[PATCH v3 01/16] rust: init: introduce `Opaque::try_ffi_init`
From: Danilo Krummrich
Date: Tue Oct 22 2024 - 17:33:03 EST
From: Wedson Almeida Filho <walmeida@xxxxxxxxxxxxx>
This is the same as `Opaque::ffi_init`, but returns a `Result`.
This is used by subsequent patches to implement the FFI init of static
driver structures on registration.
Signed-off-by: Wedson Almeida Filho <walmeida@xxxxxxxxxxxxx>
Signed-off-by: Danilo Krummrich <dakr@xxxxxxxxxx>
---
rust/kernel/types.rs | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
index ced143600eb1..236e8de5844b 100644
--- a/rust/kernel/types.rs
+++ b/rust/kernel/types.rs
@@ -239,14 +239,22 @@ pub const fn uninit() -> Self {
/// uninitialized. Additionally, access to the inner `T` requires `unsafe`, so the caller needs
/// to verify at that point that the inner value is valid.
pub fn ffi_init(init_func: impl FnOnce(*mut T)) -> impl PinInit<Self> {
+ Self::try_ffi_init(move |slot| {
+ init_func(slot);
+ Ok(())
+ })
+ }
+
+ /// Similar to [`Self::ffi_init`], except that the closure can fail.
+ ///
+ /// To avoid leaks on failure, the closure must drop any fields it has initialised before the
+ /// failure.
+ pub fn try_ffi_init<E>(
+ init_func: impl FnOnce(*mut T) -> Result<(), E>,
+ ) -> impl PinInit<Self, E> {
// SAFETY: We contain a `MaybeUninit`, so it is OK for the `init_func` to not fully
// initialize the `T`.
- unsafe {
- init::pin_init_from_closure::<_, ::core::convert::Infallible>(move |slot| {
- init_func(Self::raw_get(slot));
- Ok(())
- })
- }
+ unsafe { init::pin_init_from_closure(|slot| init_func(Self::raw_get(slot))) }
}
/// Returns a raw pointer to the opaque data.
--
2.46.2