Re: [PATCH v3 0/5] Check Rust signatures at compile time

From: Miguel Ojeda
Date: Sun Mar 09 2025 - 16:48:00 EST

Next message: Jorge Marques: "Re: [PATCH 3/4] docs: iio: new docs for ad4052 driver"
Previous message: Barry Song: "Re: [PATCH 2/2] kcompressd: Add Kcompressd for accelerated zram compression"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Mar 3, 2025 at 9:45 AM Alice Ryhl <aliceryhl@xxxxxxxxxx> wrote:
>
> Rust has two different tools for generating function declarations to
> call across the FFI boundary:
>
> * bindgen. Generates Rust declarations from a C header.
> * cbindgen. Generates C headers from Rust declarations.
>
> However, we only use bindgen in the kernel. This means that when C code
> calls a Rust function by name, its signature must be duplicated in both
> Rust code and a C header, and the signature needs to be kept in sync
> manually.
>
> Introducing cbindgen as a mandatory dependency to build the kernel would
> be a rather complex and large change, so we do not consider that at this
> time. Instead, to eliminate this manual checking, introduce a new macro
> that verifies at compile time that the two function declarations use the
> same signature. The idea is to run the C declaration through bindgen,
> and then have rustc verify that the function pointers have the same
> type.
>
> The signature must still be written twice, but at least you can no
> longer get it wrong. If the signatures don't match, you will get errors
> that look like this:
>
> error[E0308]: `if` and `else` have incompatible types
> --> <linux>/rust/kernel/print.rs:22:22
> |
> 21 | #[export]
> | --------- expected because of this
> 22 | unsafe extern "C" fn rust_fmt_argument(
> | ^^^^^^^^^^^^^^^^^ expected `u8`, found `i8`
> |
> = note: expected fn item `unsafe extern "C" fn(*mut u8, *mut u8, *mut c_void) -> *mut u8 {bindings::rust_fmt_argument}`
> found fn item `unsafe extern "C" fn(*mut i8, *mut i8, *const c_void) -> *mut i8 {print::rust_fmt_argument}`
>
> It is unfortunate that the error message starts out by saying "`if` and
> `else` have incompatible types", but I believe the rest of the error
> message is reasonably clear and not too confusing.
>
> The main commit of this series is "rust: add #[export] macro".
>
> Signed-off-by: Alice Ryhl <aliceryhl@xxxxxxxxxx>

Applied to `rust-next` -- thanks everyone!

[ Removed period as requested by Andy. - Miguel ]

[ Fixed `rustfmt`. Moved on top the unsafe requirement comment to follow
the usual style, and slightly reworded it for clarity. Formatted
bindings helper comment. - Miguel ]

Cheers,
Miguel

Next message: Jorge Marques: "Re: [PATCH 3/4] docs: iio: new docs for ad4052 driver"
Previous message: Barry Song: "Re: [PATCH 2/2] kcompressd: Add Kcompressd for accelerated zram compression"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]