| Message ID | 20230321194934.908891-1-y86-dev@protonmail.com |
|---|---|
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:604a:0:0:0:0:0 with SMTP id j10csp1979811wrt;
Tue, 21 Mar 2023 12:57:48 -0700 (PDT)
X-Google-Smtp-Source:
AK7set8BjEeqBb+qnDA6E4+o0WL8uyypcI5WJgaM4h8u9TtKrn3P4sodVAVN5k5v2xooYT7iQyy9
X-Received: by 2002:a05:6a20:389e:b0:c7:717f:4863 with SMTP id
n30-20020a056a20389e00b000c7717f4863mr3053801pzf.21.1679428668581;
Tue, 21 Mar 2023 12:57:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1679428668; cv=none;
d=google.com; s=arc-20160816;
b=Xh7iezQ1FZOmls1E7J4T9ioxUGdPT3D9Sv0Fz+2QXZCu7tu9UWnHoJOcqdjRX5hbUN
S8aBbY+d1qpGUEOZF0j3CGJ8cM+pM9oE5QIh0ayv5R7WtlRviqslvBVNcs5eF4w3+gVy
F53IrfJevlPaHoa5kLUsVVm+icum/7jUvmBQIlmVUKRLFdl/7Vz+1FSSDmccQNVBwYz3
yKdhg1QuOs74/1eSjO8jwjzfr8QZdwjjCArR/hvR4vcvxPw6Md+BstixLMf5HZOCQ0Dv
0POilS4yVi3+5dIFdQ3a3K84JO1D3NGyttSZpNzKkp6hDkIbuF2yky8SWFcWN4UG4RIJ
gF3A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:feedback-id:message-id:subject:cc:from:to:dkim-signature:date;
bh=MV+8YcJMMrOoTL5qWURRXCmjD/bQi79XK3AI3Uupjl4=;
b=pGqv44WAmCDCWMmNPzWIhwE5SXrOgkGSIeEEECjRTGuXLIWonT1x6QhI1NivmzN44z
4dt2Begkka//YcLNA82sogdyKntwWknALHHe6q0s+9Ds6rxhdp0LRAT2s+ZLfNUFO4Rv
9Ynmf8aNPb8cY4lTdrIwcouq+jIjaRAR/SQMEM5Sb5tvWfnuiwWbpJAGhmZcAbs87WX8
oFB1Eb4vSep5EitmvGRSB0xH9tJ6IQBTbB/vvT/43PrYUcPrf+Ar/IRTdiO6Tdy9im/x
/kRPrE4B5n/zeOgacwGO/1HODXuZEtIgIvZNnRMU3m0xrmkn1pQsQla+WIodcEIGX0UC
O0aw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@protonmail.com header.s=protonmail3
header.b="VJ5yr/jG";
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE)
header.from=protonmail.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
s20-20020a63f054000000b004ff70043ff9si13866157pgj.770.2023.03.21.12.57.33;
Tue, 21 Mar 2023 12:57:48 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@protonmail.com header.s=protonmail3
header.b="VJ5yr/jG";
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE)
header.from=protonmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229524AbjCUTuK (ORCPT <rfc822;ezelljr.billy@gmail.com>
+ 99 others); Tue, 21 Mar 2023 15:50:10 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48002 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229527AbjCUTuE (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 21 Mar 2023 15:50:04 -0400
Received: from mail-4322.protonmail.ch (mail-4322.protonmail.ch
[185.70.43.22])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 976502123;
Tue, 21 Mar 2023 12:50:00 -0700 (PDT)
Date: Tue, 21 Mar 2023 19:49:45 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
s=protonmail3; t=1679428197; x=1679687397;
bh=MV+8YcJMMrOoTL5qWURRXCmjD/bQi79XK3AI3Uupjl4=;
h=Date:To:From:Cc:Subject:Message-ID:Feedback-ID:From:To:Cc:Date:
Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector;
b=VJ5yr/jGRAVs2+vNly9VUAHkyV9pLMogTxndHoblk/QLd7NSPUwDIq2COgaS3WOPU
hSO9bUqCcVwAilR3aiHFUSvAbzXYfFQDPrXb/cTZgsks3Z1f0DeGzAetdPnGr/Nw2K
ooNHV2EZkniXTb94CIeDFcT+uyFcBTT4QtsGU0YT/rsdYyObt27DI8QDLfwuAxTEbt
5W78WAtQIoFEnr0C86oT9w/sywUrwIvBONVueHzRgjfsYWPgSAaV/f9PKL2uJyenjT
GoOYryukcgKuU/Z06vexnGmVmBVljhXFXeWB9IVunez2yONSBTaMYXf2uWj+8E0Skn
wcCGX8+sWlfDw==
To: Miguel Ojeda <ojeda@kernel.org>, Alex Gaynor <alex.gaynor@gmail.com>,
Wedson Almeida Filho <wedsonaf@gmail.com>, Boqun Feng <boqun.feng@gmail.com>,
Gary Guo <gary@garyguo.net>,
=?utf-8?q?Bj=C3=B6rn_Roy_Baron?= <bjorn3_gh@protonmail.com>
From: Benno Lossin <y86-dev@protonmail.com>
Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org,
patches@lists.linux.dev
Subject: [PATCH v2 0/5] Rust pin-init API for pinned initialization of structs
Message-ID: <20230321194934.908891-1-y86-dev@protonmail.com>
Feedback-ID: 40624463:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_MSPIKE_H2,
SPF_HELO_PASS,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no
version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1761008595748369818?=
X-GMAIL-MSGID: =?utf-8?q?1761008595748369818?=
|
| Series |
Rust pin-init API for pinned initialization of structs
|
|
Message
y86-dev
March 21, 2023, 7:49 p.m. UTC
This is the second version of the pin-init API. See [1] for the cover letter of v1. Changelog v1 -> v2: - split the common module and `UniqueArc::assume_init` into their own commits - change the generics syntax of `pin_init!` to reflect normal struct generic syntax - replace `PinnedDrop::__ensure_no_unsafe_op_in_drop` with an only unsafely creatable token - hide `StackInit<T>` in the docs, because it is internal API - improve macro internals of `pin_init!` according to Gary's review - add check for `PhantomPinned` fields without a `#[pin]` attribute in `#[pin_data]`, as those fields will not have the intended effect - add docs to `quote.rs` The first patch adds a utility macro `quote!` for proc-macros. This macro converts the typed characters directly into Rust tokens that are the output of proc-macros. It is used by the pin-init API. The second patch adds the `assume_init` function to `UniqueArc<MaybeUninit<T>>` that unsafely assumes the pointee to be initialized and returns a `UniqueArc<T>`. This function is used by `UniqueArc::write` function and by the third patch. The third patch introduces the pin-init API. The commit message details the problem it solves and lays out the overall architecture. The implementation details are fairly complex; however, this is required to provide a safe API for users -- reducing the amount of `unsafe` code is a key goal of the Rust support in the kernel. An example of the before/after difference from the point of view of users is provided in the commit message. Ultimately, it is a goal is to at some point have this as a language feature of Rust. A first step in this direction is the Field Projection RFC [2]. The fourth patch adds the `kernel::init::common` module. It provides functions for easier initialization of raw `Opaque<T>` objects via FFI-functions. This is necessary when writing Rust wrappers. The fifth patch improves the function `UniqueArc::try_new_uninit` by using the pin-init API. The old version first allocated uninitialized memory on the stack and then moved it into the location in the heap. The new version directly allocates this on the heap. These patches are also a long way coming, since I held a presentation on safe pinned initialization at Kangrejos [3]. And my discovery of this problem was almost a year ago [4]. The repository at [5] contains these patches applied. The Rust-doc documentation of the pin-init API can be found at [6]. Link: https://lore.kernel.org/rust-for-linux/Bk4Yd1TBtgoLg2g_c37V3c_Wt30FMS89z7LrjnfadhDquwG_0dUGz1c_9BlMDmymg0tCACBpmCw-wZxlg4Jl4W2gkorh5P78ePgSnJVR5cU=@protonmail.com/T/#u [1] Link: https://github.com/rust-lang/rfcs/pull/3318 [2] Link: https://kangrejos.com [3] Link: https://github.com/Rust-for-Linux/linux/issues/772 [4] Link: https://github.com/y86-dev/linux.git patch/pinned-init-v1 [5] Link: https://rust-for-linux.github.io/docs/pinned-init/kernel/init [6] Benno Lossin (4): rust: sync: add `assume_init` to `UniqueArc` rust: add pin-init API rust: init: add common init-helper functions for `Opaque` rust: sync: reduce stack usage of `UniqueArc::try_new_uninit` Gary Guo (1): rust: macros: add `quote!` macro rust/kernel/init.rs | 1429 ++++++++++++++++++++++++++++++++++++ rust/kernel/init/common.rs | 42 ++ rust/kernel/init/macros.rs | 481 ++++++++++++ rust/kernel/lib.rs | 6 + rust/kernel/prelude.rs | 6 +- rust/kernel/sync/arc.rs | 48 +- rust/kernel/types.rs | 8 + rust/macros/lib.rs | 80 ++ rust/macros/pin_data.rs | 79 ++ rust/macros/pinned_drop.rs | 49 ++ rust/macros/quote.rs | 143 ++++ scripts/Makefile.build | 2 +- 12 files changed, 2369 insertions(+), 4 deletions(-) create mode 100644 rust/kernel/init.rs create mode 100644 rust/kernel/init/common.rs create mode 100644 rust/kernel/init/macros.rs create mode 100644 rust/macros/pin_data.rs create mode 100644 rust/macros/pinned_drop.rs create mode 100644 rust/macros/quote.rs base-commit: fe15c26ee26efa11741a7b632e9f23b01aca4cc6 -- 2.39.2
Comments
On Tue, Mar 21, 2023 at 07:50:05PM +0000, Benno Lossin wrote: > Add helper functions to more easily initialize `Opaque<T>` via FFI. > These functions take a function pointer to the FFI-initialization > function and take between 0-4 other arguments. It then returns an > initializer that uses the FFI function along with the given arguments to > initialize an `Opaque<T>`. > > Signed-off-by: Benno Lossin <y86-dev@protonmail.com> > --- > rust/kernel/init.rs | 1 + > rust/kernel/init/common.rs | 42 ++++++++++++++++++++++++++++++++++++++ > 2 files changed, 43 insertions(+) > create mode 100644 rust/kernel/init/common.rs > > diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs > index 895845db6f2b..5b8adb8727b2 100644 > --- a/rust/kernel/init.rs > +++ b/rust/kernel/init.rs > @@ -207,6 +207,7 @@ use core::{ > ptr, > }; > > +pub mod common; > #[doc(hidden)] > pub mod macros; > > diff --git a/rust/kernel/init/common.rs b/rust/kernel/init/common.rs > new file mode 100644 > index 000000000000..f8c6e9dff786 > --- /dev/null > +++ b/rust/kernel/init/common.rs > @@ -0,0 +1,42 @@ > +// SPDX-License-Identifier: Apache-2.0 OR MIT > + > +//! Module containing common kernel initializer functions. > + > +use crate::{ > + init::{self, PinInit}, > + types::Opaque, > +}; > + > +macro_rules! create_func { > + ($name:ident $(, $arg_name:ident: $arg_typ:ident)*) => { > + /// Create an initializer using the given initializer function from C. > + /// > + /// # Safety > + /// > + /// The given function **must** under all circumstances initialize the memory location to a > + /// valid `T`. If it fails to do so it results in UB. > + /// > + /// If any parameters are given, those need to be valid for the function. Valid means that > + /// calling the function with those parameters complies with the above requirement **and** > + /// every other requirement on the function itself. > + pub unsafe fn $name<T $(, $arg_typ)*>( > + init_func: unsafe extern "C" fn(*mut T $(, $arg_name: $arg_typ)*), > + $($arg_name: $arg_typ,)* > + ) -> impl PinInit<Opaque<T>> { > + // SAFETY: The safety contract of this function ensures that `init_func` fully > + // initializes `slot`. > + unsafe { > + init::pin_init_from_closure(move |slot| { > + init_func(Opaque::raw_get(slot) $(, $arg_name)*); > + Ok(()) > + }) > + } > + } > + } > +} > + > +create_func!(ffi_init); > +create_func!(ffi_init1, arg1: A1); > +create_func!(ffi_init2, arg1: A1, arg2: A2); > +create_func!(ffi_init3, arg1: A1, arg2: A2, arg3: A3); > +create_func!(ffi_init4, arg1: A1, arg2: A2, arg3: A3, arg4: A4); I wonder whether it's better to make these as methods of Opaque<T>, i.e. impl<T> Opaque<T> { pub unsafe fn ffi_init(...) -> impl PinInit<Self> { ... } ... } then it's a little more obvious to users that these methods are for Opaque type pin init. Thoughts? Regards, Boqun > -- > 2.39.2 > >