closure is not allowed to read from it.
> +    ///
> +    /// This function is safe, because the `T` inside of an `Opaque` is allowed to be
> +    /// uninitialized. Additionally, access to the inner `T` requires `unsafe`, so the caller needs
> +    /// to verify at that point that the inner value is valid.
> +    pub fn try_ffi_init<E>(
> +        init_func: impl FnOnce(*mut T) -> Result<(), E>,
> +    ) -> impl PinInit<Self, E> {
> +        // SAFETY: We contain a `MaybeUninit`, so it is OK for the `init_func` to not fully
> +        // initialize the `T`.
> +        unsafe { init::pin_init_from_closure::<_, E>(move |slot| init_func(Self::raw_get(slot))) }
> +    }
> +
>      /// Returns a raw pointer to the opaque data.
>      pub const fn get(&self) -> *mut T {
>          UnsafeCell::get(&self.value).cast::<T>()
> 
> --
> 2.46.1.824.gd892dcdcdd-goog
>

Trevor Gross Oct. 25, 2024, 4:10 a.m. UTC | #2

On Tue, Oct 1, 2024 at 3:23 AM Alice Ryhl <aliceryhl@google.com> wrote:
>
> This will be used by the miscdevice abstractions, as the C function
> `misc_register` is fallible.
>
> Signed-off-by: Alice Ryhl <aliceryhl@google.com>
> ---
>  rust/kernel/types.rs | 16 ++++++++++++++++
>  1 file changed, 16 insertions(+)
>
> diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
> index 9e7ca066355c..070d03152937 100644
> --- a/rust/kernel/types.rs
> +++ b/rust/kernel/types.rs
> @@ -299,6 +299,22 @@ pub fn ffi_init(init_func: impl FnOnce(*mut T)) -> impl PinInit<Self> {
>          }
>      }
>
> +    /// Creates a fallible pin-initializer from the given initializer closure.
> +    ///
> +    /// The returned initializer calls the given closure with the pointer to the inner `T` of this
> +    /// `Opaque`. Since this memory is uninitialized, the closure is not allowed to read from it.
> +    ///
> +    /// This function is safe, because the `T` inside of an `Opaque` is allowed to be
> +    /// uninitialized. Additionally, access to the inner `T` requires `unsafe`, so the caller needs
> +    /// to verify at that point that the inner value is valid.
> +    pub fn try_ffi_init<E>(
> +        init_func: impl FnOnce(*mut T) -> Result<(), E>,
> +    ) -> impl PinInit<Self, E> {
> +        // SAFETY: We contain a `MaybeUninit`, so it is OK for the `init_func` to not fully
> +        // initialize the `T`.
> +        unsafe { init::pin_init_from_closure::<_, E>(move |slot| init_func(Self::raw_get(slot))) }
> +    }

[1] adjusts `ffi_init` to use `try_ffi_init`. Maybe this should do the same?

[1]: https://lore.kernel.org/rust-for-linux/20241022213221.2383-2-dakr@kernel.org/

Alice Ryhl Oct. 25, 2024, 7:57 a.m. UTC | #3

On Fri, Oct 25, 2024 at 6:10 AM Trevor Gross <tmgross@umich.edu> wrote:
>
> On Tue, Oct 1, 2024 at 3:23 AM Alice Ryhl <aliceryhl@google.com> wrote:
> >
> > This will be used by the miscdevice abstractions, as the C function
> > `misc_register` is fallible.
> >
> > Signed-off-by: Alice Ryhl <aliceryhl@google.com>
> > ---
> >  rust/kernel/types.rs | 16 ++++++++++++++++
> >  1 file changed, 16 insertions(+)
> >
> > diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
> > index 9e7ca066355c..070d03152937 100644
> > --- a/rust/kernel/types.rs
> > +++ b/rust/kernel/types.rs
> > @@ -299,6 +299,22 @@ pub fn ffi_init(init_func: impl FnOnce(*mut T)) -> impl PinInit<Self> {
> >          }
> >      }
> >
> > +    /// Creates a fallible pin-initializer from the given initializer closure.
> > +    ///
> > +    /// The returned initializer calls the given closure with the pointer to the inner `T` of this
> > +    /// `Opaque`. Since this memory is uninitialized, the closure is not allowed to read from it.
> > +    ///
> > +    /// This function is safe, because the `T` inside of an `Opaque` is allowed to be
> > +    /// uninitialized. Additionally, access to the inner `T` requires `unsafe`, so the caller needs
> > +    /// to verify at that point that the inner value is valid.
> > +    pub fn try_ffi_init<E>(
> > +        init_func: impl FnOnce(*mut T) -> Result<(), E>,
> > +    ) -> impl PinInit<Self, E> {
> > +        // SAFETY: We contain a `MaybeUninit`, so it is OK for the `init_func` to not fully
> > +        // initialize the `T`.
> > +        unsafe { init::pin_init_from_closure::<_, E>(move |slot| init_func(Self::raw_get(slot))) }
> > +    }
>
> [1] adjusts `ffi_init` to use `try_ffi_init`. Maybe this should do the same?
>
> [1]: https://lore.kernel.org/rust-for-linux/20241022213221.2383-2-dakr@kernel.org/

Ah, I wasn't able to find previous patches for this, but I guess there was one.

This patch has already landed in char-misc-next, so this can be a
follow-up if you want to change it.

Alice

diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
index 9e7ca066355c..070d03152937 100644
--- a/rust/kernel/types.rs
+++ b/rust/kernel/types.rs
@@ -299,6 +299,22 @@  pub fn ffi_init(init_func: impl FnOnce(*mut T)) -> impl PinInit<Self> {
         }
     }
 
+    /// Creates a fallible pin-initializer from the given initializer closure.
+    ///
+    /// The returned initializer calls the given closure with the pointer to the inner `T` of this
+    /// `Opaque`. Since this memory is uninitialized, the closure is not allowed to read from it.
+    ///
+    /// This function is safe, because the `T` inside of an `Opaque` is allowed to be
+    /// uninitialized. Additionally, access to the inner `T` requires `unsafe`, so the caller needs
+    /// to verify at that point that the inner value is valid.
+    pub fn try_ffi_init<E>(
+        init_func: impl FnOnce(*mut T) -> Result<(), E>,
+    ) -> impl PinInit<Self, E> {
+        // SAFETY: We contain a `MaybeUninit`, so it is OK for the `init_func` to not fully
+        // initialize the `T`.
+        unsafe { init::pin_init_from_closure::<_, E>(move |slot| init_func(Self::raw_get(slot))) }
+    }
+
     /// Returns a raw pointer to the opaque data.
     pub const fn get(&self) -> *mut T {
         UnsafeCell::get(&self.value).cast::<T>()

[v2,1/2] rust: types: add Opaque::try_ffi_init

Commit Message

Comments

Patch