Re: [PATCH v3 09/25] rust: alloc: implement kernel `Box`

From: Alice Ryhl
Date: Thu Aug 01 2024 - 08:49:19 EST

Next message: Borislav Petkov: "Re: [PATCH v3 0/2] PRM handler direct call interface"
Previous message: Ryan Roberts: "Re: [PATCH] arm64/mm: Avoid direct referencing page table enties in map_range()"
In reply to: Danilo Krummrich: "Re: [PATCH v3 09/25] rust: alloc: implement kernel `Box`"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Aug 1, 2024 at 2:45 PM Danilo Krummrich <dakr@xxxxxxxxxx> wrote:
>
> On Thu, Aug 01, 2024 at 10:55:51AM +0200, Alice Ryhl wrote:
> > On Thu, Aug 1, 2024 at 2:07 AM Danilo Krummrich <dakr@xxxxxxxxxx> wrote:
> > > + /// Converts a `Box<T>` into a `Pin<Box<T>>`.
> > > + #[inline]
> > > + pub fn into_pin(b: Self) -> Pin<Self>
> > > + where
> > > + A: 'static,
> > > + {
> > > + // SAFETY: It's not possible to move or replace the insides of a `Pin<Box<T>>` when
> > > + // `T: !Unpin`, so it's safe to pin it directly without any additional requirements.
> > > + unsafe { Pin::new_unchecked(b) }
> > > + }
> >
> > In the standard library, this functionality is provided using the From
> > trait rather than an inherent method. I think it makes sense to match
> > std here.
>
> I already provide `impl<T, A> From<Box<T, A>> for Pin<Box<T, A>>` in this patch,
> which just calls `Box::into_pin`.

Ah, ok, I might drop into_pin and only have From, but I'm ok either way.

> > > +impl<T: 'static, A> ForeignOwnable for crate::alloc::Box<T, A>
> > > +where
> > > + A: Allocator,
> > > +{
> > > + type Borrowed<'a> = &'a T;
> > > +
> > > + fn into_foreign(self) -> *const core::ffi::c_void {
> > > + crate::alloc::Box::into_raw(self) as _
> > > + }
> > > +
> > > + unsafe fn borrow<'a>(ptr: *const core::ffi::c_void) -> &'a T {
> > > + // SAFETY: The safety requirements for this function ensure that the object is still alive,
> > > + // so it is safe to dereference the raw pointer.
> > > + // The safety requirements of `from_foreign` also ensure that the object remains alive for
> > > + // the lifetime of the returned value.
> > > + unsafe { &*ptr.cast() }
> > > + }
> > > +
> > > + unsafe fn from_foreign(ptr: *const core::ffi::c_void) -> Self {
> > > + // SAFETY: The safety requirements of this function ensure that `ptr` comes from a previous
> > > + // call to `Self::into_foreign`.
> > > + unsafe { crate::alloc::Box::from_raw(ptr as _) }
> > > + }
> > > +}
> >
> > You may want to also implement ForeignOwnable for Pin<Box<T>>. See:
> > https://lore.kernel.org/all/20240730-foreign-ownable-pin-box-v1-1-b1d70cdae541@xxxxxxxxxx/
>
> Yeah, I think I've also seen another patch that it about to add a function to
> convert a `Box` back into uninit state.
>
> Depending how fast you need ForeignOwnable for Pin<Box<T>>, do you prefer to
> contribute a corresponding patch to this series?

It's easiest for me if you just add it to this patch of your series. I
don't care about credit in this particular case.

Alice

Next message: Borislav Petkov: "Re: [PATCH v3 0/2] PRM handler direct call interface"
Previous message: Ryan Roberts: "Re: [PATCH] arm64/mm: Avoid direct referencing page table enties in map_range()"
In reply to: Danilo Krummrich: "Re: [PATCH v3 09/25] rust: alloc: implement kernel `Box`"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]