Re: [PATCH v2] rust: workqueue: replace SAFETY TODO for `WorkItemPointer` impl on `Pin<KBox<T>>`

Next message: Aaron Ma: "Re: [PATCH] ASoC: rt1320-sdw: don't poll PDE state on power-down"
Previous message: Tushar Tibude: "[PATCH 2/3] EDAC: i5100: disable error reporting at teardown and create helper"
In reply to: Sagar Taunk: "[PATCH v2] rust: workqueue: replace SAFETY TODO for `WorkItemPointer` impl on `Pin&lt;KBox&lt;T&gt;&gt;`"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alice Ryhl

Date: Thu Apr 30 2026 - 04:47:00 EST

On Thu, Apr 30, 2026 at 12:49:28PM +0530, Sagar Taunk wrote:
> The original implementation left a `SAFETY: TODO` comment on the
> `WorkItemPointer` implementation for `Pin<KBox<T>>`. This patch documents
> the safety requirements that make this implementation sound.
>
> The safety argument follows the same structure as the `Arc<T>`
> implementation and relies on three guarantees:
> `__enqueue` strips the `Pin` wrapper via `Pin::into_inner_unchecked`
> and leaks the box via `KBox::into_raw`, producing `*mut T` whose
> allocation remains live for the duration of the queued work;
> `work_container_of` safely reverses the `raw_get_work` offset arithmetic to
> recover the exact `*mut T` that `__enqueue` produced; and the workqueue
> guarantees `run` is called exactly once, making `KBox::from_raw` sound.
>
> Signed-off-by: Sagar Taunk <sagartaunk2@xxxxxxxxx>

Thanks

Reviewed-by: Alice Ryhl <aliceryhl@xxxxxxxxxx>