Re: [PATCH 1/3] rust: page: replace the page pointer wrapper with Opaque

From: Abdiel Janulgue
Date: Tue Oct 08 2024 - 07:32:26 EST

Next message: Abdiel Janulgue: "Re: rust: page: Add support for vmalloc_to_page"
Previous message: Jonathan Cameron: "Re: [PATCH v3 1/6] thermal: of: Simplify thermal_of_should_bind with scoped for each OF child"
In reply to: Boqun Feng: "Re: [PATCH 1/3] rust: page: replace the page pointer wrapper with Opaque"
Next in thread: Boqun Feng: "Re: [PATCH 1/3] rust: page: replace the page pointer wrapper with Opaque"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 08/10/2024 10:04, Boqun Feng wrote:

On Tue, Oct 08, 2024 at 08:58:56AM +0200, Alice Ryhl wrote:

On Mon, Oct 7, 2024 at 10:28 PM Abdiel Janulgue
<abdiel.janulgue@xxxxxxxxx> wrote:

Replace NonNull with Opaque to make it possible to cast to a Page pointer
from a raw struct page pointer.

Signed-off-by: Abdiel Janulgue <abdiel.janulgue@xxxxxxxxx>
---
rust/kernel/page.rs | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/rust/kernel/page.rs b/rust/kernel/page.rs
index 208a006d587c..08ff09a25223 100644
--- a/rust/kernel/page.rs
+++ b/rust/kernel/page.rs
@@ -8,8 +8,9 @@
error::code::*,
error::Result,
uaccess::UserSliceReader,
+ types::Opaque,
};
-use core::ptr::{self, NonNull};
+use core::ptr::{self};

/// A bitwise shift for the page size.
pub const PAGE_SHIFT: usize = bindings::PAGE_SHIFT as usize;
@@ -25,8 +26,9 @@
/// # Invariants
///
/// The pointer is valid, and has ownership over the page.
+#[repr(transparent)]
pub struct Page {
- page: NonNull<bindings::page>,
+ page: Opaque<bindings::page>,
}

// SAFETY: Pages have no logic that relies on them staying on a given thread, so moving them across
@@ -65,15 +67,20 @@ pub fn alloc_page(flags: Flags) -> Result<Self, AllocError> {
// SAFETY: Depending on the value of `gfp_flags`, this call may sleep. Other than that, it
// is always safe to call this method.
let page = unsafe { bindings::alloc_pages(flags.as_raw(), 0) };
- let page = NonNull::new(page).ok_or(AllocError)?;
+ if page.is_null() {
+ return Err(AllocError);
+ }
+ // CAST: Self` is a `repr(transparent)` wrapper around `bindings::page`.
+ let ptr = page.cast::<Self>();
// INVARIANT: We just successfully allocated a page, so we now have ownership of the newly
// allocated page. We transfer that ownership to the new `Page` object.
- Ok(Self { page })
+ // SAFETY: According to invariant above ptr is valid.
+ Ok(unsafe { ptr::read(ptr) })

Using `ptr::read` on the page is definitely not okay. That duplicates
the contents of the `struct page`. You'll need some sort of pointer
type around `Page` instead.

Agreed. So may I suggest we introduce `Owned` type and `Ownable` trait
[1]? `alloc_page()` can be refactor to return a `Result<Owned<Self>,
AllocError>`.

[1]: https://lore.kernel.org/rust-for-linux/ZnCzLIly3DRK2eab@boqun-archlinux/

Thanks for the feedback. How do you propose we move forward, do I take a stab at implementing `Owned` type and `Ownable` trait?

Regards,
Abdiel

Regards,
Boqun

Alice

Next message: Abdiel Janulgue: "Re: rust: page: Add support for vmalloc_to_page"
Previous message: Jonathan Cameron: "Re: [PATCH v3 1/6] thermal: of: Simplify thermal_of_should_bind with scoped for each OF child"
In reply to: Boqun Feng: "Re: [PATCH 1/3] rust: page: replace the page pointer wrapper with Opaque"
Next in thread: Boqun Feng: "Re: [PATCH 1/3] rust: page: replace the page pointer wrapper with Opaque"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]