Re: [PATCH 2/2] rust: workqueue: remove HasWork::OFFSET

From: Tamir Duberstein
Date: Sat Mar 15 2025 - 11:38:38 EST

Next message: Christian Marangi: "[net-next PATCH v13 01/14] dt-bindings: nvmem: Document support for Airoha AN8855 Switch EFUSE"
Previous message: Bjorn Andersson: "Re: [PATCH] remoteproc: qcom: pas: add minidump_id to SC7280 WPSS"
In reply to: Benno Lossin: "Re: [PATCH 2/2] rust: workqueue: remove HasWork::OFFSET"
Next in thread: Benno Lossin: "Re: [PATCH 2/2] rust: workqueue: remove HasWork::OFFSET"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Mar 15, 2025 at 5:30 AM Benno Lossin <benno.lossin@xxxxxxxxx> wrote:
>
> On Fri Mar 14, 2025 at 9:44 PM CET, Tamir Duberstein wrote:
> > On Fri, Mar 14, 2025 at 3:20 PM Benno Lossin <benno.lossin@xxxxxxxxx> wrote:
> >>
> >> On Fri Mar 7, 2025 at 10:58 PM CET, Tamir Duberstein wrote:
> >> > Implement `HasWork::work_container_of` in `impl_has_work!`, narrowing
> >> > the interface of `HasWork` and replacing pointer arithmetic with
> >> > `container_of!`. Remove the provided implementation of
> >> > `HasWork::get_work_offset` without replacement; an implementation is
> >> > already generated in `impl_has_work!`. Remove the `Self: Sized` bound on
> >> > `HasWork::work_container_of` which was apparently necessary to access
> >> > `OFFSET` as `OFFSET` no longer exists.
> >> >
> >> > A similar API change was discussed on the hrtimer series[1].
> >> >
> >> > Link: https://lore.kernel.org/all/20250224-hrtimer-v3-v6-12-rc2-v9-1-5bd3bf0ce6cc@xxxxxxxxxx/ [1]
> >> > Signed-off-by: Tamir Duberstein <tamird@xxxxxxxxx>
> >> > ---
> >> > rust/kernel/workqueue.rs | 45 ++++++++++++---------------------------------
> >> > 1 file changed, 12 insertions(+), 33 deletions(-)
> >>
> >> What is the motivation of this change? I didn't follow the discussion,
> >> so if you explained it there, it would be nice if you could also add it
> >> to this commit message.
> >
> > The motivation is right at the top: it narrows the interface and
> > replaces pointer arithmetic with an existing macro, and then deletes
> > unnecessary code.
> >
> >> > diff --git a/rust/kernel/workqueue.rs b/rust/kernel/workqueue.rs
> >> > index 0cd100d2aefb..0e2e0ecc58a6 100644
> >> > --- a/rust/kernel/workqueue.rs
> >> > +++ b/rust/kernel/workqueue.rs
> >> > @@ -429,51 +429,23 @@ pub unsafe fn raw_get(ptr: *const Self) -> *mut bindings::work_struct {
> >> > ///
> >> > /// # Safety
> >> > ///
> >> > -/// The [`OFFSET`] constant must be the offset of a field in `Self` of type [`Work<T, ID>`]. The
> >> > -/// methods on this trait must have exactly the behavior that the definitions given below have.
> >> > +/// The methods on this trait must have exactly the behavior that the definitions given below have.
> >> > ///
> >> > /// [`impl_has_work!`]: crate::impl_has_work
> >> > -/// [`OFFSET`]: HasWork::OFFSET
> >> > pub unsafe trait HasWork<T, const ID: u64 = 0> {
> >> > - /// The offset of the [`Work<T, ID>`] field.
> >> > - const OFFSET: usize;
> >> > -
> >> > - /// Returns the offset of the [`Work<T, ID>`] field.
> >> > - ///
> >> > - /// This method exists because the [`OFFSET`] constant cannot be accessed if the type is not
> >> > - /// [`Sized`].
> >> > - ///
> >> > - /// [`OFFSET`]: HasWork::OFFSET
> >> > - #[inline]
> >> > - fn get_work_offset(&self) -> usize {
> >> > - Self::OFFSET
> >> > - }
> >> > -
> >> > /// Returns a pointer to the [`Work<T, ID>`] field.
> >> > ///
> >> > /// # Safety
> >> > ///
> >> > /// The provided pointer must point at a valid struct of type `Self`.
> >> > - #[inline]
> >> > - unsafe fn raw_get_work(ptr: *mut Self) -> *mut Work<T, ID> {
> >> > - // SAFETY: The caller promises that the pointer is valid.
> >> > - unsafe { (ptr as *mut u8).add(Self::OFFSET) as *mut Work<T, ID> }
> >> > - }
> >> > + unsafe fn raw_get_work(ptr: *mut Self) -> *mut Work<T, ID>;
> >> >
> >> > /// Returns a pointer to the struct containing the [`Work<T, ID>`] field.
> >> > ///
> >> > /// # Safety
> >> > ///
> >> > /// The pointer must point at a [`Work<T, ID>`] field in a struct of type `Self`.
> >> > - #[inline]
> >> > - unsafe fn work_container_of(ptr: *mut Work<T, ID>) -> *mut Self
> >> > - where
> >> > - Self: Sized,
> >>
> >> This bound is required in order to allow the usage of `dyn HasWork` (ie
> >> object safety), so it should stay.
> >>
> >> Maybe add a comment explaining why it's there.
> >
> > I guess a doctest would be better, but I still don't understand why
> > the bound is needed. Sorry, can you cite something or explain in more
> > detail please?
>
> Here is a link: https://doc.rust-lang.org/reference/items/traits.html#dyn-compatibility
>
> But I realized that the trait wasn't object safe to begin with due to
> the `OFFSET` associated constant. So I'm not sure we need this. Alice,
> do you need `dyn HasWork`?

I wrote a simple test:

diff --git a/rust/kernel/workqueue.rs b/rust/kernel/workqueue.rs
index 0e2e0ecc58a6..4f2dd2c1ebcb 100644
--- a/rust/kernel/workqueue.rs
+++ b/rust/kernel/workqueue.rs
@@ -448,6 +448,11 @@ pub unsafe trait HasWork<T, const ID: u64 = 0> {
unsafe fn work_container_of(ptr: *mut Work<T, ID>) -> *mut Self;
}

+fn has_work_object_safe<T: HasWork<T>>(has_work: T) {
+ fn _assert_object_safe(_: &dyn HasWork<()>) {}
+ _assert_object_safe(&has_work);
+}
+
/// Used to safely implement the [`HasWork<T, ID>`] trait.
///
/// # Examples

`HasWork` is not object-safe even before this patch:

> error[E0038]: the trait `workqueue::HasWork` cannot be made into an object
> --> ../rust/kernel/workqueue.rs:481:25
> |
> 481 | _assert_object_safe(&has_work);
> | ^^^^^^^^^ `workqueue::HasWork` cannot be made into an object
> |
> note: for a trait to be "dyn-compatible" it needs to allow building a vtable to allow the call to be resolvable dynamically; for more information visit <https://doc.rust-lang.org/reference/items/traits.html#object-safety>
> --> ../rust/kernel/workqueue.rs:439:11
> |
> 437 | pub unsafe trait HasWork<T, const ID: u64 = 0> {
> | ------- this trait cannot be made into an object...
> 438 | /// The offset of the [`Work<T, ID>`] field.
> 439 | const OFFSET: usize;
> | ^^^^^^ ...because it contains this associated `const`
> ...
> 458 | unsafe fn raw_get_work(ptr: *mut Self) -> *mut Work<T, ID> {
> | ^^^^^^^^^^^^ ...because associated function `raw_get_work` has no `self` parameter
> = help: consider moving `OFFSET` to another trait
> = help: only type `workqueue::ClosureWork<T>` is seen to implement the trait in this crate, consider using it directly instead
> = note: `workqueue::HasWork` can be implemented in other crates; if you want to support your users passing their own types here, you can't refer to a specific type
> help: consider turning `raw_get_work` into a method by giving it a `&self` argument
> |
> 458 | unsafe fn raw_get_work(&self, ptr: *mut Self) -> *mut Work<T, ID> {
> | ++++++
> help: alternatively, consider constraining `raw_get_work` so it does not apply to trait objects
> |
> 458 | unsafe fn raw_get_work(ptr: *mut Self) -> *mut Work<T, ID> where Self: Sized {
> | +++++++++++++++++
>
> error: aborting due to 3 previous errors

so I don't think adding the Sized bound makes sense - we'd end up
adding it on every item in the trait.

Next message: Christian Marangi: "[net-next PATCH v13 01/14] dt-bindings: nvmem: Document support for Airoha AN8855 Switch EFUSE"
Previous message: Bjorn Andersson: "Re: [PATCH] remoteproc: qcom: pas: add minidump_id to SC7280 WPSS"
In reply to: Benno Lossin: "Re: [PATCH 2/2] rust: workqueue: remove HasWork::OFFSET"
Next in thread: Benno Lossin: "Re: [PATCH 2/2] rust: workqueue: remove HasWork::OFFSET"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]