Re: [PATCH 2/2] rust: workqueue: remove HasWork::OFFSET

From: Benno Lossin
Date: Fri Mar 14 2025 - 15:21:05 EST

Next message: John Stultz: "Re: [PATCH] Fix rolling back of CLOCK_MONOTONIC_COARSE"
Previous message: Kees Cook: "Re: [PATCH] module: Taint the kernel when write-protecting ro_after_init fails"
Next in thread: Tamir Duberstein: "Re: [PATCH 2/2] rust: workqueue: remove HasWork::OFFSET"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri Mar 7, 2025 at 10:58 PM CET, Tamir Duberstein wrote:
> Implement `HasWork::work_container_of` in `impl_has_work!`, narrowing
> the interface of `HasWork` and replacing pointer arithmetic with
> `container_of!`. Remove the provided implementation of
> `HasWork::get_work_offset` without replacement; an implementation is
> already generated in `impl_has_work!`. Remove the `Self: Sized` bound on
> `HasWork::work_container_of` which was apparently necessary to access
> `OFFSET` as `OFFSET` no longer exists.
>
> A similar API change was discussed on the hrtimer series[1].
>
> Link: https://lore.kernel.org/all/20250224-hrtimer-v3-v6-12-rc2-v9-1-5bd3bf0ce6cc@xxxxxxxxxx/ [1]
> Signed-off-by: Tamir Duberstein <tamird@xxxxxxxxx>
> ---
> rust/kernel/workqueue.rs | 45 ++++++++++++---------------------------------
> 1 file changed, 12 insertions(+), 33 deletions(-)

What is the motivation of this change? I didn't follow the discussion,
so if you explained it there, it would be nice if you could also add it
to this commit message.

> diff --git a/rust/kernel/workqueue.rs b/rust/kernel/workqueue.rs
> index 0cd100d2aefb..0e2e0ecc58a6 100644
> --- a/rust/kernel/workqueue.rs
> +++ b/rust/kernel/workqueue.rs
> @@ -429,51 +429,23 @@ pub unsafe fn raw_get(ptr: *const Self) -> *mut bindings::work_struct {
> ///
> /// # Safety
> ///
> -/// The [`OFFSET`] constant must be the offset of a field in `Self` of type [`Work<T, ID>`]. The
> -/// methods on this trait must have exactly the behavior that the definitions given below have.
> +/// The methods on this trait must have exactly the behavior that the definitions given below have.
> ///
> /// [`impl_has_work!`]: crate::impl_has_work
> -/// [`OFFSET`]: HasWork::OFFSET
> pub unsafe trait HasWork<T, const ID: u64 = 0> {
> - /// The offset of the [`Work<T, ID>`] field.
> - const OFFSET: usize;
> -
> - /// Returns the offset of the [`Work<T, ID>`] field.
> - ///
> - /// This method exists because the [`OFFSET`] constant cannot be accessed if the type is not
> - /// [`Sized`].
> - ///
> - /// [`OFFSET`]: HasWork::OFFSET
> - #[inline]
> - fn get_work_offset(&self) -> usize {
> - Self::OFFSET
> - }
> -
> /// Returns a pointer to the [`Work<T, ID>`] field.
> ///
> /// # Safety
> ///
> /// The provided pointer must point at a valid struct of type `Self`.
> - #[inline]
> - unsafe fn raw_get_work(ptr: *mut Self) -> *mut Work<T, ID> {
> - // SAFETY: The caller promises that the pointer is valid.
> - unsafe { (ptr as *mut u8).add(Self::OFFSET) as *mut Work<T, ID> }
> - }
> + unsafe fn raw_get_work(ptr: *mut Self) -> *mut Work<T, ID>;
>
> /// Returns a pointer to the struct containing the [`Work<T, ID>`] field.
> ///
> /// # Safety
> ///
> /// The pointer must point at a [`Work<T, ID>`] field in a struct of type `Self`.
> - #[inline]
> - unsafe fn work_container_of(ptr: *mut Work<T, ID>) -> *mut Self
> - where
> - Self: Sized,

This bound is required in order to allow the usage of `dyn HasWork` (ie
object safety), so it should stay.

Maybe add a comment explaining why it's there.

---
Cheers,
Benno

> - {
> - // SAFETY: The caller promises that the pointer points at a field of the right type in the
> - // right kind of struct.
> - unsafe { (ptr as *mut u8).sub(Self::OFFSET) as *mut Self }
> - }
> + unsafe fn work_container_of(ptr: *mut Work<T, ID>) -> *mut Self;
> }
>
> /// Used to safely implement the [`HasWork<T, ID>`] trait.
> @@ -504,8 +476,6 @@ macro_rules! impl_has_work {
> // SAFETY: The implementation of `raw_get_work` only compiles if the field has the right
> // type.
> unsafe impl$(<$($generics)+>)? $crate::workqueue::HasWork<$work_type $(, $id)?> for $self {
> - const OFFSET: usize = ::core::mem::offset_of!(Self, $field) as usize;
> -
> #[inline]
> unsafe fn raw_get_work(ptr: *mut Self) -> *mut $crate::workqueue::Work<$work_type $(, $id)?> {
> // SAFETY: The caller promises that the pointer is not dangling.
> @@ -513,6 +483,15 @@ unsafe fn raw_get_work(ptr: *mut Self) -> *mut $crate::workqueue::Work<$work_typ
> ::core::ptr::addr_of_mut!((*ptr).$field)
> }
> }
> +
> + #[inline]
> + unsafe fn work_container_of(
> + ptr: *mut $crate::workqueue::Work<$work_type $(, $id)?>,
> + ) -> *mut Self {
> + // SAFETY: The caller promises that the pointer points at a field of the right type
> + // in the right kind of struct.
> + unsafe { $crate::container_of!(ptr, Self, $field) }
> + }
> }
> )*};
> }

Next message: John Stultz: "Re: [PATCH] Fix rolling back of CLOCK_MONOTONIC_COARSE"
Previous message: Kees Cook: "Re: [PATCH] module: Taint the kernel when write-protecting ro_after_init fails"
Next in thread: Tamir Duberstein: "Re: [PATCH 2/2] rust: workqueue: remove HasWork::OFFSET"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]