Re: [PATCH v3 10/13] rust: init: implement `Zeroable` for `UnsafeCell<T>` and `Opaque<T>`
From: Gary Guo
Date: Sun Aug 06 2023 - 12:08:42 EST
On Sat, 29 Jul 2023 09:10:19 +0000
Benno Lossin <benno.lossin@xxxxxxxxx> wrote:
> `UnsafeCell<T>` and `T` have the same layout so if `T` is `Zeroable`
> then so should `UnsafeCell<T>` be. This allows using the derive macro
> for `Zeroable` on types that contain an `UnsafeCell<T>`.
> Since `Opaque<T>` contains a `MaybeUninit<T>`, all bytes zero is a valid
> bit pattern for that type.
>
> Signed-off-by: Benno Lossin <benno.lossin@xxxxxxxxx>
Reviewed-by: Gary Guo <gary@xxxxxxxxxxx>
> ---
> v2 -> v3:
> - also implement Zeroable for `UnsafeCell<T>` when `T: Zeroable`,
> - use `impl_zeroable!` instead of `derive(Zeroable)`.
>
> rust/kernel/init.rs | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs
> index af96d4acc26b..06ecab4901f2 100644
> --- a/rust/kernel/init.rs
> +++ b/rust/kernel/init.rs
> @@ -212,10 +212,12 @@
> use crate::{
> error::{self, Error},
> sync::UniqueArc,
> + types::Opaque,
> };
> use alloc::boxed::Box;
> use core::{
> alloc::AllocError,
> + cell::UnsafeCell,
> convert::Infallible,
> marker::PhantomData,
> mem::MaybeUninit,
> @@ -1157,6 +1159,11 @@ macro_rules! impl_zeroable {
>
> // SAFETY: Type is allowed to take any value, including all zeros.
> {<T>} MaybeUninit<T>,
> + // SAFETY: Type is allowed to take any value, including all zeros.
> + {<T>} Opaque<T>,
> +
> + // SAFETY: `T: Zeroable` and `UnsafeCell` is `repr(transparent)`.
> + {<T: ?Sized + Zeroable>} UnsafeCell<T>,
>
> // SAFETY: All zeros is equivalent to `None` (option layout optimization guarantee).
> Option<NonZeroU8>, Option<NonZeroU16>, Option<NonZeroU32>, Option<NonZeroU64>,