From patchwork Fri Mar 31 21:51:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: y86-dev X-Patchwork-Id: 78007 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp871315vqo; Fri, 31 Mar 2023 15:13:32 -0700 (PDT) X-Google-Smtp-Source: AKy350Z/ZGFMDGQg4ENbQ03Q3knaUHEQtzxF3AIbPEvCQVa3DwgV2nWIY5szBaTyfOswY99LYym0 X-Received: by 2002:a05:6402:1044:b0:4fa:eccd:9849 with SMTP id e4-20020a056402104400b004faeccd9849mr25119727edu.9.1680300812755; Fri, 31 Mar 2023 15:13:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680300812; cv=none; d=google.com; s=arc-20160816; b=0MeVrVifN9jfjN73fr5CV9MOAUcSuFJd1cI69E+Jmx14zg2c/l8quL3Ls31bsK7s3I VGvuQe7dIEdAa7+W5WHw5GqGta5XB9dk5FWCMLfdx1kr/FdPq90JFUY3ShzxZodmwk/g fKT6HlQ3fxi/cv/oACPz54z5wSRwRUygJNLaPOxPaGwAfYOkLkfHL5yCdKpSuwE1g5dZ 23vUWBakD6jsqnhQe/tFQZCigA/QOyoaGeBtY1rE4k7G+dyNyyQMyBooKFwXxWtqe/AI /Swx8IvaiiU74rbaETF3T3lLc3cMsbn2ReLHUjMPGx3fxVC/y3zPxMZvWM4DjYiTiywD NTkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :feedback-id:references:in-reply-to:message-id:subject:cc:from:to :dkim-signature:date; bh=hROJyTm6NeZLJh+vRRO9kol8Xhevc/WCzv7AS4Ky5PI=; b=0v6axc0crSRVz7nkICpY2Vi5jtWK7RB+Tq4+l+tik3Tk0rAht/RjvM5tN0euXNW2vA h3oAZMQYZNez1ZYj4qej0rGmmwrDp/xFb6Hko2agosYjYNvbdp8vsP6krCe98wy2XGtI SybmSsyQnrUeRc9PzXC7rR+XplzJIRdoUce2kp6JvjZ2jQXa7ZtQ6qyneFDRmte8Mqwy K7sEjwQnQAb4VxGV7cZzFBt0N5V2/NijgGlJKFJrzvmCBgYanynOrcLNTA2hO4D/mr0p 4Rq4Fbe7TOI1FD85IUWq4Dym36D5Ex80yDHpaGjSvPIsJ25o2j4dpGeRyDUPJ7ZAjLkF G/2Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=Sn5nYBKD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j1-20020aa7de81000000b004acc7a0756fsi3058653edv.457.2023.03.31.15.13.09; Fri, 31 Mar 2023 15:13:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=Sn5nYBKD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232671AbjCaVxE (ORCPT + 99 others); Fri, 31 Mar 2023 17:53:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44524 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230158AbjCaVxC (ORCPT ); Fri, 31 Mar 2023 17:53:02 -0400 Received: from mail-40134.protonmail.ch (mail-40134.protonmail.ch [185.70.40.134]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9E58219A9 for ; Fri, 31 Mar 2023 14:52:34 -0700 (PDT) Date: Fri, 31 Mar 2023 21:51:35 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1680299509; x=1680558709; bh=hROJyTm6NeZLJh+vRRO9kol8Xhevc/WCzv7AS4Ky5PI=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=Sn5nYBKD4eegGoUxIP+3J1/1yvip3+a7+UsizNlGLHFjc01CEf209czQb+8GedlKG cBniXokJuBvOCMJlntdiBYTEPRWEHdZbhp2a8PbBYxb7wkv1ezhu+AI/2290vA8ZE5 Km/+vS2sKTFvG5fWcBJdaOLLmamgK0a2GhGSkLH8prturH5H/yfc9KcFfqo1BPLeXo f6WJ0ku3qmNl/4GSTMm1s/A/DqusdRUtAMa+aVe4fiU9R75Z91zz7RuO/yJRS2hovq ylSQ99BL8puCfTLoi80axvR49EyZ7r+TgHGOGiFxl5j6VV01tRgSQJwmDhBUpLoYcu BIZ/vS1rKzQUw== To: Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Alice Ryhl From: y86-dev@protonmail.com Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, patches@lists.linux.dev, Benno Lossin , Andreas Hindborg , Alice Ryhl Subject: [PATCH v4 01/15] rust: enable the `pin_macro` feature Message-ID: <20230331215053.585759-2-y86-dev@protonmail.com> In-Reply-To: <20230331215053.585759-1-y86-dev@protonmail.com> References: <20230331215053.585759-1-y86-dev@protonmail.com> Feedback-ID: 40624463:user:proton MIME-Version: 1.0 X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_MSPIKE_H2, SPF_HELO_PASS,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1761922093025617790?= X-GMAIL-MSGID: =?utf-8?q?1761923104875414112?= From: Benno Lossin This feature enables the use of the `pin!` macro for the `stack_pin_init!` macro. This feature is already stabilized in Rust version 1.68. Signed-off-by: Benno Lossin Cc: Gary Guo Cc: Andreas Hindborg Cc: Alice Ryhl --- rust/kernel/lib.rs | 1 + 1 file changed, 1 insertion(+) -- 2.39.2 diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs index 223564f9f0cc..4317b6d5f50b 100644 --- a/rust/kernel/lib.rs +++ b/rust/kernel/lib.rs @@ -17,6 +17,7 @@ #![feature(core_ffi_c)] #![feature(dispatch_from_dyn)] #![feature(generic_associated_types)] +#![feature(pin_macro)] #![feature(receiver_trait)] #![feature(unsize)] From patchwork Fri Mar 31 21:51:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: y86-dev X-Patchwork-Id: 77993 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp862426vqo; Fri, 31 Mar 2023 14:57:22 -0700 (PDT) X-Google-Smtp-Source: AKy350bBLf0Ca0oP+07kaUOiFNReHjAOi3QJuw6XejlMaGVvd7/APNC+kDymjZWqfS1yTw5GBssf X-Received: by 2002:a17:90a:19d:b0:23f:ebf2:d3de with SMTP id 29-20020a17090a019d00b0023febf2d3demr32528904pjc.27.1680299842618; Fri, 31 Mar 2023 14:57:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680299842; cv=none; d=google.com; s=arc-20160816; b=SQF94TVxwa1mgZxkOXRVp0Jhnp5g5rcXTgVA0CGiykwb4+9Ew/FX7s89pLKeyzc9EC uGosI4Wuiz63NXfnIXg7JfjA1MQ1Jtdyx/0urSBZWDZGMys2VDOxz5JqYl0SwaXCIPsf F2agMCv58WPagYJb1VaewTBLa6jHl40Y3u7QTSYah7BagGl7xAxREtQ00JgwWtPfjldb 54SR4L4zVmbTCO+ggHkV+A3p1f7iINVGdw2PPYhoUkr8uOJSzX7+cwrccJGvekP6BtD/ 7eQ3g+u5ipXfcG674yFGJkFlZV94JnoTHPZc3ktm5IO2hmCMGueYQoj0APuy7BF5wMkj sLaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :feedback-id:references:in-reply-to:message-id:subject:cc:from:to :dkim-signature:date; bh=48jAKPilzkuitHOpMRseX8noVPd4jgmB3N1V/TK7bYo=; b=yhV8ZsN/KTPJ0yLe5wV78W6YEFyXd+iMdUKJiv/C1IKcpTU/vtJphXyP9fkRQ8GJKs GMY42cnhHWq6FSmxfDc8Eskf5JoCGMPZW7ZDAE2gc7VLf2o5xCTNZNlYqk2HpXkccQ5t VxsAfBE8sytFw34I77vbEDUkiiSs4QCHmK7MT/XRajRXSW6NF+9pu4t2MbUuMQ1cVw03 p3keNCd9+t5+yLMqAMh2tumW9Vmc6CjebrtI87Gqqs0obeONm7jLNGQ1n9iF9/yROqYD WjabJKU+sIgiZJhQ0nOAYPH8/O3NjjQPSG1fJEHguhzGQLtYTcnKKqoHi1ERjPDUhlZt NckA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=jClr8rPW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id lr10-20020a17090b4b8a00b0022c83e223desi8218473pjb.58.2023.03.31.14.57.10; Fri, 31 Mar 2023 14:57:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=jClr8rPW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233156AbjCaVxQ (ORCPT + 99 others); Fri, 31 Mar 2023 17:53:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44808 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232891AbjCaVxO (ORCPT ); Fri, 31 Mar 2023 17:53:14 -0400 X-Greylist: delayed 170342 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Fri, 31 Mar 2023 14:52:43 PDT Received: from mail-40133.protonmail.ch (mail-40133.protonmail.ch [185.70.40.133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CA80724423; Fri, 31 Mar 2023 14:52:43 -0700 (PDT) Date: Fri, 31 Mar 2023 21:51:54 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1680299521; x=1680558721; bh=48jAKPilzkuitHOpMRseX8noVPd4jgmB3N1V/TK7bYo=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=jClr8rPWbGBFTORnLSJ/PraZHMSDC3kexnNlsGpWfAVKf2Z5udt3ageAGFnGOofoF pglwaPvE+GdtYzoKSHuk3TI6aGYMcDk8CjBX4tq2RFjV28bg/YlMcJDo9DEvo2vU7P KMy/P3q58JWbiY/mwv14rf39GT46eKmn0qvPb0N7vu2Lqee5XipuGxxFAlpccFX+Cp 6o21a5pFPWIluYxMpocwLogoLEPbViZXRraBSc57/+L4P7D7uiriN6ZqXe3ZtB6oql bwnwQl0u0o2Fac14+YMuRbtgZlUIP2ppR+oDacgj076SKk7QAr5d06whfK/dlH4HCZ U+0guVEKmqQdA== To: Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Alice Ryhl From: y86-dev@protonmail.com Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, patches@lists.linux.dev, Benno Lossin , Alice Ryhl , Andreas Hindborg Subject: [PATCH v4 02/15] rust: macros: add `quote!` macro Message-ID: <20230331215053.585759-3-y86-dev@protonmail.com> In-Reply-To: <20230331215053.585759-1-y86-dev@protonmail.com> References: <20230331215053.585759-1-y86-dev@protonmail.com> Feedback-ID: 40624463:user:proton MIME-Version: 1.0 X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_MSPIKE_H2, SPF_HELO_PASS,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1761922088140406058?= X-GMAIL-MSGID: =?utf-8?q?1761922088140406058?= From: Gary Guo Add the `quote!` macro for creating `TokenStream`s directly via the given Rust tokens. It also supports repetitions using iterators. It will be used by the pin-init API proc-macros to generate code. Signed-off-by: Gary Guo Signed-off-by: Benno Lossin Cc: Alice Ryhl Cc: Andreas Hindborg Reviewed-by: Andreas Hindborg --- rust/macros/lib.rs | 2 + rust/macros/quote.rs | 145 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 147 insertions(+) create mode 100644 rust/macros/quote.rs -- 2.39.2 diff --git a/rust/macros/lib.rs b/rust/macros/lib.rs index c1d385e345b9..82b520f024dd 100644 --- a/rust/macros/lib.rs +++ b/rust/macros/lib.rs @@ -2,6 +2,8 @@ //! Crate for all kernel procedural macros. +#[macro_use] +mod quote; mod concat_idents; mod helpers; mod module; diff --git a/rust/macros/quote.rs b/rust/macros/quote.rs new file mode 100644 index 000000000000..94a6277182ee --- /dev/null +++ b/rust/macros/quote.rs @@ -0,0 +1,145 @@ +// SPDX-License-Identifier: Apache-2.0 OR MIT + +use proc_macro::{TokenStream, TokenTree}; + +pub(crate) trait ToTokens { + fn to_tokens(&self, tokens: &mut TokenStream); +} + +impl ToTokens for Option { + fn to_tokens(&self, tokens: &mut TokenStream) { + if let Some(v) = self { + v.to_tokens(tokens); + } + } +} + +impl ToTokens for proc_macro::Group { + fn to_tokens(&self, tokens: &mut TokenStream) { + tokens.extend([TokenTree::from(self.clone())]); + } +} + +impl ToTokens for TokenTree { + fn to_tokens(&self, tokens: &mut TokenStream) { + tokens.extend([self.clone()]); + } +} + +impl ToTokens for TokenStream { + fn to_tokens(&self, tokens: &mut TokenStream) { + tokens.extend(self.clone()); + } +} + +/// Converts tokens into [`proc_macro::TokenStream`] and performs variable interpolations with +/// the given span. +/// +/// This is a similar to the +/// [`quote_spanned!`](https://docs.rs/quote/latest/quote/macro.quote_spanned.html) macro from the +/// `quote` crate but provides only just enough functionality needed by the current `macros` crate. +#[allow(unused_macros)] +macro_rules! quote_spanned { + ($span:expr => $($tt:tt)*) => { + #[allow(clippy::vec_init_then_push)] + { + let mut tokens = ::std::vec::Vec::new(); + let span = $span; + quote_spanned!(@proc tokens span $($tt)*); + ::proc_macro::TokenStream::from_iter(tokens) + }}; + (@proc $v:ident $span:ident) => {}; + (@proc $v:ident $span:ident #$id:ident $($tt:tt)*) => { + let mut ts = ::proc_macro::TokenStream::new(); + $crate::quote::ToTokens::to_tokens(&$id, &mut ts); + $v.extend(ts); + quote_spanned!(@proc $v $span $($tt)*); + }; + (@proc $v:ident $span:ident #(#$id:ident)* $($tt:tt)*) => { + for token in $id { + let mut ts = ::proc_macro::TokenStream::new(); + $crate::quote::ToTokens::to_tokens(&token, &mut ts); + $v.extend(ts); + } + quote_spanned!(@proc $v $span $($tt)*); + }; + (@proc $v:ident $span:ident ( $($inner:tt)* ) $($tt:tt)*) => { + let mut tokens = ::std::vec::Vec::new(); + quote_spanned!(@proc tokens $span $($inner)*); + $v.push(::proc_macro::TokenTree::Group(::proc_macro::Group::new( + ::proc_macro::Delimiter::Parenthesis, + ::proc_macro::TokenStream::from_iter(tokens) + ))); + quote_spanned!(@proc $v $span $($tt)*); + }; + (@proc $v:ident $span:ident [ $($inner:tt)* ] $($tt:tt)*) => { + let mut tokens = ::std::vec::Vec::new(); + quote_spanned!(@proc tokens $span $($inner)*); + $v.push(::proc_macro::TokenTree::Group(::proc_macro::Group::new( + ::proc_macro::Delimiter::Bracket, + ::proc_macro::TokenStream::from_iter(tokens) + ))); + quote_spanned!(@proc $v $span $($tt)*); + }; + (@proc $v:ident $span:ident { $($inner:tt)* } $($tt:tt)*) => { + let mut tokens = ::std::vec::Vec::new(); + quote_spanned!(@proc tokens $span $($inner)*); + $v.push(::proc_macro::TokenTree::Group(::proc_macro::Group::new( + ::proc_macro::Delimiter::Brace, + ::proc_macro::TokenStream::from_iter(tokens) + ))); + quote_spanned!(@proc $v $span $($tt)*); + }; + (@proc $v:ident $span:ident :: $($tt:tt)*) => { + $v.push(::proc_macro::TokenTree::Punct( + ::proc_macro::Punct::new(':', ::proc_macro::Spacing::Joint) + )); + $v.push(::proc_macro::TokenTree::Punct( + ::proc_macro::Punct::new(':', ::proc_macro::Spacing::Alone) + )); + quote_spanned!(@proc $v $span $($tt)*); + }; + (@proc $v:ident $span:ident : $($tt:tt)*) => { + $v.push(::proc_macro::TokenTree::Punct( + ::proc_macro::Punct::new(':', ::proc_macro::Spacing::Alone) + )); + quote_spanned!(@proc $v $span $($tt)*); + }; + (@proc $v:ident $span:ident , $($tt:tt)*) => { + $v.push(::proc_macro::TokenTree::Punct( + ::proc_macro::Punct::new(',', ::proc_macro::Spacing::Alone) + )); + quote_spanned!(@proc $v $span $($tt)*); + }; + (@proc $v:ident $span:ident @ $($tt:tt)*) => { + $v.push(::proc_macro::TokenTree::Punct( + ::proc_macro::Punct::new('@', ::proc_macro::Spacing::Alone) + )); + quote_spanned!(@proc $v $span $($tt)*); + }; + (@proc $v:ident $span:ident ! $($tt:tt)*) => { + $v.push(::proc_macro::TokenTree::Punct( + ::proc_macro::Punct::new('!', ::proc_macro::Spacing::Alone) + )); + quote_spanned!(@proc $v $span $($tt)*); + }; + (@proc $v:ident $span:ident $id:ident $($tt:tt)*) => { + $v.push(::proc_macro::TokenTree::Ident(::proc_macro::Ident::new(stringify!($id), $span))); + quote_spanned!(@proc $v $span $($tt)*); + }; +} + +/// Converts tokens into [`proc_macro::TokenStream`] and performs variable interpolations with +/// mixed site span ([`Span::mixed_site()`]). +/// +/// This is a similar to the [`quote!`](https://docs.rs/quote/latest/quote/macro.quote.html) macro +/// from the `quote` crate but provides only just enough functionality needed by the current +/// `macros` crate. +/// +/// [`Span::mixed_site()`]: https://doc.rust-lang.org/proc_macro/struct.Span.html#method.mixed_site +#[allow(unused_macros)] +macro_rules! quote { + ($($tt:tt)*) => { + quote_spanned!(::proc_macro::Span::mixed_site() => $($tt)*) + } +} From patchwork Fri Mar 31 21:52:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: y86-dev X-Patchwork-Id: 77994 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp862880vqo; Fri, 31 Mar 2023 14:58:40 -0700 (PDT) X-Google-Smtp-Source: AKy350Y+LeENFy9aVQ2BGMJI2fyZf+qemaL1eqDJ4Blur4ObtYX3M9ZHl8q3GFxOWs0KTYzdzhla X-Received: by 2002:aa7:9e0b:0:b0:62d:b7ad:8071 with SMTP id y11-20020aa79e0b000000b0062db7ad8071mr10443734pfq.15.1680299920460; Fri, 31 Mar 2023 14:58:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680299920; cv=none; d=google.com; s=arc-20160816; b=h6WM/69v4rtRekUfUZWf0jddL6liX1B0f1vgVa+GphDi/prlow3g/ym2KUDZkKGQ1M KvstmoQ60v5tazS2kdkMyQRK/nHkLxVrp61R1dQetRWUWyGE1S4K/15tn48rKlQWXVEA LdpDYurmTpekNwtYGsE0Pz4y/DfvyrtZvcjyYfrr+5NpN+abtz6hAfTGV0g+o7qTnMjZ gV9dJGtFuFxtNdQVg9jrK8rNXjzbF1VJm+e9xOdAVFpgFxDkuBVXJe8sealU2hnrfirD 2OgiDRDmTNjUR5xeexuDxHE1KSKqqq3yMgH5jZykVeU1zaPKogoqEK8VlNY34HC3Jqyd wN9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :feedback-id:references:in-reply-to:message-id:subject:cc:from:to :dkim-signature:date; bh=cIYxRs7yWpZ2jDriBGlcgcMewm6UvtEXri4X8Q7xEW0=; b=VavJ2RBNK7t75kQ5FXZ6DNNieNF7MGp3pmerI/ivH/eX2+hU1cOMsIkdbxc3NbGov6 xKft9F4130R1mAv4/752eIxJnNOyRzEsQWr6BBLeCrKjESSbz8Cgq9HL9OiH567NKHA1 dJ5eBmwC31vzSFATA2rrEKmCOdE1nmeYpZohtdaaXTUUBZu/LVaVz2pm0qFO4EXNNcAP Pxg0/Ds9uZfvAv9eve/BeF3V2Ib0C7AivVMMNCl/hf9y/MHE1dzk8A+YAXYnsaNQeK5K jEgzKP1CW00q5+K8vBVhDQ5/WjCCq7td1AhfiM3GeG6yx9TfLuaR0opJzRR9dSeTjS1l +ogw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=otNFDXXl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t185-20020a635fc2000000b004fc21da0340si3506974pgb.129.2023.03.31.14.58.28; Fri, 31 Mar 2023 14:58:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=otNFDXXl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233280AbjCaVxf (ORCPT + 99 others); Fri, 31 Mar 2023 17:53:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45190 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233169AbjCaVxZ (ORCPT ); Fri, 31 Mar 2023 17:53:25 -0400 Received: from mail-4322.protonmail.ch (mail-4322.protonmail.ch [185.70.43.22]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C55EC24AD6 for ; Fri, 31 Mar 2023 14:52:53 -0700 (PDT) Date: Fri, 31 Mar 2023 21:52:10 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1680299544; x=1680558744; bh=cIYxRs7yWpZ2jDriBGlcgcMewm6UvtEXri4X8Q7xEW0=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=otNFDXXlhG/gIl3RnMg0DdR5n16yctHA1VzqcPrlB7o+CsGPpwgavkyaYyKarynGQ 6MP0mgMTeMSckx2GtHfTjFWSPIVuDj1lt1Xvbpes7Qa4GMet7B6BARbVJyMaOqH9Cg E+3shMdvvKd5ark4ZiS65dcSyxMsgq4T8IkY4nNuA9oCDq+fAj4gKeJG72FAQito86 DRHbH1ZNLfrGnOBxum0t5Vk8Ziscs12OIlBBOuxnAbWNq+E0D9YmPfIMpp4f+8KGtZ YaGk0KGSrDjmqQ/MEouXNEeI/nLhkL9KN2aPUnB6JMTKhL3Hxb3hM5nOBgt17arcgl kf8jjfDp6QbGg== To: Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Alice Ryhl From: y86-dev@protonmail.com Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, patches@lists.linux.dev, Benno Lossin , Andreas Hindborg , Alice Ryhl Subject: [PATCH v4 03/15] rust: sync: change error type of constructor functions Message-ID: <20230331215053.585759-4-y86-dev@protonmail.com> In-Reply-To: <20230331215053.585759-1-y86-dev@protonmail.com> References: <20230331215053.585759-1-y86-dev@protonmail.com> Feedback-ID: 40624463:user:proton MIME-Version: 1.0 X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_MSPIKE_H2, SPF_HELO_PASS,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1761922169706307379?= X-GMAIL-MSGID: =?utf-8?q?1761922169706307379?= From: Benno Lossin Change the error type of the constructors of `Arc` and `UniqueArc` to be `AllocError` instead of `Error`. This makes the API more clear as to what can go wrong when calling `try_new` or its variants. Signed-off-by: Benno Lossin Cc: Gary Guo Cc: Andreas Hindborg Cc: Alice Ryhl Reviewed-by: Andreas Hindborg --- rust/kernel/sync/arc.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) -- 2.39.2 diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index f2f1c83d72ba..aa7135f0f238 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -17,11 +17,11 @@ use crate::{ bindings, - error::Result, types::{ForeignOwnable, Opaque}, }; use alloc::boxed::Box; use core::{ + alloc::AllocError, marker::{PhantomData, Unsize}, mem::{ManuallyDrop, MaybeUninit}, ops::{Deref, DerefMut}, @@ -149,7 +149,7 @@ unsafe impl Sync for Arc {} impl Arc { /// Constructs a new reference counted instance of `T`. - pub fn try_new(contents: T) -> Result { + pub fn try_new(contents: T) -> Result { // INVARIANT: The refcount is initialised to a non-zero value. let value = ArcInner { // SAFETY: There are no safety requirements for this FFI call. @@ -469,7 +469,7 @@ pub struct UniqueArc { impl UniqueArc { /// Tries to allocate a new [`UniqueArc`] instance. - pub fn try_new(value: T) -> Result { + pub fn try_new(value: T) -> Result { Ok(Self { // INVARIANT: The newly-created object has a ref-count of 1. inner: Arc::try_new(value)?, @@ -477,7 +477,7 @@ impl UniqueArc { } /// Tries to allocate a new [`UniqueArc`] instance whose contents are not initialised yet. - pub fn try_new_uninit() -> Result>> { + pub fn try_new_uninit() -> Result>, AllocError> { Ok(UniqueArc::> { // INVARIANT: The newly-created object has a ref-count of 1. inner: Arc::try_new(MaybeUninit::uninit())?, From patchwork Fri Mar 31 21:52:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: y86-dev X-Patchwork-Id: 77990 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp861403vqo; Fri, 31 Mar 2023 14:54:26 -0700 (PDT) X-Google-Smtp-Source: AK7set8m7Btdf5pY0/tG60yA/Jb6UShW1H+1uJF7OzAPNKynwipv+ZE0gttaTs+kfU8EFhbNmGqV X-Received: by 2002:a05:6a20:4e02:b0:d5:2bf3:fd8e with SMTP id gk2-20020a056a204e0200b000d52bf3fd8emr23633744pzb.2.1680299666430; Fri, 31 Mar 2023 14:54:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680299666; cv=none; d=google.com; s=arc-20160816; b=SJdXya/dLmvJRgaaSXauLEZeCHwG4XifXTnKuPzP6zpzP+jkKYik0cn66Is8VrHKRK zq3aISdcQdXI7W8deP6l7N3ouPZY90GRvoSvcYN5MgzC8LqB8KmQzR9wllhY0+4sdIF8 a5/Q4HcnlfpB5YGH3rF94G6/rlDZBsUlxH5ZcvXe62/Fs3Kg10IR6mX9YY9yuYFGOwbj rah9E8O6EHV1DT59hK3FeZhrnAYdx3qULzvLEXHLGWQFrk00nSI+zmSvJgPVO6z4OjZ4 EUIFy4IO2bKA1Aq46CTlI+oYwhuAn2ukZZyOxkYiu/KcB3Grj+emSNnFsTU/6yxOyai3 LStQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :feedback-id:references:in-reply-to:message-id:subject:cc:from:to :dkim-signature:date; bh=fCD7QTf0NZAcpNwJgHyXCpsYx4VPF0WMhGRDfNF+eao=; b=Zt5jMEOPuWrrfWIZ7eTPGSFNY7vZJKj3WxFu7j+Ygb6a2Hvkjr8pFGgZWLIrNogTWq l/UGtLNEamWNT03/i18txxSBWPmp+e/MI1TrwngUfQRe/JoLd9TXtbBzCWodkvH0WaZL Yyhjv4XUk7bVB+kv/mFCgRpGdAaDyufx03OKWmwPMqPaDfFfAZBtHzs4I3gdSyqRRYq9 Tt9l8rOhRgODyoQQUOn93W3JerdStpwPuDUBo/+a0zC3zf8/vve/uRom6Zg+Uf2qwU7G vjZf6NG29+qPSn6ZrMpO5rOHXcoY9NsicuK9kEzqGWomEqS29dotPz8b+GncYS7bFHRU yolQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=fkwXxkoQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s5-20020a632c05000000b0051323b8a185si3362491pgs.811.2023.03.31.14.54.13; Fri, 31 Mar 2023 14:54:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=fkwXxkoQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233290AbjCaVxi (ORCPT + 99 others); Fri, 31 Mar 2023 17:53:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45410 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233201AbjCaVx2 (ORCPT ); Fri, 31 Mar 2023 17:53:28 -0400 Received: from mail-4316.protonmail.ch (mail-4316.protonmail.ch [185.70.43.16]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7EC5F30E4; Fri, 31 Mar 2023 14:52:56 -0700 (PDT) Date: Fri, 31 Mar 2023 21:52:27 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1680299567; x=1680558767; bh=fCD7QTf0NZAcpNwJgHyXCpsYx4VPF0WMhGRDfNF+eao=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=fkwXxkoQiGH2lxZtZFilav8ir/R+Obh5Y4WxmpOce5eII0NrPjqzhI3b/fT9kPwbA xlblEwRFZo+AMIjzIC+7F9VhvZKB9qh/Wy6o5l2qpT05hH89TFhFWYPEzsksKgs34C 7PBPR4+0bYWxYteXCw2WcW2m3GWNywrEb1cWl6+fuxwjIDB/SGVYma8owNnkRcq8fZ lNG1UQShykTKTfXTDgXqTtwbg3ooU2obaZwAv14GrnQWWXPx9xHn2N3OloXz5R488L 3C0hk1jkKhGhQs8zQDSHmE9ciVlNQfVk7fbnhsjjazIqmFGe3aoH3U9/6k551B7tlx vE7FqwVEqTh4w== To: Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Alice Ryhl From: y86-dev@protonmail.com Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, patches@lists.linux.dev, Benno Lossin , Wedson Almeida Filho , Andreas Hindborg , Alice Ryhl Subject: [PATCH v4 04/15] rust: sync: add `assume_init` to `UniqueArc` Message-ID: <20230331215053.585759-5-y86-dev@protonmail.com> In-Reply-To: <20230331215053.585759-1-y86-dev@protonmail.com> References: <20230331215053.585759-1-y86-dev@protonmail.com> Feedback-ID: 40624463:user:proton MIME-Version: 1.0 X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_MSPIKE_H2, SPF_HELO_PASS,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1761921902953443305?= X-GMAIL-MSGID: =?utf-8?q?1761921902953443305?= From: Benno Lossin Adds the `assume_init` function to `UniqueArc>` that unsafely assumes the value to be initialized and yields a value of type `UniqueArc`. This function is used when manually initializing the pointee of an `UniqueArc`. Signed-off-by: Benno Lossin Reviewed-by: Wedson Almeida Filho Reviewed-by: Andreas Hindborg Reviewed-by: Alice Ryhl --- rust/kernel/sync/arc.rs | 11 +++++++++++ 1 file changed, 11 insertions(+) -- 2.39.2 diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index aa7135f0f238..eee7008e5e3e 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -489,6 +489,17 @@ impl UniqueArc> { /// Converts a `UniqueArc>` into a `UniqueArc` by writing a value into it. pub fn write(mut self, value: T) -> UniqueArc { self.deref_mut().write(value); + // SAFETY: We just wrote the value to be initialized. + unsafe { self.assume_init() } + } + + /// Unsafely assume that `self` is initialized. + /// + /// # Safety + /// + /// The caller guarantees that the value behind this pointer has been initialized. It is + /// *immediate* UB to call this when the value is not initialized. + pub unsafe fn assume_init(self) -> UniqueArc { let inner = ManuallyDrop::new(self).inner.ptr; UniqueArc { // SAFETY: The new `Arc` is taking over `ptr` from `self.inner` (which won't be From patchwork Fri Mar 31 21:52:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: y86-dev X-Patchwork-Id: 77995 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp863549vqo; Fri, 31 Mar 2023 15:00:10 -0700 (PDT) X-Google-Smtp-Source: AKy350adjBFg2lvqpQz9KD09BEDZ2yvU+umcqxv5GOQEjWUOcEIY0jAl5oAkYevPFOZubK9SLav1 X-Received: by 2002:a17:903:234c:b0:1a1:b9e6:28a8 with SMTP id c12-20020a170903234c00b001a1b9e628a8mr35912608plh.45.1680300010400; Fri, 31 Mar 2023 15:00:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680300010; cv=none; d=google.com; s=arc-20160816; b=ZKqKfFlmrw3jRfaZdGqPPDGvUngqG54SC27Jnx02p7YqfAN8wqdq9+zla3aLmo0YNs S4S8LotLDT9GZoWPvJQNgzQch2ePa0LETnBHWxW9oohvEXitaVFwsf6eEzz21XXpYrk3 sE3p4RSuDEBL0a5vCQKdZRqh73iQatcHswEa0Vh/fqtdT0kKrNpUp3zE/T/Vpo6e/W8l Cd3PNTO8C2+w9r3XTfMrOWBn7xMj1QJxFlaNd5oDsYbQLvINKUcNDy65nJw6gf1rFHao 4h36/9icV3KpLA4+50o+N4d676MS1oT4Q/gcJE/cQIRMjWPNLM1HMoCdnpjjZEC7XOzS aO2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :feedback-id:references:in-reply-to:message-id:subject:cc:from:to :dkim-signature:date; bh=Za/m4aK9PnJEmnWJB3YV+TN80PGCqO5M482kG2Z4FzU=; b=AyHaGbAiNENDmc5U5q14/Vhsy2D3RFHqsBXOacdDwAWzJBlhjjg3bb0AeV9kHnXUEd 5i6IfbsaW8VM23GGXiCqo4UMTW9nWAYmI5AB3L8YCj72rlY0y202ndyz/Rfq36iMINrP TDOVzEidQVvZy7kUY4OWFh/IexecwRl56g/7aNVGlEkwFHrikZd0LbHebvzEI+f54ezo FHa7L1fRuwIGL7nkJIRvgOU4rdNv+Wc7hO/yQCrR6TJz46jsFYOvEP/Lubh0+do9MSgp CwUpGGE0Glt4jgHJODqDaiik2jiVydMjhoLedW0d8PsbhLiP+Q03JxhwShOtXnH2RhKD Txig== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=bp06f2HF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id la16-20020a170902fa1000b001a1cbba6fedsi3047118plb.382.2023.03.31.14.59.57; Fri, 31 Mar 2023 15:00:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=bp06f2HF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233324AbjCaVxn (ORCPT + 99 others); Fri, 31 Mar 2023 17:53:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45532 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233233AbjCaVxa (ORCPT ); Fri, 31 Mar 2023 17:53:30 -0400 Received: from mail-4316.protonmail.ch (mail-4316.protonmail.ch [185.70.43.16]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0728A1BC0 for ; Fri, 31 Mar 2023 14:53:01 -0700 (PDT) Date: Fri, 31 Mar 2023 21:52:46 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1680299574; x=1680558774; bh=Za/m4aK9PnJEmnWJB3YV+TN80PGCqO5M482kG2Z4FzU=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=bp06f2HFPkWAuvmFbH5+BrrVjCnYBmETv//Z6r7awcX8quV3JtC6GLwpBD0ePTaBi YM6jx4Cu64pWBD4kceJX0BMGE2V6tuP1hNmHw/N0fF+acmzXr/fsy6RnshFkPdjWXL Jb96CjH2DWAFhWw8gwsTA0qBHkJDdKtpg3Xbzw7EhCENzdg7XuS3D8fctEWEerrqJp UMOkOOKdu6Ho8/nYBHJqLKhnKBdIoNUbdCI2MrlZ5kDn1jlaV7mHBDb3K0+0J3jNuk 3DHBySotwGyvFPp5eRWFCAWc5u6TinoRUcqrZuCltH70oEUL2YEKy2zIbgF6vAqfKJ wFOnlHfHhRF2w== To: Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Alice Ryhl From: y86-dev@protonmail.com Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, patches@lists.linux.dev, Benno Lossin , Andreas Hindborg , Alice Ryhl Subject: [PATCH v4 05/15] rust: types: add `Opaque::raw_get` Message-ID: <20230331215053.585759-6-y86-dev@protonmail.com> In-Reply-To: <20230331215053.585759-1-y86-dev@protonmail.com> References: <20230331215053.585759-1-y86-dev@protonmail.com> Feedback-ID: 40624463:user:proton MIME-Version: 1.0 X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_MSPIKE_H2, SPF_HELO_PASS,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1761922263357215856?= X-GMAIL-MSGID: =?utf-8?q?1761922263357215856?= From: Benno Lossin This function mirrors `UnsafeCell::raw_get`. It avoids creating a reference and allows solely using raw pointers. The `pin-init` API will be using this, since uninitialized memory requires raw pointers. Signed-off-by: Benno Lossin Reviewed-by: Gary Guo Reviewed-by: Andreas Hindborg Reviewed-by: Alice Ryhl --- rust/kernel/types.rs | 8 ++++++++ 1 file changed, 8 insertions(+) -- 2.39.2 diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs index 9d0fdbc55843..ff2b2fac951d 100644 --- a/rust/kernel/types.rs +++ b/rust/kernel/types.rs @@ -238,6 +238,14 @@ impl Opaque { pub fn get(&self) -> *mut T { UnsafeCell::raw_get(self.0.as_ptr()) } + + /// Gets the value behind `this`. + /// + /// This function is useful to get access to the value without creating intermediate + /// references. + pub const fn raw_get(this: *const Self) -> *mut T { + UnsafeCell::raw_get(this.cast::>()) + } } /// A sum type that always holds either a value of type `L` or `R`. From patchwork Fri Mar 31 21:52:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: y86-dev X-Patchwork-Id: 78008 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp871410vqo; Fri, 31 Mar 2023 15:13:43 -0700 (PDT) X-Google-Smtp-Source: AKy350bJhqmXmk8A3D6AZSTjlFVmvXrW5hFrfWdXvCj4HjhDuc3i7MNT7LZRXLzu96/QrysR1LtD X-Received: by 2002:a17:906:49ca:b0:878:545b:e540 with SMTP id w10-20020a17090649ca00b00878545be540mr29354138ejv.51.1680300823307; Fri, 31 Mar 2023 15:13:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680300823; cv=none; d=google.com; s=arc-20160816; b=AMG70pxZe+VSHC3BqYnyBEhvaY7piers7kYBOUD5NGkNXS+oeNnvmOU0SKlsI+tY4k gdgYBRxJsifvCS+yjZTeAi7uSvwKC571kSl2DDejZhNxrx3HmbjKQvnEqATb1VRpWr/h S57/K+cA6LWDwkmOsSt22Zr7oWtHD3wHSuN1DrNGKzTcaILvX8zKAWlBHURT+pLNknQ8 e5uivIjaYMqVb1vqx21FGC33kd3UGyxZ5llgGgok5Ig+8RDNVrCYyKaHplaDNnZlOaRx 4EzMlRLzF33jjbIN/SpAwIw5IfC6dfLs2Ru1ay4tyKhcMHpnaGUvxnUG6qdFgq8J5gT1 NICg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :feedback-id:references:in-reply-to:message-id:subject:cc:from:to :dkim-signature:date; bh=9lmtCS9aeIvPP2EmGy0qRoZ7B4ixG3jAuLoZrGasyMc=; b=D2nRQ3mYuKAC+gvGMa92nfubp8MWYPBpI/WbvNsWNx0ZYVFB6qbN8oRwi/+WAQeZ5t lS/mP1vuB69pSQrfAljMb0a669XDVgSJQFl0ji3ObGIiXsb/OvvvnorjegA08IrHO8ST 83QuIlJvF8QboNOuYnQtUQZzCfvhkUrulP88h5YKFRckdzmErnNNdub42JWo/UM/XiEe WgR5F+uVh7w33a7l4eOWeVrLdzMuhgvpvCD1bU7nCjkEBn1ZpbXfdGMZPnPwzGnGM65b gfcntvVrwq5BC2AwKo8TyDhTq6lX9xmbu7PlMZ3ABkb2M9lIBJBTSq2gs1aDrR90CYdC QrOw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=k7OS1iJF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q9-20020a1709066b0900b0093defbd628csi1321706ejr.1043.2023.03.31.15.13.19; Fri, 31 Mar 2023 15:13:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=k7OS1iJF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233422AbjCaVx5 (ORCPT + 99 others); Fri, 31 Mar 2023 17:53:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45576 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233255AbjCaVxs (ORCPT ); Fri, 31 Mar 2023 17:53:48 -0400 Received: from mail-4316.protonmail.ch (mail-4316.protonmail.ch [185.70.43.16]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A95DC2063A for ; Fri, 31 Mar 2023 14:53:05 -0700 (PDT) Date: Fri, 31 Mar 2023 21:52:59 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1680299583; x=1680558783; bh=9lmtCS9aeIvPP2EmGy0qRoZ7B4ixG3jAuLoZrGasyMc=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=k7OS1iJFkQLR8msgwO0pXHZukS6OQjqpzMHgiegF42Qxkjzg7Qzqt1Ae+VA4r28c/ 6SSlT8ET1HfQFkAGpOLAY4+Z2TMkDQiY65fWieSdenzEGn0dYX3IEfGvRFVMiaRJk/ 7BtwqL4B0s9vDsIfJ3eMBpHQvYQcqKn26jV6HfuDIOt8sZcNrKrWbjesqqH1jroIYj UOSTKMI6CfNjgBO5QDTxo07cf99PNDl3mrGw7m4dxoRILVPQaMMCpGZ7UcmdqBKn6R 4NP/f3BoPLk3zzomckclcegnthsU7PC25pft4pf/agAKbmPg3O4lkMlRSn1a6TGSk2 vwbQIt/FNJevA== To: Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Alice Ryhl From: y86-dev@protonmail.com Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, patches@lists.linux.dev, Benno Lossin , Andreas Hindborg , Alice Ryhl Subject: [PATCH v4 06/15] rust: add pin-init API core Message-ID: <20230331215053.585759-7-y86-dev@protonmail.com> In-Reply-To: <20230331215053.585759-1-y86-dev@protonmail.com> References: <20230331215053.585759-1-y86-dev@protonmail.com> Feedback-ID: 40624463:user:proton MIME-Version: 1.0 X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_MSPIKE_H2, SPF_HELO_PASS,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1761923116110212746?= X-GMAIL-MSGID: =?utf-8?q?1761923116110212746?= From: Benno Lossin This API is used to facilitate safe pinned initialization of structs. It replaces cumbersome `unsafe` manual initialization with elegant safe macro invocations. Due to the size of this change it has been split into six commits: 1. This commit introducing the basic public interface: traits and functions to represent and create initializers. 2. Adds the `#[pin_data]`, `pin_init!`, `try_pin_init!`, `init!` and `try_init!` macros along with their internal types. 3. Adds the `InPlaceInit` trait that allows using an initializer to create an object inside of a `Box` and other smart pointers. 4. Adds the `PinnedDrop` trait and adds macro support for it in the `#[pin_data]` macro. 5. Adds the `stack_pin_init!` macro allowing to pin-initialize a struct on the stack. 6. Adds the `Zeroable` trait and `init::zeroed` function to initialize types that have `0x00` in all bytes as a valid bit pattern. Reviewed-by: Wedson Almeida Filho --- In this section the problem that the new pin-init API solves is outlined. This message describes the entirety of the API, not just the parts introduced in this commit. For a more granular explanation and additional information on pinning and this issue, view [1]. Pinning is Rust's way of enforcing the address stability of a value. When a value gets pinned it will be impossible for safe code to move it to another location. This is done by wrapping pointers to said object with `Pin

`. This wrapper prevents safe code from creating mutable references to the object, preventing mutable access, which is needed to move the value. `Pin

` provides `unsafe` functions to circumvent this and allow modifications regardless. It is then the programmer's responsibility to uphold the pinning guarantee. Many kernel data structures require a stable address, because there are foreign pointers to them which would get invalidated by moving the structure. Since these data structures are usually embedded in structs to use them, this pinning property propagates to the container struct. Resulting in most structs in both Rust and C code needing to be pinned. So if we want to have a `mutex` field in a Rust struct, this struct also needs to be pinned, because a `mutex` contains a `list_head`. Additionally initializing a `list_head` requires already having the final memory location available, because it is initialized by pointing it to itself. But this presents another challenge in Rust: values have to be initialized at all times. There is the `MaybeUninit` wrapper type, which allows handling uninitialized memory, but this requires using the `unsafe` raw pointers and a casting the type to the initialized variant. This problem gets exacerbated when considering encapsulation and the normal safety requirements of Rust code. The fields of the Rust `Mutex` should not be accessible to normal driver code. After all if anyone can modify the fields, there is no way to ensure the invariants of the `Mutex` are upheld. But if the fields are inaccessible, then initialization of a `Mutex` needs to be somehow achieved via a function or a macro. Because the `Mutex` must be pinned in memory, the function cannot return it by value. It also cannot allocate a `Box` to put the `Mutex` into, because that is an unnecessary allocation and indirection which would hurt performance. The current solution was to split this function into two parts: 1. A `new` function that returns a partially initialized `Mutex`, 2. An `init` function that requires the `Mutex` to be pinned and that fully initializes the `Mutex`. Both of these functions have to be marked `unsafe`, since a call to `new` needs to be accompanied with a call to `init`, otherwise using the `Mutex` could result in UB. And because calling `init` twice also is not safe. While `Mutex` initialization cannot fail, other structs might also have to allocate memory, which would result in conditional successful initialization requiring even more manual accommodation work. Combine this with the problem of pin-projections -- the way of accessing fields of a pinned struct -- which also have an `unsafe` API, pinned initialization is riddled with `unsafe` resulting in very poor ergonomics. Not only that, but also having to call two functions possibly multiple lines apart makes it very easy to forget it outright or during refactoring. Here is an example of the current way of initializing a struct with two synchronization primitives (see [2] for the full example): struct SharedState { state_changed: CondVar, inner: Mutex, } impl SharedState { fn try_new() -> Result> { let mut state = Pin::from(UniqueArc::try_new(Self { // SAFETY: `condvar_init!` is called below. state_changed: unsafe { CondVar::new() }, // SAFETY: `mutex_init!` is called below. inner: unsafe { Mutex::new(SharedStateInner { token_count: 0 }) }, })?); // SAFETY: `state_changed` is pinned when `state` is. let pinned = unsafe { state.as_mut().map_unchecked_mut(|s| &mut s.state_changed) }; kernel::condvar_init!(pinned, "SharedState::state_changed"); // SAFETY: `inner` is pinned when `state` is. let pinned = unsafe { state.as_mut().map_unchecked_mut(|s| &mut s.inner) }; kernel::mutex_init!(pinned, "SharedState::inner"); Ok(state.into()) } } The pin-init API of this patch solves this issue by providing a comprehensive solution comprised of macros and traits. Here is the example from above using the pin-init API: #[pin_data] struct SharedState { #[pin] state_changed: CondVar, #[pin] inner: Mutex, } impl SharedState { fn new() -> impl PinInit { pin_init!(Self { state_changed <- new_condvar!("SharedState::state_changed"), inner <- new_mutex!( SharedStateInner { token_count: 0 }, "SharedState::inner", ), }) } } Notably the way the macro is used here requires no `unsafe` and thus comes with the usual Rust promise of safe code not introducing any memory violations. Additionally it is now up to the caller of `new()` to decide the memory location of the `SharedState`. They can choose at the moment `Arc`, `Box` or the stack. -- The API has the following architecture: 1. Initializer traits `PinInit` and `Init` that act like closures. 2. Macros to create these initializer traits safely. 3. Functions to allow manually writing initializers. The initializers (an `impl PinInit`) receive a raw pointer pointing to uninitialized memory and their job is to fully initialize a `T` at that location. If initialization fails, they return an error (`E`) by value. This way of initializing cannot be safely exposed to the user, since it relies upon these properties outside of the control of the trait: - the memory location (slot) needs to be valid memory, - if initialization fails, the slot should not be read from, - the value in the slot should be pinned, so it cannot move and the memory cannot be deallocated until the value is dropped. This is why using an initializer is facilitated by another trait that ensures these requirements. These initializers can be created manually by just supplying a closure that fulfills the same safety requirements as `PinInit`. But this is an `unsafe` operation. To allow safe initializer creation, the `pin_init!` is provided along with three other variants: `try_pin_init!`, `try_init!` and `init!`. These take a modified struct initializer as a parameter and generate a closure that initializes the fields in sequence. The macros take great care in upholding the safety requirements: - A shadowed struct type is used as the return type of the closure instead of `()`. This is to prevent early returns, as these would prevent full initialization. - To ensure every field is only initialized once, a normal struct initializer is placed in unreachable code. The type checker will emit errors if a field is missing or specified multiple times. - When initializing a field fails, the whole initializer will fail and automatically drop fields that have been initialized earlier. - Only the correct initializer type is allowed for unpinned fields. You cannot use a `impl PinInit` to initialize a structurally not pinned field. To ensure the last point, an additional macro `#[pin_data]` is needed. This macro annotates the struct itself and the user specifies structurally pinned and not pinned fields. Because dropping a pinned struct is also not allowed to break the pinning invariants, another macro attribute `#[pinned_drop]` is needed. This macro is introduced in a following commit. These two macros also have mechanisms to ensure the overall safety of the API. Additionally, they utilize a combined proc-macro, declarative macro design: first a proc-macro enables the outer attribute syntax `#[...]` and does some important pre-parsing. Notably this prepares the generics such that the declarative macro can handle them using token trees. Then the actual parsing of the structure and the emission of code is handled by a declarative macro. For pin-projections the crates `pin-project` [3] and `pin-project-lite` [4] had been considered, but were ultimately rejected: - `pin-project` depends on `syn` [5] which is a very big dependency, around 50k lines of code. - `pin-project-lite` is a more reasonable 5k lines of code, but contains a very complex declarative macro to parse generics. On top of that it would require modification that would need to be maintained independently. Link: https://rust-for-linux.com/the-safe-pinned-initialization-problem [1] Link: https://github.com/Rust-for-Linux/linux/blob/f509ede33fc10a07eba3da14aa00302bd4b5dddd/samples/rust/rust_miscdev.rs [2] Link: https://crates.io/crates/pin-project [3] Link: https://crates.io/crates/pin-project-lite [4] Link: https://crates.io/crates/syn [5] Co-developed-by: Gary Guo Signed-off-by: Gary Guo Signed-off-by: Benno Lossin Cc: Andreas Hindborg Cc: Alice Ryhl --- rust/kernel/init.rs | 183 +++++++++++++++++++++++++++++++++ rust/kernel/init/__internal.rs | 45 ++++++++ rust/kernel/lib.rs | 7 ++ scripts/Makefile.build | 2 +- 4 files changed, 236 insertions(+), 1 deletion(-) create mode 100644 rust/kernel/init.rs create mode 100644 rust/kernel/init/__internal.rs -- 2.39.2 diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs new file mode 100644 index 000000000000..f8d147e47fe7 --- /dev/null +++ b/rust/kernel/init.rs @@ -0,0 +1,183 @@ +// SPDX-License-Identifier: Apache-2.0 OR MIT + +//! API to safely and fallibly initialize pinned `struct`s using in-place constructors. +//! +//! It also allows in-place initialization of big `struct`s that would otherwise produce a stack +//! overflow. +//! +//! Most `struct`s from the [`sync`] module need to be pinned, because they contain self-referential +//! `struct`s from C. [Pinning][pinning] is Rust's way of ensuring data does not move. +//! +//! # Overview +//! +//! To initialize a `struct` with an in-place constructor you will need two things: +//! - an in-place constructor, +//! - a memory location that can hold your `struct`. +//! +//! To get an in-place constructor there are generally two options: +//! - a custom function/macro returning an in-place constructor provided by someone else, +//! - using the unsafe function [`pin_init_from_closure()`] to manually create an initializer. +//! +//! Aside from pinned initialization, this API also supports in-place construction without pinning, +//! the macros/types/functions are generally named like the pinned variants without the `pin` +//! prefix. +//! +//! [`sync`]: kernel::sync +//! [pinning]: https://doc.rust-lang.org/std/pin/index.html +//! [structurally pinned fields]: +//! https://doc.rust-lang.org/std/pin/index.html#pinning-is-structural-for-field +//! [`Arc`]: crate::sync::Arc +//! [`impl PinInit`]: PinInit +//! [`impl PinInit`]: PinInit +//! [`impl Init`]: Init +//! [`Opaque`]: kernel::types::Opaque +//! [`pin_data`]: ::macros::pin_data +//! [`UniqueArc`]: kernel::sync::UniqueArc +//! [`Box`]: alloc::boxed::Box + +use core::{convert::Infallible, marker::PhantomData, mem::MaybeUninit}; + +#[doc(hidden)] +pub mod __internal; + +/// A pin-initializer for the type `T`. +/// +/// To use this initializer, you will need a suitable memory location that can hold a `T`. This can +/// be [`Box`], [`Arc`], [`UniqueArc`]. +/// +/// Also see the [module description](self). +/// +/// # Safety +/// +/// When implementing this type you will need to take great care. Also there are probably very few +/// cases where a manual implementation is necessary. Use [`pin_init_from_closure`] where possible. +/// +/// The [`PinInit::__pinned_init`] function +/// - returns `Ok(())` if it initialized every field of `slot`, +/// - returns `Err(err)` if it encountered an error and then cleaned `slot`, this means: +/// - `slot` can be deallocated without UB occurring, +/// - `slot` does not need to be dropped, +/// - `slot` is not partially initialized. +/// - while constructing the `T` at `slot` it upholds the pinning invariants of `T`. +/// +/// [`Arc`]: crate::sync::Arc +/// [`Arc::pin_init`]: crate::sync::Arc::pin_init +/// [`UniqueArc`]: kernel::sync::UniqueArc +/// [`Box`]: alloc::boxed::Box +#[must_use = "An initializer must be used in order to create its value."] +pub unsafe trait PinInit: Sized { + /// Initializes `slot`. + /// + /// # Safety + /// + /// - `slot` is a valid pointer to uninitialized memory. + /// - the caller does not touch `slot` when `Err` is returned, they are only permitted to + /// deallocate. + /// - `slot` will not move until it is dropped, i.e. it will be pinned. + unsafe fn __pinned_init(self, slot: *mut T) -> Result<(), E>; +} + +/// An initializer for `T`. +/// +/// To use this initializer, you will need a suitable memory location that can hold a `T`. This can +/// be [`Box`], [`Arc`], [`UniqueArc`]. Because [`PinInit`] is a super trait, you can +/// use every function that takes it as well. +/// +/// Also see the [module description](self). +/// +/// # Safety +/// +/// When implementing this type you will need to take great care. Also there are probably very few +/// cases where a manual implementation is necessary. Use [`init_from_closure`] where possible. +/// +/// The [`Init::__init`] function +/// - returns `Ok(())` if it initialized every field of `slot`, +/// - returns `Err(err)` if it encountered an error and then cleaned `slot`, this means: +/// - `slot` can be deallocated without UB occurring, +/// - `slot` does not need to be dropped, +/// - `slot` is not partially initialized. +/// - while constructing the `T` at `slot` it upholds the pinning invariants of `T`. +/// +/// The `__pinned_init` function from the supertrait [`PinInit`] needs to execute the exact same +/// code as `__init`. +/// +/// Contrary to its supertype [`PinInit`] the caller is allowed to +/// move the pointee after initialization. +/// +/// [`Arc`]: crate::sync::Arc +/// [`UniqueArc`]: kernel::sync::UniqueArc +/// [`Box`]: alloc::boxed::Box +#[must_use = "An initializer must be used in order to create its value."] +pub unsafe trait Init: PinInit { + /// Initializes `slot`. + /// + /// # Safety + /// + /// - `slot` is a valid pointer to uninitialized memory. + /// - the caller does not touch `slot` when `Err` is returned, they are only permitted to + /// deallocate. + unsafe fn __init(self, slot: *mut T) -> Result<(), E>; +} + +/// Creates a new [`PinInit`] from the given closure. +/// +/// # Safety +/// +/// The closure: +/// - returns `Ok(())` if it initialized every field of `slot`, +/// - returns `Err(err)` if it encountered an error and then cleaned `slot`, this means: +/// - `slot` can be deallocated without UB occurring, +/// - `slot` does not need to be dropped, +/// - `slot` is not partially initialized. +/// - may assume that the `slot` does not move if `T: !Unpin`, +/// - while constructing the `T` at `slot` it upholds the pinning invariants of `T`. +#[inline] +pub const unsafe fn pin_init_from_closure( + f: impl FnOnce(*mut T) -> Result<(), E>, +) -> impl PinInit { + __internal::InitClosure(f, PhantomData) +} + +/// Creates a new [`Init`] from the given closure. +/// +/// # Safety +/// +/// The closure: +/// - returns `Ok(())` if it initialized every field of `slot`, +/// - returns `Err(err)` if it encountered an error and then cleaned `slot`, this means: +/// - `slot` can be deallocated without UB occurring, +/// - `slot` does not need to be dropped, +/// - `slot` is not partially initialized. +/// - the `slot` may move after initialization. +/// - while constructing the `T` at `slot` it upholds the pinning invariants of `T`. +#[inline] +pub const unsafe fn init_from_closure( + f: impl FnOnce(*mut T) -> Result<(), E>, +) -> impl Init { + __internal::InitClosure(f, PhantomData) +} + +/// An initializer that leaves the memory uninitialized. +/// +/// The initializer is a no-op. The `slot` memory is not changed. +#[inline] +pub fn uninit() -> impl Init, E> { + // SAFETY: The memory is allowed to be uninitialized. + unsafe { init_from_closure(|_| Ok(())) } +} + +// SAFETY: Every type can be initialized by-value. +unsafe impl PinInit for T { + unsafe fn __pinned_init(self, slot: *mut T) -> Result<(), Infallible> { + unsafe { slot.write(self) }; + Ok(()) + } +} + +// SAFETY: Every type can be initialized by-value. +unsafe impl Init for T { + unsafe fn __init(self, slot: *mut T) -> Result<(), Infallible> { + unsafe { slot.write(self) }; + Ok(()) + } +} diff --git a/rust/kernel/init/__internal.rs b/rust/kernel/init/__internal.rs new file mode 100644 index 000000000000..ddc03c3f0730 --- /dev/null +++ b/rust/kernel/init/__internal.rs @@ -0,0 +1,45 @@ +// SPDX-License-Identifier: Apache-2.0 OR MIT + +//! This module contains API-internal items for pin-init. +//! +//! These items must not be used outside of +//! - `kernel/init.rs` +//! - `macros/pin_data.rs` +//! - `macros/pinned_drop.rs` + +use super::*; + +/// See the [nomicon] for what subtyping is. See also [this table]. +/// +/// [nomicon]: https://doc.rust-lang.org/nomicon/subtyping.html +/// [this table]: https://doc.rust-lang.org/nomicon/phantom-data.html#table-of-phantomdata-patterns +type Invariant = PhantomData *mut T>; + +/// This is the module-internal type implementing `PinInit` and `Init`. It is unsafe to create this +/// type, since the closure needs to fulfill the same safety requirement as the +/// `__pinned_init`/`__init` functions. +pub(crate) struct InitClosure(pub(crate) F, pub(crate) Invariant<(E, T)>); + +// SAFETY: While constructing the `InitClosure`, the user promised that it upholds the +// `__pinned_init` invariants. +unsafe impl PinInit for InitClosure +where + F: FnOnce(*mut T) -> Result<(), E>, +{ + #[inline] + unsafe fn __pinned_init(self, slot: *mut T) -> Result<(), E> { + (self.0)(slot) + } +} + +// SAFETY: While constructing the `InitClosure`, the user promised that it upholds the +// `__init` invariants. +unsafe impl Init for InitClosure +where + F: FnOnce(*mut T) -> Result<(), E>, +{ + #[inline] + unsafe fn __init(self, slot: *mut T) -> Result<(), E> { + (self.0)(slot) + } +} diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs index 4317b6d5f50b..821bd067151c 100644 --- a/rust/kernel/lib.rs +++ b/rust/kernel/lib.rs @@ -16,7 +16,9 @@ #![feature(coerce_unsized)] #![feature(core_ffi_c)] #![feature(dispatch_from_dyn)] +#![feature(explicit_generic_args_with_impl_trait)] #![feature(generic_associated_types)] +#![feature(new_uninit)] #![feature(pin_macro)] #![feature(receiver_trait)] #![feature(unsize)] @@ -26,11 +28,16 @@ #[cfg(not(CONFIG_RUST))] compile_error!("Missing kernel configuration for conditional compilation"); +#[allow(unused_extern_crates)] +// Allow proc-macros to refer to `::kernel` inside the `kernel` crate (this crate). +extern crate self as kernel; + #[cfg(not(test))] #[cfg(not(testlib))] mod allocator; mod build_assert; pub mod error; +pub mod init; pub mod prelude; pub mod print; mod static_assert; diff --git a/scripts/Makefile.build b/scripts/Makefile.build index 76323201232a..f9bdc01c8191 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -277,7 +277,7 @@ $(obj)/%.lst: $(src)/%.c FORCE # Compile Rust sources (.rs) # --------------------------------------------------------------------------- -rust_allowed_features := core_ffi_c +rust_allowed_features := core_ffi_c,explicit_generic_args_with_impl_trait rust_common_cmd = \ RUST_MODFILE=$(modfile) $(RUSTC_OR_CLIPPY) $(rust_flags) \ From patchwork Fri Mar 31 21:53:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: y86-dev X-Patchwork-Id: 78005 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp870883vqo; Fri, 31 Mar 2023 15:12:36 -0700 (PDT) X-Google-Smtp-Source: AKy350aqinVEhHgnV8+IT8/S2UbQwC4wgD+QhS+lQ2mILDQAt9NrEBlojHdLavU3FIKr72sGS3dU X-Received: by 2002:a17:907:6ea8:b0:930:a3a1:bede with SMTP id sh40-20020a1709076ea800b00930a3a1bedemr37531023ejc.50.1680300755987; Fri, 31 Mar 2023 15:12:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680300755; cv=none; d=google.com; s=arc-20160816; b=zij7fqxANX25aTNs6lNGrzOQUcTN0ZvAt3IOh2z6VS73OSelGTF2xIEB3NrgdBipGL 6PJApRSGZkJ0xbms2/WyBlYi4iG446JdVPrBZ6HwENnHUUTxrbbAXqvFNxgzkXJ87S5j RGsHxlIfLXtXah7y1wHXI3+glMFNzHz6mknLt4CWIflju8OZNV0hc/SSTUj0OtyDsMdR TuqWxy7KRCVz4BAIVDR1KQFxr8l2vQtunG+dLmziqf86RZr/B5LaSffr/6MyHNGYSdH+ rt6L7BmLAXtKMKEZb2CUFV2gHzGERG9vSaBIwKcfBVzHNzbhrR0CZvE70/ZpraJBqXwy tRrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :feedback-id:references:in-reply-to:message-id:subject:cc:from:to :dkim-signature:date; bh=dRJqpj7gtWwtFTTZJYuMe4JZSdRZdflCi052eSgiCEY=; b=ruKOl0GNbXDJqQmGf/I8Cgu7GkbQ+EZLxIORUTnl6Ucf+5ttosU7fFOBpZuQXrLlXS CVzXA5Xf9/2WaImA9BAso8lfhv4eHA1GQJcOzigr+0yG8bg6X5+W4sll46SdSTMUvq03 BmarXLGjt6e/8NvAUSk3s4Pwxb0s4Mi4G4/Lr7C6TzPycKGWeg4YDbAqxYqUrLTsaHJD IFb4hifcZ6nI4x2e5Xvnd3+RlqXHkrxSzNpaGMWt7NDX50iugE/lAxZOp4zsFAs5Rmit ZfAgEiXNwAq4sHlk7Szx15LW1DMiWP5cyddFfDoSNZAIeGXZM08QD5kg+YZPGRNENAB7 5OTg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=VfIFbqZI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hb19-20020a170907161300b0093a15738c2bsi3355945ejc.25.2023.03.31.15.12.12; Fri, 31 Mar 2023 15:12:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=VfIFbqZI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233310AbjCaVy5 (ORCPT + 99 others); Fri, 31 Mar 2023 17:54:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45964 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233448AbjCaVyh (ORCPT ); Fri, 31 Mar 2023 17:54:37 -0400 Received: from mail-40133.protonmail.ch (mail-40133.protonmail.ch [185.70.40.133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 996752624D for ; Fri, 31 Mar 2023 14:53:54 -0700 (PDT) Date: Fri, 31 Mar 2023 21:53:11 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1680299608; x=1680558808; bh=dRJqpj7gtWwtFTTZJYuMe4JZSdRZdflCi052eSgiCEY=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=VfIFbqZIZCHDekN9oa4cGi3rvnsdr70Zv2nAe9x77Kr3riuD2eq+perVlkyd+tSfL zpEPZ8YI/KqiJN5A2Bs7Rfi46CD8Pni1f3vPYJnaAXU59wqd2ZvJcco4zV8gJ+INiJ FgNyoi8Ua6q52KkZgRiJxOUPvq+PW8HgXvvsTfX59t1Qdlj8E8USu9Lb7FkjYJ/COG q1WJ2+FizltUHNbgHWp1VAFmkYcHtD8ih4mUYRKi0wAN2V8FsyRcwy5n2J6DFYG8ra 1vOp43FIc1dTM6vVFWxiAlBMU9fjMpUqXw2EoFk4TKQUbc98538wAknIRuNGp4KZxm eUXO4ZsZqY/6A== To: Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Alice Ryhl From: y86-dev@protonmail.com Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, patches@lists.linux.dev, Benno Lossin , Alice Ryhl , Andreas Hindborg Subject: [PATCH v4 07/15] rust: init: add initialization macros Message-ID: <20230331215053.585759-8-y86-dev@protonmail.com> In-Reply-To: <20230331215053.585759-1-y86-dev@protonmail.com> References: <20230331215053.585759-1-y86-dev@protonmail.com> Feedback-ID: 40624463:user:proton MIME-Version: 1.0 X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_MSPIKE_H2, SPF_HELO_PASS,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1761923045553007284?= X-GMAIL-MSGID: =?utf-8?q?1761923045553007284?= From: Benno Lossin Add the following initializer macros: - `#[pin_data]` to annotate structurally pinned fields of structs, needed for `pin_init!` and `try_pin_init!` to select the correct initializer of fields. - `pin_init!` create a pin-initializer for a struct with the `Infallible` error type. - `try_pin_init!` create a pin-initializer for a struct with a custom error type (`kernel::error::Error` is the default). - `init!` create an in-place-initializer for a struct with the `Infallible` error type. - `try_init!` create an in-place-initializer for a struct with a custom error type (`kernel::error::Error` is the default). Also add their needed internal helper traits and structs. Co-developed-by: Gary Guo Signed-off-by: Gary Guo Signed-off-by: Benno Lossin Cc: Alice Ryhl Cc: Andreas Hindborg --- rust/kernel/init.rs | 810 ++++++++++++++++++++++++++++++++- rust/kernel/init/__internal.rs | 124 +++++ rust/kernel/init/macros.rs | 707 ++++++++++++++++++++++++++++ rust/macros/lib.rs | 29 ++ rust/macros/pin_data.rs | 79 ++++ rust/macros/quote.rs | 2 - 6 files changed, 1744 insertions(+), 7 deletions(-) create mode 100644 rust/kernel/init/macros.rs create mode 100644 rust/macros/pin_data.rs -- 2.39.2 diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs index f8d147e47fe7..14cc5d2dafef 100644 --- a/rust/kernel/init.rs +++ b/rust/kernel/init.rs @@ -14,7 +14,8 @@ //! - an in-place constructor, //! - a memory location that can hold your `struct`. //! -//! To get an in-place constructor there are generally two options: +//! To get an in-place constructor there are generally three options: +//! - directly creating an in-place constructor using the [`pin_init!`] macro, //! - a custom function/macro returning an in-place constructor provided by someone else, //! - using the unsafe function [`pin_init_from_closure()`] to manually create an initializer. //! @@ -22,6 +23,87 @@ //! the macros/types/functions are generally named like the pinned variants without the `pin` //! prefix. //! +//! # Examples +//! +//! ## Using the [`pin_init!`] macro +//! +//! If you want to use [`PinInit`], then you will have to annotate your `struct` with +//! `#[`[`pin_data`]`]`. It is a macro that uses `#[pin]` as a marker for +//! [structurally pinned fields]. After doing this, you can then create an in-place constructor via +//! [`pin_init!`]. The syntax is almost the same as normal `struct` initializers. The difference is +//! that you need to write `<-` instead of `:` for fields that you want to initialize in-place. +//! +//! ```rust +//! # #![allow(clippy::disallowed_names, clippy::new_ret_no_self)] +//! use kernel::{prelude::*, sync::Mutex, new_mutex}; +//! # use core::pin::Pin; +//! #[pin_data] +//! struct Foo { +//! #[pin] +//! a: Mutex, +//! b: u32, +//! } +//! +//! let foo = pin_init!(Foo { +//! a <- new_mutex!(42, "Foo::a"), +//! b: 24, +//! }); +//! ``` +//! +//! `foo` now is of the type [`impl PinInit`]. We can now use any smart pointer that we like +//! (or just the stack) to actually initialize a `Foo`: +//! +//! ```rust +//! # #![allow(clippy::disallowed_names, clippy::new_ret_no_self)] +//! # use kernel::{prelude::*, sync::Mutex, new_mutex}; +//! # use core::pin::Pin; +//! # #[pin_data] +//! # struct Foo { +//! # #[pin] +//! # a: Mutex, +//! # b: u32, +//! # } +//! # let foo = pin_init!(Foo { +//! # a <- new_mutex!(42, "Foo::a"), +//! # b: 24, +//! # }); +//! let foo: Result>> = Box::pin_init(foo); +//! ``` +//! +//! For more information see the [`pin_init!`] macro. +//! +//! ## Using a custom function/macro that returns an initializer +//! +//! Many types from the kernel supply a function/macro that returns an initializer, because the +//! above method only works for types where you can access the fields. +//! +//! ```rust +//! # use kernel::{new_mutex, sync::{Arc, Mutex}}; +//! let mtx: Result>> = Arc::pin_init(new_mutex!(42, "example::mtx")); +//! ``` +//! +//! To declare an init macro/function you just return an [`impl PinInit`]: +//! +//! ```rust +//! # #![allow(clippy::disallowed_names, clippy::new_ret_no_self)] +//! # use kernel::{sync::Mutex, prelude::*, new_mutex, init::PinInit, try_pin_init}; +//! #[pin_data] +//! struct DriverData { +//! #[pin] +//! status: Mutex, +//! buffer: Box<[u8; 1_000_000]>, +//! } +//! +//! impl DriverData { +//! fn new() -> impl PinInit { +//! try_pin_init!(Self { +//! status <- new_mutex!(0, "DriverData::status"), +//! buffer: Box::init(kernel::init::zeroed())?, +//! }) +//! } +//! } +//! ``` +//! //! [`sync`]: kernel::sync //! [pinning]: https://doc.rust-lang.org/std/pin/index.html //! [structurally pinned fields]: @@ -33,12 +115,732 @@ //! [`Opaque`]: kernel::types::Opaque //! [`pin_data`]: ::macros::pin_data //! [`UniqueArc`]: kernel::sync::UniqueArc -//! [`Box`]: alloc::boxed::Box -use core::{convert::Infallible, marker::PhantomData, mem::MaybeUninit}; +use alloc::boxed::Box; +use core::{cell::Cell, convert::Infallible, marker::PhantomData, mem::MaybeUninit, ptr}; #[doc(hidden)] pub mod __internal; +#[doc(hidden)] +pub mod macros; + +/// Construct an in-place, pinned initializer for `struct`s. +/// +/// This macro defaults the error to [`Infallible`]. If you need [`Error`], then use +/// [`try_pin_init!`]. +/// +/// The syntax is almost identical to that of a normal `struct` initializer: +/// +/// ```rust +/// # #![allow(clippy::disallowed_names, clippy::new_ret_no_self)] +/// # use kernel::{init, pin_init, macros::pin_data, init::*}; +/// # use core::pin::Pin; +/// #[pin_data] +/// struct Foo { +/// a: usize, +/// b: Bar, +/// } +/// +/// #[pin_data] +/// struct Bar { +/// x: u32, +/// } +/// +/// # fn demo() -> impl PinInit { +/// let a = 42; +/// +/// let initializer = pin_init!(Foo { +/// a, +/// b: Bar { +/// x: 64, +/// }, +/// }); +/// # initializer } +/// # Box::pin_init(demo()).unwrap(); +/// ``` +/// +/// Arbitrary Rust expressions can be used to set the value of a variable. +/// +/// The fields are initialized in the order that they appear in the initializer. So it is possible +/// to read already initialized fields using raw pointers. +/// +/// IMPORTANT: You are not allowed to create references to fields of the struct inside of the +/// initializer. +/// +/// # Init-functions +/// +/// When working with this API it is often desired to let others construct your types without +/// giving access to all fields. This is where you would normally write a plain function `new` +/// that would return a new instance of your type. With this API that is also possible. +/// However, there are a few extra things to keep in mind. +/// +/// To create an initializer function, simply declare it like this: +/// +/// ```rust +/// # #![allow(clippy::disallowed_names, clippy::new_ret_no_self)] +/// # use kernel::{init, pin_init, prelude::*, init::*}; +/// # use core::pin::Pin; +/// # #[pin_data] +/// # struct Foo { +/// # a: usize, +/// # b: Bar, +/// # } +/// # #[pin_data] +/// # struct Bar { +/// # x: u32, +/// # } +/// impl Foo { +/// fn new() -> impl PinInit { +/// pin_init!(Self { +/// a: 42, +/// b: Bar { +/// x: 64, +/// }, +/// }) +/// } +/// } +/// ``` +/// +/// Users of `Foo` can now create it like this: +/// +/// ```rust +/// # #![allow(clippy::disallowed_names, clippy::new_ret_no_self)] +/// # use kernel::{init, pin_init, macros::pin_data, init::*}; +/// # use core::pin::Pin; +/// # #[pin_data] +/// # struct Foo { +/// # a: usize, +/// # b: Bar, +/// # } +/// # #[pin_data] +/// # struct Bar { +/// # x: u32, +/// # } +/// # impl Foo { +/// # fn new() -> impl PinInit { +/// # pin_init!(Self { +/// # a: 42, +/// # b: Bar { +/// # x: 64, +/// # }, +/// # }) +/// # } +/// # } +/// let foo = Box::pin_init(Foo::new()); +/// ``` +/// +/// They can also easily embed it into their own `struct`s: +/// +/// ```rust +/// # #![allow(clippy::disallowed_names, clippy::new_ret_no_self)] +/// # use kernel::{init, pin_init, macros::pin_data, init::*}; +/// # use core::pin::Pin; +/// # #[pin_data] +/// # struct Foo { +/// # a: usize, +/// # b: Bar, +/// # } +/// # #[pin_data] +/// # struct Bar { +/// # x: u32, +/// # } +/// # impl Foo { +/// # fn new() -> impl PinInit { +/// # pin_init!(Self { +/// # a: 42, +/// # b: Bar { +/// # x: 64, +/// # }, +/// # }) +/// # } +/// # } +/// #[pin_data] +/// struct FooContainer { +/// #[pin] +/// foo1: Foo, +/// #[pin] +/// foo2: Foo, +/// other: u32, +/// } +/// +/// impl FooContainer { +/// fn new(other: u32) -> impl PinInit { +/// pin_init!(Self { +/// foo1 <- Foo::new(), +/// foo2 <- Foo::new(), +/// other, +/// }) +/// } +/// } +/// ``` +/// +/// Here we see that when using `pin_init!` with `PinInit`, one needs to write `<-` instead of `:`. +/// This signifies that the given field is initialized in-place. As with `struct` initializers, just +/// writing the field (in this case `other`) without `:` or `<-` means `other: other,`. +/// +/// # Syntax +/// +/// As already mentioned in the examples above, inside of `pin_init!` a `struct` initializer with +/// the following modifications is expected: +/// - Fields that you want to initialize in-place have to use `<-` instead of `:`. +/// - In front of the initializer you can write `&this in` to have access to a [`NonNull`] +/// pointer named `this` inside of the initializer. +/// +/// For instance: +/// +/// ```rust +/// # use kernel::pin_init; +/// # use macros::pin_data; +/// # use core::{ptr::addr_of_mut, marker::PhantomPinned}; +/// #[pin_data] +/// struct Buf { +/// // `ptr` points into `buf`. +/// ptr: *mut u8, +/// buf: [u8; 64], +/// #[pin] +/// pin: PhantomPinned, +/// } +/// pin_init!(&this in Buf { +/// buf: [0; 64], +/// ptr: unsafe { addr_of_mut!((*this.as_ptr()).buf).cast() }, +/// pin: PhantomPinned, +/// }); +/// ``` +/// +/// [`try_pin_init!`]: kernel::try_pin_init +/// [`NonNull`]: core::ptr::NonNull +/// [`Error`]: kernel::error::Error +// For a detailed example of how this macro works, see the module documentation of the hidden +// module `__internal` inside of `init/__internal.rs`. +#[macro_export] +macro_rules! pin_init { + ($(&$this:ident in)? $t:ident $(::<$($generics:ty),* $(,)?>)? { + $($fields:tt)* + }) => { + $crate::try_pin_init!( + @this($($this)?), + @typ($t $(::<$($generics),*>)?), + @fields($($fields)*), + @error(::core::convert::Infallible), + ) + }; +} + +/// Construct an in-place, fallible pinned initializer for `struct`s. +/// +/// If the initialization can complete without error (or [`Infallible`]), then use [`pin_init!`]. +/// +/// You can use the `?` operator or use `return Err(err)` inside the initializer to stop +/// initialization and return the error. +/// +/// IMPORTANT: if you have `unsafe` code inside of the initializer you have to ensure that when +/// initialization fails, the memory can be safely deallocated without any further modifications. +/// +/// This macro defaults the error to [`Error`]. +/// +/// The syntax is identical to [`pin_init!`] with the following exception: you can append `? $type` +/// after the `struct` initializer to specify the error type you want to use. +/// +/// # Examples +/// +/// ```rust +/// # #![feature(new_uninit)] +/// use kernel::{init::{self, PinInit}, error::Error}; +/// #[pin_data] +/// struct BigBuf { +/// big: Box<[u8; 1024 * 1024 * 1024]>, +/// small: [u8; 1024 * 1024], +/// ptr: *mut u8, +/// } +/// +/// impl BigBuf { +/// fn new() -> impl PinInit { +/// try_pin_init!(Self { +/// big: Box::init(init::zeroed())?, +/// small: [0; 1024 * 1024], +/// ptr: core::ptr::null_mut(), +/// }? Error) +/// } +/// } +/// ``` +/// +/// [`Error`]: kernel::error::Error +// For a detailed example of how this macro works, see the module documentation of the hidden +// module `__internal` inside of `init/__internal.rs`. +#[macro_export] +macro_rules! try_pin_init { + ($(&$this:ident in)? $t:ident $(::<$($generics:ty),* $(,)?>)? { + $($fields:tt)* + }) => { + $crate::try_pin_init!( + @this($($this)?), + @typ($t $(::<$($generics),*>)? ), + @fields($($fields)*), + @error($crate::error::Error), + ) + }; + ($(&$this:ident in)? $t:ident $(::<$($generics:ty),* $(,)?>)? { + $($fields:tt)* + }? $err:ty) => { + $crate::try_pin_init!( + @this($($this)?), + @typ($t $(::<$($generics),*>)? ), + @fields($($fields)*), + @error($err), + ) + }; + ( + @this($($this:ident)?), + @typ($t:ident $(::<$($generics:ty),*>)?), + @fields($($fields:tt)*), + @error($err:ty), + ) => {{ + // We do not want to allow arbitrary returns, so we declare this type as the `Ok` return + // type and shadow it later when we insert the arbitrary user code. That way there will be + // no possibility of returning without `unsafe`. + struct __InitOk; + // Get the pin data from the supplied type. + let data = unsafe { + use $crate::init::__internal::HasPinData; + $t$(::<$($generics),*>)?::__pin_data() + }; + // Ensure that `data` really is of type `PinData` and help with type inference: + let init = $crate::init::__internal::PinData::make_closure::<_, __InitOk, $err>( + data, + move |slot| { + { + // Shadow the structure so it cannot be used to return early. + struct __InitOk; + // Create the `this` so it can be referenced by the user inside of the + // expressions creating the individual fields. + $(let $this = unsafe { ::core::ptr::NonNull::new_unchecked(slot) };)? + // Initialize every field. + $crate::try_pin_init!(init_slot: + @data(data), + @slot(slot), + @munch_fields($($fields)*,), + ); + // We use unreachable code to ensure that all fields have been mentioned exactly + // once, this struct initializer will still be type-checked and complain with a + // very natural error message if a field is forgotten/mentioned more than once. + #[allow(unreachable_code, clippy::diverging_sub_expression)] + if false { + $crate::try_pin_init!(make_initializer: + @slot(slot), + @type_name($t), + @munch_fields($($fields)*,), + @acc(), + ); + } + // Forget all guards, since initialization was a success. + $crate::try_pin_init!(forget_guards: + @munch_fields($($fields)*,), + ); + } + Ok(__InitOk) + } + ); + let init = move |slot| -> ::core::result::Result<(), $err> { + init(slot).map(|__InitOk| ()) + }; + let init = unsafe { $crate::init::pin_init_from_closure::<_, $err>(init) }; + init + }}; + (init_slot: + @data($data:ident), + @slot($slot:ident), + @munch_fields($(,)?), + ) => { + // Endpoint of munching, no fields are left. + }; + (init_slot: + @data($data:ident), + @slot($slot:ident), + // In-place initialization syntax. + @munch_fields($field:ident <- $val:expr, $($rest:tt)*), + ) => { + let $field = $val; + // Call the initializer. + // + // SAFETY: `slot` is valid, because we are inside of an initializer closure, we + // return when an error/panic occurs. + // We also use the `data` to require the correct trait (`Init` or `PinInit`) for `$field`. + unsafe { $data.$field(::core::ptr::addr_of_mut!((*$slot).$field), $field)? }; + // Create the drop guard. + // + // We only give access to `&DropGuard`, so it cannot be forgotten via safe code. + // + // SAFETY: We forget the guard later when initialization has succeeded. + let $field = &unsafe { + $crate::init::__internal::DropGuard::new(::core::ptr::addr_of_mut!((*$slot).$field)) + }; + + $crate::try_pin_init!(init_slot: + @data($data), + @slot($slot), + @munch_fields($($rest)*), + ); + }; + (init_slot: + @data($data:ident), + @slot($slot:ident), + // Direct value init, this is safe for every field. + @munch_fields($field:ident $(: $val:expr)?, $($rest:tt)*), + ) => { + $(let $field = $val;)? + // Initialize the field. + // + // SAFETY: The memory at `slot` is uninitialized. + unsafe { ::core::ptr::write(::core::ptr::addr_of_mut!((*$slot).$field), $field) }; + // Create the drop guard: + // + // We only give access to `&DropGuard`, so it cannot be accidentally forgotten. + // + // SAFETY: We forget the guard later when initialization has succeeded. + let $field = &unsafe { + $crate::init::__internal::DropGuard::new(::core::ptr::addr_of_mut!((*$slot).$field)) + }; + + $crate::try_pin_init!(init_slot: + @data($data), + @slot($slot), + @munch_fields($($rest)*), + ); + }; + (make_initializer: + @slot($slot:ident), + @type_name($t:ident), + @munch_fields($(,)?), + @acc($($acc:tt)*), + ) => { + // Endpoint, nothing more to munch, create the initializer. + // Since we are in the `if false` branch, this will never get executed. We abuse `slot` to + // get the correct type inference here: + unsafe { + ::core::ptr::write($slot, $t { + $($acc)* + }); + } + }; + (make_initializer: + @slot($slot:ident), + @type_name($t:ident), + @munch_fields($field:ident <- $val:expr, $($rest:tt)*), + @acc($($acc:tt)*), + ) => { + $crate::try_pin_init!(make_initializer: + @slot($slot), + @type_name($t), + @munch_fields($($rest)*), + @acc($($acc)* $field: ::core::panic!(),), + ); + }; + (make_initializer: + @slot($slot:ident), + @type_name($t:ident), + @munch_fields($field:ident $(: $val:expr)?, $($rest:tt)*), + @acc($($acc:tt)*), + ) => { + $crate::try_pin_init!(make_initializer: + @slot($slot), + @type_name($t), + @munch_fields($($rest)*), + @acc($($acc)* $field: ::core::panic!(),), + ); + }; + (forget_guards: + @munch_fields($(,)?), + ) => { + // Munching finished. + }; + (forget_guards: + @munch_fields($field:ident <- $val:expr, $($rest:tt)*), + ) => { + unsafe { $crate::init::__internal::DropGuard::forget($field) }; + + $crate::try_pin_init!(forget_guards: + @munch_fields($($rest)*), + ); + }; + (forget_guards: + @munch_fields($field:ident $(: $val:expr)?, $($rest:tt)*), + ) => { + unsafe { $crate::init::__internal::DropGuard::forget($field) }; + + $crate::try_pin_init!(forget_guards: + @munch_fields($($rest)*), + ); + }; +} + +/// Construct an in-place initializer for `struct`s. +/// +/// This macro defaults the error to [`Infallible`]. If you need [`Error`], then use +/// [`try_init!`]. +/// +/// The syntax is identical to [`pin_init!`] and its safety caveats also apply: +/// - `unsafe` code must guarantee either full initialization or return an error and allow +/// deallocation of the memory. +/// - the fields are initialized in the order given in the initializer. +/// - no references to fields are allowed to be created inside of the initializer. +/// +/// This initializer is for initializing data in-place that might later be moved. If you want to +/// pin-initialize, use [`pin_init!`]. +/// +/// [`Error`]: kernel::error::Error +// For a detailed example of how this macro works, see the module documentation of the hidden +// module `__internal` inside of `init/__internal.rs`. +#[macro_export] +macro_rules! init { + ($(&$this:ident in)? $t:ident $(::<$($generics:ty),* $(,)?>)? { + $($fields:tt)* + }) => { + $crate::try_init!( + @this($($this)?), + @typ($t $(::<$($generics),*>)?), + @fields($($fields)*), + @error(::core::convert::Infallible), + ) + } +} + +/// Construct an in-place fallible initializer for `struct`s. +/// +/// This macro defaults the error to [`Error`]. If you need [`Infallible`], then use +/// [`init!`]. +/// +/// The syntax is identical to [`try_pin_init!`]. If you want to specify a custom error, +/// append `? $type` after the `struct` initializer. +/// The safety caveats from [`try_pin_init!`] also apply: +/// - `unsafe` code must guarantee either full initialization or return an error and allow +/// deallocation of the memory. +/// - the fields are initialized in the order given in the initializer. +/// - no references to fields are allowed to be created inside of the initializer. +/// +/// # Examples +/// +/// ```rust +/// use kernel::{init::PinInit, error::Error}; +/// struct BigBuf { +/// big: Box<[u8; 1024 * 1024 * 1024]>, +/// small: [u8; 1024 * 1024], +/// } +/// +/// impl BigBuf { +/// fn new() -> impl Init { +/// try_init!(Self { +/// big: { +/// let zero = Box::try_new_zeroed()?; +/// unsafe { zero.assume_init() } +/// }, +/// small: [0; 1024 * 1024], +/// }? Error) +/// } +/// } +/// ``` +/// +/// [`Error`]: kernel::error::Error +// For a detailed example of how this macro works, see the module documentation of the hidden +// module `__internal` inside of `init/__internal.rs`. +#[macro_export] +macro_rules! try_init { + ($(&$this:ident in)? $t:ident $(::<$($generics:ty),* $(,)?>)? { + $($fields:tt)* + }) => { + $crate::try_init!( + @this($($this)?), + @typ($t $(::<$($generics),*>)?), + @fields($($fields)*), + @error($crate::error::Error), + ) + }; + ($(&$this:ident in)? $t:ident $(::<$($generics:ty),* $(,)?>)? { + $($fields:tt)* + }? $err:ty) => { + $crate::try_init!( + @this($($this)?), + @typ($t $(::<$($generics),*>)?), + @fields($($fields)*), + @error($err), + ) + }; + ( + @this($($this:ident)?), + @typ($t:ident $(::<$($generics:ty),*>)?), + @fields($($fields:tt)*), + @error($err:ty), + ) => {{ + // We do not want to allow arbitrary returns, so we declare this type as the `Ok` return + // type and shadow it later when we insert the arbitrary user code. That way there will be + // no possibility of returning without `unsafe`. + struct __InitOk; + // Get the init data from the supplied type. + let data = unsafe { + use $crate::init::__internal::HasInitData; + $t$(::<$($generics),*>)?::__init_data() + }; + // Ensure that `data` really is of type `InitData` and help with type inference: + let init = $crate::init::__internal::InitData::make_closure::<_, __InitOk, $err>( + data, + move |slot| { + { + // Shadow the structure so it cannot be used to return early. + struct __InitOk; + // Create the `this` so it can be referenced by the user inside of the + // expressions creating the individual fields. + $(let $this = unsafe { ::core::ptr::NonNull::new_unchecked(slot) };)? + // Initialize every field. + $crate::try_init!(init_slot: + @slot(slot), + @munch_fields($($fields)*,), + ); + // We use unreachable code to ensure that all fields have been mentioned exactly + // once, this struct initializer will still be type-checked and complain with a + // very natural error message if a field is forgotten/mentioned more than once. + #[allow(unreachable_code, clippy::diverging_sub_expression)] + if false { + $crate::try_init!(make_initializer: + @slot(slot), + @type_name($t), + @munch_fields($($fields)*,), + @acc(), + ); + } + // Forget all guards, since initialization was a success. + $crate::try_init!(forget_guards: + @munch_fields($($fields)*,), + ); + } + Ok(__InitOk) + } + ); + let init = move |slot| -> ::core::result::Result<(), $err> { + init(slot).map(|__InitOk| ()) + }; + let init = unsafe { $crate::init::init_from_closure::<_, $err>(init) }; + init + }}; + (init_slot: + @slot($slot:ident), + @munch_fields( $(,)?), + ) => { + // Endpoint of munching, no fields are left. + }; + (init_slot: + @slot($slot:ident), + @munch_fields($field:ident <- $val:expr, $($rest:tt)*), + ) => { + let $field = $val; + // Call the initializer. + // + // SAFETY: `slot` is valid, because we are inside of an initializer closure, we + // return when an error/panic occurs. + unsafe { + $crate::init::Init::__init($field, ::core::ptr::addr_of_mut!((*$slot).$field))?; + } + // Create the drop guard. + // + // We only give access to `&DropGuard`, so it cannot be accidentally forgotten. + // + // SAFETY: We forget the guard later when initialization has succeeded. + let $field = &unsafe { + $crate::init::__internal::DropGuard::new(::core::ptr::addr_of_mut!((*$slot).$field)) + }; + + $crate::try_init!(init_slot: + @slot($slot), + @munch_fields($($rest)*), + ); + }; + (init_slot: + @slot($slot:ident), + // Direct value init. + @munch_fields($field:ident $(: $val:expr)?, $($rest:tt)*), + ) => { + $(let $field = $val;)? + // Call the initializer. + // + // SAFETY: The memory at `slot` is uninitialized. + unsafe { ::core::ptr::write(::core::ptr::addr_of_mut!((*$slot).$field), $field) }; + // Create the drop guard. + // + // We only give access to `&DropGuard`, so it cannot be accidentally forgotten. + // + // SAFETY: We forget the guard later when initialization has succeeded. + let $field = &unsafe { + $crate::init::__internal::DropGuard::new(::core::ptr::addr_of_mut!((*$slot).$field)) + }; + + $crate::try_init!(init_slot: + @slot($slot), + @munch_fields($($rest)*), + ); + }; + (make_initializer: + @slot($slot:ident), + @type_name($t:ident), + @munch_fields( $(,)?), + @acc($($acc:tt)*), + ) => { + // Endpoint, nothing more to munch, create the initializer. + // Since we are in the `if false` branch, this will never get executed. We abuse `slot` to + // get the correct type inference here: + unsafe { + ::core::ptr::write($slot, $t { + $($acc)* + }); + } + }; + (make_initializer: + @slot($slot:ident), + @type_name($t:ident), + @munch_fields($field:ident <- $val:expr, $($rest:tt)*), + @acc($($acc:tt)*), + ) => { + $crate::try_init!(make_initializer: + @slot($slot), + @type_name($t), + @munch_fields($($rest)*), + @acc($($acc)*$field: ::core::panic!(),), + ); + }; + (make_initializer: + @slot($slot:ident), + @type_name($t:ident), + @munch_fields($field:ident $(: $val:expr)?, $($rest:tt)*), + @acc($($acc:tt)*), + ) => { + $crate::try_init!(make_initializer: + @slot($slot), + @type_name($t), + @munch_fields($($rest)*), + @acc($($acc)*$field: ::core::panic!(),), + ); + }; + (forget_guards: + @munch_fields($(,)?), + ) => { + // Munching finished. + }; + (forget_guards: + @munch_fields($field:ident <- $val:expr, $($rest:tt)*), + ) => { + unsafe { $crate::init::__internal::DropGuard::forget($field) }; + + $crate::try_init!(forget_guards: + @munch_fields($($rest)*), + ); + }; + (forget_guards: + @munch_fields($field:ident $(: $val:expr)?, $($rest:tt)*), + ) => { + unsafe { $crate::init::__internal::DropGuard::forget($field) }; + + $crate::try_init!(forget_guards: + @munch_fields($($rest)*), + ); + }; +} /// A pin-initializer for the type `T`. /// @@ -63,7 +865,6 @@ pub mod __internal; /// [`Arc`]: crate::sync::Arc /// [`Arc::pin_init`]: crate::sync::Arc::pin_init /// [`UniqueArc`]: kernel::sync::UniqueArc -/// [`Box`]: alloc::boxed::Box #[must_use = "An initializer must be used in order to create its value."] pub unsafe trait PinInit: Sized { /// Initializes `slot`. @@ -106,7 +907,6 @@ pub unsafe trait PinInit: Sized { /// /// [`Arc`]: crate::sync::Arc /// [`UniqueArc`]: kernel::sync::UniqueArc -/// [`Box`]: alloc::boxed::Box #[must_use = "An initializer must be used in order to create its value."] pub unsafe trait Init: PinInit { /// Initializes `slot`. diff --git a/rust/kernel/init/__internal.rs b/rust/kernel/init/__internal.rs index ddc03c3f0730..0105290250f8 100644 --- a/rust/kernel/init/__internal.rs +++ b/rust/kernel/init/__internal.rs @@ -43,3 +43,127 @@ where (self.0)(slot) } } + +/// This trait is only implemented via the `#[pin_data]` proc-macro. It is used to facilitate +/// the pin projections within the initializers. +/// +/// # Safety +/// +/// Only the `init` module is allowed to use this trait. +pub unsafe trait HasPinData { + type PinData: PinData; + + unsafe fn __pin_data() -> Self::PinData; +} + +/// Marker trait for pinning data of structs. +/// +/// # Safety +/// +/// Only the `init` module is allowed to use this trait. +pub unsafe trait PinData: Copy { + type Datee: ?Sized + HasPinData; + + /// Type inference helper function. + fn make_closure(self, f: F) -> F + where + F: FnOnce(*mut Self::Datee) -> Result, + { + f + } +} + +/// This trait is automatically implemented for every type. It aims to provide the same type +/// inference help as `HasPinData`. +/// +/// # Safety +/// +/// Only the `init` module is allowed to use this trait. +pub unsafe trait HasInitData { + type InitData: InitData; + + unsafe fn __init_data() -> Self::InitData; +} + +/// Same function as `PinData`, but for arbitrary data. +/// +/// # Safety +/// +/// Only the `init` module is allowed to use this trait. +pub unsafe trait InitData: Copy { + type Datee: ?Sized + HasInitData; + + /// Type inference helper function. + fn make_closure(self, f: F) -> F + where + F: FnOnce(*mut Self::Datee) -> Result, + { + f + } +} + +pub struct AllData(PhantomData) -> Box>); + +impl Clone for AllData { + fn clone(&self) -> Self { + *self + } +} + +impl Copy for AllData {} + +unsafe impl InitData for AllData { + type Datee = T; +} + +unsafe impl HasInitData for T { + type InitData = AllData; + + unsafe fn __init_data() -> Self::InitData { + AllData(PhantomData) + } +} + +/// When a value of this type is dropped, it drops a `T`. +/// +/// Can be forgotton to prevent the drop. +pub struct DropGuard(*mut T, Cell); + +impl DropGuard { + /// Creates a new [`DropGuard`]. It will [`ptr::drop_in_place`] `ptr` when it gets dropped. + /// + /// # Safety + /// + /// `ptr` must be a valid pointer. + /// + /// It is the callers responsibility that `self` will only get dropped if the pointee of `ptr`: + /// - has not been dropped, + /// - is not accessible by any other means, + /// - will not be dropped by any other means. + #[inline] + pub unsafe fn new(ptr: *mut T) -> Self { + Self(ptr, Cell::new(true)) + } + + /// Prevents this guard from dropping the supplied pointer. + /// + /// # Safety + /// + /// This function is unsafe in order to prevent safe code from forgetting this guard. It should + /// only be called by the macros in this module. + #[inline] + pub unsafe fn forget(&self) { + self.1.set(false); + } +} + +impl Drop for DropGuard { + #[inline] + fn drop(&mut self) { + if self.1.get() { + // SAFETY: A `DropGuard` can only be constructed using the unsafe `new` function + // ensuring that this operation is safe. + unsafe { ptr::drop_in_place(self.0) } + } + } +} diff --git a/rust/kernel/init/macros.rs b/rust/kernel/init/macros.rs new file mode 100644 index 000000000000..e27c309c7ffd --- /dev/null +++ b/rust/kernel/init/macros.rs @@ -0,0 +1,707 @@ +// SPDX-License-Identifier: Apache-2.0 OR MIT + +//! This module provides the macros that actually implement the proc-macros `pin_data` and +//! `pinned_drop`. +//! +//! These macros should never be called directly, since they expect their input to be +//! in a certain format which is internal. Use the proc-macros instead. +//! +//! This architecture has been chosen because the kernel does not yet have access to `syn` which +//! would make matters a lot easier for implementing these as proc-macros. +//! +//! # Macro expansion example +//! +//! This section is intended for readers trying to understand the macros in this module and the +//! `pin_init!` macros from `init.rs`. +//! +//! We will look at the following example: +//! +//! ```rust +//! # use kernel::init::*; +//! #[pin_data] +//! #[repr(C)] +//! struct Bar { +//! #[pin] +//! t: T, +//! pub x: usize, +//! } +//! +//! impl Bar { +//! fn new(t: T) -> impl PinInit { +//! pin_init!(Self { t, x: 0 }) +//! } +//! } +//! ``` +//! +//! This example includes the most common and important features of the pin-init API. +//! +//! Below you can find individual section about the different macro invocations. Here are some +//! general things we need to take into account when designing macros: +//! - use global paths, similarly to file paths, these start with the separator: `::core::panic!()` +//! this ensures that the correct item is used, since users could define their own `mod core {}` +//! and then their own `panic!` inside to execute arbitrary code inside of our macro. +//! - macro `unsafe` hygene: we need to ensure that we do not expand arbitrary, user-supplied +//! expressions inside of an `unsafe` block in the macro, because this would allow users to do +//! `unsafe` operations without an associated `unsafe` block. +//! +//! ## `#[pin_data]` on `Bar` +//! +//! This macro is used to specify which fields are structurally pinned and which fields are not. It +//! is placed on the struct definition and allows `#[pin]` to be placed on the fields. +//! +//! Here is the definition of `Bar` from our example: +//! +//! ```rust +//! # use kernel::init::*; +//! #[pin_data] +//! #[repr(C)] +//! struct Bar { +//! t: T, +//! pub x: usize, +//! } +//! ``` +//! +//! This expands to the following code: +//! +//! ```rust +//! // Firstly the normal definition of the struct, attributes are preserved: +//! #[repr(C)] +//! struct Bar { +//! t: T, +//! pub x: usize, +//! } +//! // Then an anonymous constant is defined, this is because we do not want any code to access the +//! // types that we define inside: +//! const _: () = { +//! // We define the pin-data carrying struct, it is a ZST and needs to have the same generics, +//! // since we need to implement access functions for each field and thus need to know its +//! // type. +//! struct __ThePinData { +//! __phantom: ::core::marker::PhantomData) -> Bar>, +//! } +//! // We implement `Copy` for the pin-data struct, since all functions it defines will take +//! // `self` by value. +//! impl ::core::clone::Clone for __ThePinData { +//! fn clone(&self) -> Self { +//! *self +//! } +//! } +//! impl ::core::marker::Copy for __ThePinData {} +//! // For every field of `Bar`, the pin-data struct will define a function with the same name +//! // and accessor (`pub` or `pub(crate)` etc.). This function will take a pointer to the +//! // field (`slot`) and a `PinInit` or `Init` depending on the projection kind of the field +//! // (if pinning is structural for the field, then `PinInit` otherwise `Init`). +//! #[allow(dead_code)] +//! impl __ThePinData { +//! unsafe fn t( +//! self, +//! slot: *mut T, +//! init: impl ::kernel::init::Init, +//! ) -> ::core::result::Result<(), E> { +//! unsafe { ::kernel::init::Init::__init(init, slot) } +//! } +//! pub unsafe fn x( +//! self, +//! slot: *mut usize, +//! init: impl ::kernel::init::Init, +//! ) -> ::core::result::Result<(), E> { +//! unsafe { ::kernel::init::Init::__init(init, slot) } +//! } +//! } +//! // Implement the internal `HasPinData` trait that associates `Bar` with the pin-data struct +//! // that we constructed beforehand. +//! unsafe impl ::kernel::init::__internal::HasPinData for Bar { +//! type PinData = __ThePinData; +//! unsafe fn __pin_data() -> Self::PinData { +//! __ThePinData { +//! __phantom: ::core::marker::PhantomData, +//! } +//! } +//! } +//! // Implement the internal `PinData` trait that marks the pin-data struct as a pin-data +//! // struct. This is important to ensure that no user can implement a rouge `__pin_data` +//! // function without using `unsafe`. +//! unsafe impl ::kernel::init::__internal::PinData for __ThePinData { +//! type Datee = Bar; +//! } +//! // Now we only want to implement `Unpin` for `Bar` when every structurally pinned field is +//! // `Unpin`. In other words, whether `Bar` is `Unpin` only depends on structurally pinned +//! // fields (those marked with `#[pin]`). These fields will be listed in this struct, in our +//! // case no such fields exist, hence this is almost empty. The two phantomdata fields exist +//! // for two reasons: +//! // - `__phantom`: every generic must be used, since we cannot really know which generics +//! // are used, we declere all and then use everything here once. +//! // - `__phantom_pin`: uses the `'__pin` lifetime and ensures that this struct is invariant +//! // over it. The lifetime is needed to work around the limitation that trait bounds must +//! // not be trivial, e.g. the user has a `#[pin] PhantomPinned` field -- this is +//! // unconditionally `!Unpin` and results in an error. The lifetime tricks the compiler +//! // into accepting these bounds regardless. +//! #[allow(dead_code)] +//! struct __Unpin<'__pin, T> { +//! __phantom_pin: ::core::marker::PhantomData &'__pin ()>, +//! __phantom: ::core::marker::PhantomData) -> Bar>, +//! } +//! #[doc(hidden)] +//! impl<'__pin, T> +//! ::core::marker::Unpin for Bar where __Unpin<'__pin, T>: ::core::marker::Unpin {} +//! // Now we need to ensure that `Bar` does not implement `Drop`, since that would give users +//! // access to `&mut self` inside of `drop` even if the struct was pinned. This could lead to +//! // UB with only safe code, so we disallow this by giving a trait implementation error using +//! // a direct impl and a blanket implementation. +//! trait MustNotImplDrop {} +//! // Normally `Drop` bounds do not have the correct semantics, but for this purpose they do +//! // (normally people want to know if a type has any kind of drop glue at all, here we want +//! // to know if it has any kind of custom drop glue, which is exactly what this bound does). +//! #[allow(drop_bounds)] +//! impl MustNotImplDrop for T {} +//! impl MustNotImplDrop for Bar {} +//! }; +//! ``` +//! +//! ## `pin_init!` in `impl Bar` +//! +//! This macro creates an pin-initializer for the given struct. It requires that the struct is +//! annotated by `#[pin_data]`. +//! +//! Here is the impl on `Bar` defining the new function: +//! +//! ```rust +//! impl Bar { +//! fn new(t: T) -> impl PinInit { +//! pin_init!(Self { t, x: 0 }) +//! } +//! } +//! ``` +//! +//! This expands to the following code: +//! +//! ```rust +//! impl Bar { +//! fn new(t: T) -> impl PinInit { +//! { +//! // We do not want to allow arbitrary returns, so we declare this type as the `Ok` +//! // return type and shadow it later when we insert the arbitrary user code. That way +//! // there will be no possibility of returning without `unsafe`. +//! struct __InitOk; +//! // Get the pin-data type from the initialized type. +//! // - the function is unsafe, hence the unsafe block +//! // - we `use` the `HasPinData` trait in the block, it is only available in that +//! // scope. +//! let data = unsafe { +//! use ::kernel::init::__internal::HasPinData; +//! Self::__pin_data() +//! }; +//! // Use `data` to help with type inference, the closure supplied will have the type +//! // `FnOnce(*mut Self) -> Result<__InitOk, Infallible>`. +//! let init = ::kernel::init::__internal::PinData::make_closure::< +//! _, +//! __InitOk, +//! ::core::convert::Infallible, +//! >(data, move |slot| { +//! { +//! // Shadow the structure so it cannot be used to return early. If a user +//! // tries to write `return Ok(__InitOk)`, then they get a type error, since +//! // that will refer to this struct instead of the one defined above. +//! struct __InitOk; +//! // This is the expansion of `t,`, which is syntactic sugar for `t: t,`. +//! unsafe { ::core::ptr::write(&raw mut (*slot).t, t) }; +//! // Since initialization could fail later (not in this case, since the error +//! // type is `Infallible`) we will need to drop this field if it fails. This +//! // `DropGuard` will drop the field when it gets dropped and has not yet +//! // been forgotten. We make a reference to it, so users cannot `mem::forget` +//! // it from the initializer, since the name is the same as the field. +//! let t = &unsafe { +//! ::kernel::init::__internal::DropGuard::new(&raw mut (*slot).t) +//! }; +//! // Expansion of `x: 0,`: +//! // Since this can be an arbitrary expression we cannot place it inside of +//! // the `unsafe` block, so we bind it here. +//! let x = 0; +//! unsafe { ::core::ptr::write(&raw mut (*slot).x, x) }; +//! let x = &unsafe { +//! ::kernel::init::__internal::DropGuard::new(&raw mut (*slot).x) +//! }; +//! +//! // Here we use the type checker to ensuer that every field has been +//! // initialized exactly once, since this is `if false` it will never get +//! // executed, but still type-checked. +//! // Additionally we abuse `slot` to automatically infer the correct type for +//! // the struct. This is also another check that every field is accessible +//! // from this scope. +//! #[allow(unreachable_code, clippy::diverging_sub_expression)] +//! if false { +//! unsafe { +//! ::core::ptr::write( +//! slot, +//! Self { +//! // We only care about typecheck finding every field here, +//! // the expression does not matter, just conjure one using +//! // `panic!()`: +//! t: ::core::panic!(), +//! x: ::core::panic!(), +//! }, +//! ); +//! }; +//! } +//! // Since initialization has successfully completed, we can now forget the +//! // guards. +//! unsafe { ::kernel::init::__internal::DropGuard::forget(t) }; +//! unsafe { ::kernel::init::__internal::DropGuard::forget(x) }; +//! } +//! // We leave the scope above and gain access to the previously shadowed +//! // `__InitOk` that we need to return. +//! Ok(__InitOk) +//! }); +//! // Change the return type of the closure. +//! let init = move |slot| -> ::core::result::Result<(), ::core::convert::Infallible> { +//! init(slot).map(|__InitOk| ()) +//! }; +//! // Construct the initializer. +//! let init = unsafe { +//! ::kernel::init::pin_init_from_closure::<_, ::core::convert::Infallible>(init) +//! }; +//! init +//! } +//! } +//! } +//! ``` + +/// This macro first parses the struct definition such that it separates pinned and not pinned +/// fields. Afterwards it declares the struct and implement the `PinData` trait safely. +#[doc(hidden)] +#[macro_export] +macro_rules! __pin_data { + // Proc-macro entry point, this is supplied by the proc-macro pre-parsing. + (parse_input: + @args($($pinned_drop:ident)?), + @sig( + $(#[$($struct_attr:tt)*])* + $vis:vis struct $name:ident + $(where $($whr:tt)*)? + ), + @impl_generics($($impl_generics:tt)*), + @ty_generics($($ty_generics:tt)*), + @body({ $($fields:tt)* }), + ) => { + // We now use token munching to iterate through all of the fields. While doing this we + // identify fields marked with `#[pin]`, these fields are the 'pinned fields'. The user + // wants these to be structurally pinned. The rest of the fields are the + // 'not pinned fields'. Additionally we collect all fields, since we need them in the right + // order to declare the struct. + // + // In this call we also put some explaining comments for the parameters. + $crate::__pin_data!(find_pinned_fields: + // Attributes on the struct itself, these will just be propagated to be put onto the + // struct definition. + @struct_attrs($(#[$($struct_attr)*])*), + // The visibility of the struct. + @vis($vis), + // The name of the struct. + @name($name), + // The 'impl generics', the generics that will need to be specified on the struct inside + // of an `impl<$ty_generics>` block. + @impl_generics($($impl_generics)*), + // The 'ty generics', the generics that will need to be specified on the impl blocks. + @ty_generics($($ty_generics)*), + // The where clause of any impl block and the declaration. + @where($($($whr)*)?), + // The remaining fields tokens that need to be processed. + // We add a `,` at the end to ensure correct parsing. + @fields_munch($($fields)* ,), + // The pinned fields. + @pinned(), + // The not pinned fields. + @not_pinned(), + // All fields. + @fields(), + // The accumulator containing all attributes already parsed. + @accum(), + // Contains `yes` or `` to indicate if `#[pin]` was found on the current field. + @is_pinned(), + // The proc-macro argument, this should be `PinnedDrop` or ``. + @pinned_drop($($pinned_drop)?), + ); + }; + (find_pinned_fields: + @struct_attrs($($struct_attrs:tt)*), + @vis($vis:vis), + @name($name:ident), + @impl_generics($($impl_generics:tt)*), + @ty_generics($($ty_generics:tt)*), + @where($($whr:tt)*), + // We found a PhantomPinned field, this should generally be pinned! + @fields_munch($field:ident : $($($(::)?core::)?marker::)?PhantomPinned, $($rest:tt)*), + @pinned($($pinned:tt)*), + @not_pinned($($not_pinned:tt)*), + @fields($($fields:tt)*), + @accum($($accum:tt)*), + // This field is not pinned. + @is_pinned(), + @pinned_drop($($pinned_drop:ident)?), + ) => { + ::core::compile_error!(concat!( + "The field `", + stringify!($field), + "` of type `PhantomPinned` only has an effect, if it has the `#[pin]` attribute.", + )); + $crate::__pin_data!(find_pinned_fields: + @struct_attrs($($struct_attrs)*), + @vis($vis), + @name($name), + @impl_generics($($impl_generics)*), + @ty_generics($($ty_generics)*), + @where($($whr)*), + @fields_munch($($rest)*), + @pinned($($pinned)* $($accum)* $field: ::core::marker::PhantomPinned,), + @not_pinned($($not_pinned)*), + @fields($($fields)* $($accum)* $field: ::core::marker::PhantomPinned,), + @accum(), + @is_pinned(), + @pinned_drop($($pinned_drop)?), + ); + }; + (find_pinned_fields: + @struct_attrs($($struct_attrs:tt)*), + @vis($vis:vis), + @name($name:ident), + @impl_generics($($impl_generics:tt)*), + @ty_generics($($ty_generics:tt)*), + @where($($whr:tt)*), + // We reached the field declaration. + @fields_munch($field:ident : $type:ty, $($rest:tt)*), + @pinned($($pinned:tt)*), + @not_pinned($($not_pinned:tt)*), + @fields($($fields:tt)*), + @accum($($accum:tt)*), + // This field is pinned. + @is_pinned(yes), + @pinned_drop($($pinned_drop:ident)?), + ) => { + $crate::__pin_data!(find_pinned_fields: + @struct_attrs($($struct_attrs)*), + @vis($vis), + @name($name), + @impl_generics($($impl_generics)*), + @ty_generics($($ty_generics)*), + @where($($whr)*), + @fields_munch($($rest)*), + @pinned($($pinned)* $($accum)* $field: $type,), + @not_pinned($($not_pinned)*), + @fields($($fields)* $($accum)* $field: $type,), + @accum(), + @is_pinned(), + @pinned_drop($($pinned_drop)?), + ); + }; + (find_pinned_fields: + @struct_attrs($($struct_attrs:tt)*), + @vis($vis:vis), + @name($name:ident), + @impl_generics($($impl_generics:tt)*), + @ty_generics($($ty_generics:tt)*), + @where($($whr:tt)*), + // We reached the field declaration. + @fields_munch($field:ident : $type:ty, $($rest:tt)*), + @pinned($($pinned:tt)*), + @not_pinned($($not_pinned:tt)*), + @fields($($fields:tt)*), + @accum($($accum:tt)*), + // This field is not pinned. + @is_pinned(), + @pinned_drop($($pinned_drop:ident)?), + ) => { + $crate::__pin_data!(find_pinned_fields: + @struct_attrs($($struct_attrs)*), + @vis($vis), + @name($name), + @impl_generics($($impl_generics)*), + @ty_generics($($ty_generics)*), + @where($($whr)*), + @fields_munch($($rest)*), + @pinned($($pinned)*), + @not_pinned($($not_pinned)* $($accum)* $field: $type,), + @fields($($fields)* $($accum)* $field: $type,), + @accum(), + @is_pinned(), + @pinned_drop($($pinned_drop)?), + ); + }; + (find_pinned_fields: + @struct_attrs($($struct_attrs:tt)*), + @vis($vis:vis), + @name($name:ident), + @impl_generics($($impl_generics:tt)*), + @ty_generics($($ty_generics:tt)*), + @where($($whr:tt)*), + // We found the `#[pin]` attr. + @fields_munch(#[pin] $($rest:tt)*), + @pinned($($pinned:tt)*), + @not_pinned($($not_pinned:tt)*), + @fields($($fields:tt)*), + @accum($($accum:tt)*), + @is_pinned($($is_pinned:ident)?), + @pinned_drop($($pinned_drop:ident)?), + ) => { + $crate::__pin_data!(find_pinned_fields: + @struct_attrs($($struct_attrs)*), + @vis($vis), + @name($name), + @impl_generics($($impl_generics)*), + @ty_generics($($ty_generics)*), + @where($($whr)*), + @fields_munch($($rest)*), + // We do not include `#[pin]` in the list of attributes, since it is not actually an + // attribute that is defined somewhere. + @pinned($($pinned)*), + @not_pinned($($not_pinned)*), + @fields($($fields)*), + @accum($($accum)*), + // Set this to `yes`. + @is_pinned(yes), + @pinned_drop($($pinned_drop)?), + ); + }; + (find_pinned_fields: + @struct_attrs($($struct_attrs:tt)*), + @vis($vis:vis), + @name($name:ident), + @impl_generics($($impl_generics:tt)*), + @ty_generics($($ty_generics:tt)*), + @where($($whr:tt)*), + // We reached the field declaration with visibility, for simplicity we only munch the + // visibility and put it into `$accum`. + @fields_munch($fvis:vis $field:ident $($rest:tt)*), + @pinned($($pinned:tt)*), + @not_pinned($($not_pinned:tt)*), + @fields($($fields:tt)*), + @accum($($accum:tt)*), + @is_pinned($($is_pinned:ident)?), + @pinned_drop($($pinned_drop:ident)?), + ) => { + $crate::__pin_data!(find_pinned_fields: + @struct_attrs($($struct_attrs)*), + @vis($vis), + @name($name), + @impl_generics($($impl_generics)*), + @ty_generics($($ty_generics)*), + @where($($whr)*), + @fields_munch($field $($rest)*), + @pinned($($pinned)*), + @not_pinned($($not_pinned)*), + @fields($($fields)*), + @accum($($accum)* $fvis), + @is_pinned($($is_pinned)?), + @pinned_drop($($pinned_drop)?), + ); + }; + (find_pinned_fields: + @struct_attrs($($struct_attrs:tt)*), + @vis($vis:vis), + @name($name:ident), + @impl_generics($($impl_generics:tt)*), + @ty_generics($($ty_generics:tt)*), + @where($($whr:tt)*), + // Some other attribute, just put it into `$accum`. + @fields_munch(#[$($attr:tt)*] $($rest:tt)*), + @pinned($($pinned:tt)*), + @not_pinned($($not_pinned:tt)*), + @fields($($fields:tt)*), + @accum($($accum:tt)*), + @is_pinned($($is_pinned:ident)?), + @pinned_drop($($pinned_drop:ident)?), + ) => { + $crate::__pin_data!(find_pinned_fields: + @struct_attrs($($struct_attrs)*), + @vis($vis), + @name($name), + @impl_generics($($impl_generics)*), + @ty_generics($($ty_generics)*), + @where($($whr)*), + @fields_munch($($rest)*), + @pinned($($pinned)*), + @not_pinned($($not_pinned)*), + @fields($($fields)*), + @accum($($accum)* #[$($attr)*]), + @is_pinned($($is_pinned)?), + @pinned_drop($($pinned_drop)?), + ); + }; + (find_pinned_fields: + @struct_attrs($($struct_attrs:tt)*), + @vis($vis:vis), + @name($name:ident), + @impl_generics($($impl_generics:tt)*), + @ty_generics($($ty_generics:tt)*), + @where($($whr:tt)*), + // We reached the end of the fields, plus an optional additional comma, since we added one + // before and the user is also allowed to put a trailing comma. + @fields_munch($(,)?), + @pinned($($pinned:tt)*), + @not_pinned($($not_pinned:tt)*), + @fields($($fields:tt)*), + @accum(), + @is_pinned(), + @pinned_drop($($pinned_drop:ident)?), + ) => { + // Declare the struct with all fields in the correct order. + $($struct_attrs)* + $vis struct $name <$($impl_generics)*> + where $($whr)* + { + $($fields)* + } + + // We put the rest into this const item, because it then will not be accessible to anything + // outside. + const _: () = { + // We declare this struct which will host all of the projection function for our type. + // it will be invariant over all generic parameters which are inherited from the + // struct. + $vis struct __ThePinData<$($impl_generics)*> + where $($whr)* + { + __phantom: ::core::marker::PhantomData< + fn($name<$($ty_generics)*>) -> $name<$($ty_generics)*> + >, + } + + impl<$($impl_generics)*> ::core::clone::Clone for __ThePinData<$($ty_generics)*> + where $($whr)* + { + fn clone(&self) -> Self { *self } + } + + impl<$($impl_generics)*> ::core::marker::Copy for __ThePinData<$($ty_generics)*> + where $($whr)* + {} + + // Make all projection functions. + $crate::__pin_data!(make_pin_data: + @pin_data(__ThePinData), + @impl_generics($($impl_generics)*), + @ty_generics($($ty_generics)*), + @where($($whr)*), + @pinned($($pinned)*), + @not_pinned($($not_pinned)*), + ); + + // SAFETY: We have added the correct projection functions above to `__ThePinData` and + // we also use the least restrictive generics possible. + unsafe impl<$($impl_generics)*> + $crate::init::__internal::HasPinData for $name<$($ty_generics)*> + where $($whr)* + { + type PinData = __ThePinData<$($ty_generics)*>; + + unsafe fn __pin_data() -> Self::PinData { + __ThePinData { __phantom: ::core::marker::PhantomData } + } + } + + unsafe impl<$($impl_generics)*> + $crate::init::__internal::PinData for __ThePinData<$($ty_generics)*> + where $($whr)* + { + type Datee = $name<$($ty_generics)*>; + } + + // This struct will be used for the unpin analysis. Since only structurally pinned + // fields are relevant whether the struct should implement `Unpin`. + #[allow(dead_code)] + struct __Unpin <'__pin, $($impl_generics)*> + where $($whr)* + { + __phantom_pin: ::core::marker::PhantomData &'__pin ()>, + __phantom: ::core::marker::PhantomData< + fn($name<$($ty_generics)*>) -> $name<$($ty_generics)*> + >, + // Only the pinned fields. + $($pinned)* + } + + #[doc(hidden)] + impl<'__pin, $($impl_generics)*> ::core::marker::Unpin for $name<$($ty_generics)*> + where + __Unpin<'__pin, $($ty_generics)*>: ::core::marker::Unpin, + $($whr)* + {} + + // We need to disallow normal `Drop` implementation, the exact behavior depends on + // whether `PinnedDrop` was specified as the parameter. + $crate::__pin_data!(drop_prevention: + @name($name), + @impl_generics($($impl_generics)*), + @ty_generics($($ty_generics)*), + @where($($whr)*), + @pinned_drop($($pinned_drop)?), + ); + }; + }; + // When no `PinnedDrop` was specified, then we have to prevent implementing drop. + (drop_prevention: + @name($name:ident), + @impl_generics($($impl_generics:tt)*), + @ty_generics($($ty_generics:tt)*), + @where($($whr:tt)*), + @pinned_drop(), + ) => { + // We prevent this by creating a trait that will be implemented for all types implementing + // `Drop`. Additionally we will implement this trait for the struct leading to a conflict, + // if it also implements `Drop` + trait MustNotImplDrop {} + #[allow(drop_bounds)] + impl MustNotImplDrop for T {} + impl<$($impl_generics)*> MustNotImplDrop for $name<$($ty_generics)*> + where $($whr)* {} + }; + // If some other parameter was specified, we emit a readable error. + (drop_prevention: + @name($name:ident), + @impl_generics($($impl_generics:tt)*), + @ty_generics($($ty_generics:tt)*), + @where($($whr:tt)*), + @pinned_drop($($rest:tt)*), + ) => { + compile_error!( + "Wrong parameters to `#[pin_data]`, expected nothing or `PinnedDrop`, got '{}'.", + stringify!($($rest)*), + ); + }; + (make_pin_data: + @pin_data($pin_data:ident), + @impl_generics($($impl_generics:tt)*), + @ty_generics($($ty_generics:tt)*), + @where($($whr:tt)*), + @pinned($($(#[$($p_attr:tt)*])* $pvis:vis $p_field:ident : $p_type:ty),* $(,)?), + @not_pinned($($(#[$($attr:tt)*])* $fvis:vis $field:ident : $type:ty),* $(,)?), + ) => { + // For every field, we create a projection function according to its projection type. If a + // field is structurally pinned, then it must be initialized via `PinInit`, if it is not + // structurally pinned, then it can be initialized via `Init`. + // + // The functions are `unsafe` to prevent accidentally calling them. + #[allow(dead_code)] + impl<$($impl_generics)*> $pin_data<$($ty_generics)*> + where $($whr)* + { + $( + $pvis unsafe fn $p_field( + self, + slot: *mut $p_type, + init: impl $crate::init::PinInit<$p_type, E>, + ) -> ::core::result::Result<(), E> { + unsafe { $crate::init::PinInit::__pinned_init(init, slot) } + } + )* + $( + $fvis unsafe fn $field( + self, + slot: *mut $type, + init: impl $crate::init::Init<$type, E>, + ) -> ::core::result::Result<(), E> { + unsafe { $crate::init::Init::__init(init, slot) } + } + )* + } + }; +} diff --git a/rust/macros/lib.rs b/rust/macros/lib.rs index 82b520f024dd..4def038fe71a 100644 --- a/rust/macros/lib.rs +++ b/rust/macros/lib.rs @@ -7,6 +7,7 @@ mod quote; mod concat_idents; mod helpers; mod module; +mod pin_data; mod vtable; use proc_macro::TokenStream; @@ -168,3 +169,31 @@ pub fn vtable(attr: TokenStream, ts: TokenStream) -> TokenStream { pub fn concat_idents(ts: TokenStream) -> TokenStream { concat_idents::concat_idents(ts) } + +/// Used to specify the pinning information of the fields of a struct. +/// +/// This is somewhat similar in purpose as +/// [pin-project-lite](https://crates.io/crates/pin-project-lite). +/// Place this macro on a struct definition and then `#[pin]` in front of the attributes of each +/// field you want to structurally pin. +/// +/// This macro enables the use of the [`pin_init!`] macro. When pin-initializing a `struct`, +/// then `#[pin]` directs the type of intializer that is required. +/// +/// # Examples +/// +/// ```rust,ignore +/// #[pin_data] +/// struct DriverData { +/// #[pin] +/// queue: Mutex>, +/// buf: Box<[u8; 1024 * 1024]>, +/// } +/// ``` +/// +/// [`pin_init!`]: ../kernel/macro.pin_init.html +// ^ cannot use direct link, since `kernel` is not a dependency of `macros`. +#[proc_macro_attribute] +pub fn pin_data(inner: TokenStream, item: TokenStream) -> TokenStream { + pin_data::pin_data(inner, item) +} diff --git a/rust/macros/pin_data.rs b/rust/macros/pin_data.rs new file mode 100644 index 000000000000..954149d77181 --- /dev/null +++ b/rust/macros/pin_data.rs @@ -0,0 +1,79 @@ +// SPDX-License-Identifier: Apache-2.0 OR MIT + +use proc_macro::{Punct, Spacing, TokenStream, TokenTree}; + +pub(crate) fn pin_data(args: TokenStream, input: TokenStream) -> TokenStream { + // This proc-macro only does some pre-parsing and then delegates the actual parsing to + // `kernel::__pin_data!`. + // + // In here we only collect the generics, since parsing them in declarative macros is very + // elaborate. We also do not need to analyse their structure, we only need to collect them. + + // `impl_generics`, the declared generics with their bounds. + let mut impl_generics = vec![]; + // Only the names of the generics, without any bounds. + let mut ty_generics = vec![]; + // Tokens not related to the generics e.g. the `impl` token. + let mut rest = vec![]; + // The current level of `<`. + let mut nesting = 0; + let mut toks = input.into_iter(); + // If we are at the beginning of a generic parameter. + let mut at_start = true; + for tt in &mut toks { + match tt.clone() { + TokenTree::Punct(p) if p.as_char() == '<' => { + if nesting >= 1 { + impl_generics.push(tt); + } + nesting += 1; + } + TokenTree::Punct(p) if p.as_char() == '>' => { + if nesting == 0 { + break; + } else { + nesting -= 1; + if nesting >= 1 { + impl_generics.push(tt); + } + if nesting == 0 { + break; + } + } + } + tt => { + if nesting == 1 { + match &tt { + TokenTree::Ident(i) if i.to_string() == "const" => {} + TokenTree::Ident(_) if at_start => { + ty_generics.push(tt.clone()); + ty_generics.push(TokenTree::Punct(Punct::new(',', Spacing::Alone))); + at_start = false; + } + TokenTree::Punct(p) if p.as_char() == ',' => at_start = true, + TokenTree::Punct(p) if p.as_char() == '\'' && at_start => { + ty_generics.push(tt.clone()); + } + _ => {} + } + } + if nesting >= 1 { + impl_generics.push(tt); + } else if nesting == 0 { + rest.push(tt); + } + } + } + } + rest.extend(toks); + // This should be the body of the struct `{...}`. + let last = rest.pop(); + quote!(::kernel::__pin_data! { + parse_input: + @args(#args), + @sig(#(#rest)*), + @impl_generics(#(#impl_generics)*), + @ty_generics(#(#ty_generics)*), + @body(#last), + }) +} diff --git a/rust/macros/quote.rs b/rust/macros/quote.rs index 94a6277182ee..c8e08b3c1e4c 100644 --- a/rust/macros/quote.rs +++ b/rust/macros/quote.rs @@ -38,7 +38,6 @@ impl ToTokens for TokenStream { /// This is a similar to the /// [`quote_spanned!`](https://docs.rs/quote/latest/quote/macro.quote_spanned.html) macro from the /// `quote` crate but provides only just enough functionality needed by the current `macros` crate. -#[allow(unused_macros)] macro_rules! quote_spanned { ($span:expr => $($tt:tt)*) => { #[allow(clippy::vec_init_then_push)] @@ -137,7 +136,6 @@ macro_rules! quote_spanned { /// `macros` crate. /// /// [`Span::mixed_site()`]: https://doc.rust-lang.org/proc_macro/struct.Span.html#method.mixed_site -#[allow(unused_macros)] macro_rules! quote { ($($tt:tt)*) => { quote_spanned!(::proc_macro::Span::mixed_site() => $($tt)*) From patchwork Fri Mar 31 21:53:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: y86-dev X-Patchwork-Id: 78003 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp870471vqo; Fri, 31 Mar 2023 15:11:42 -0700 (PDT) X-Google-Smtp-Source: AKy350amSIrFoBr7IH5c6zVXdom15CIWRsTsHlEszusmztqt2xq2LzjN3j9NHcQCwkO3SKim3j3m X-Received: by 2002:a17:906:55cd:b0:933:1134:be1e with SMTP id z13-20020a17090655cd00b009331134be1emr26160424ejp.53.1680300702150; Fri, 31 Mar 2023 15:11:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680300702; cv=none; d=google.com; s=arc-20160816; b=pcjxpW6sNUABJ7kAEZFhXptapmootLWZ7RBmXvO4qyEzdd/11DToSngMhY8nFV11L4 bnybgHyjJRsKuSZ41tTDVxCeuLYftgEZFHBp63cjRZGtmcuzCK/Obv/tK0sKg5dp6y07 F//kI0moIPoUJyEA8P/BJXM2YDleNKFuSyKIkj91xb31qAgh+Mq2PbuhFWFkLBdZ7Ahi r9TNH/W0cS9VarOpKZRLs7khX3Y4Vnsxaiu+0lB6pXmUHtzMxOPAXCvrSJonOXVSDK2B tNARsvDPi3QM6SBzfwCcCJLoVh2SlIsSSpf6n7fcWTBKl9OLfLRpqbFQrkVPp1kcQ7Wz tPyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :feedback-id:message-id:subject:cc:from:to:dkim-signature:date; bh=DPTzK+Qui1IJXTgvMYy9gbdRtBobG73CivdLCgcwUrA=; b=lYyRTdK7OoFzrgRrL3KN03mVq6KUEnrHntfP7kvrzQH1CSM9vA9NmLwtpkp61ohQRx V/gpCnZj2crt/Xszs/7nsojIDCSkA5grK3li5V6NPXifC2RJjOIWWdJOIaTJZLuTWig7 z8xTSKaNmWk8pzVpvuQGzPZ24XLdVFpnWT+nnUxEjShYhST9Izxs5zFv60/mtbB7qQMh RWZsSE5eowbTm0hFxY/8696vNa6Pd5mZ1AdWzMAKID3fvVIKlPGv3RV5Zny+lyp1984R crufFrelj4nq+Tq9gB24EydjrVZymH5H8IheG0N6CwfgOQioe05/ulPn6pBYe0CjCTkv 8eDQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=GJKpOeXl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x9-20020a170906134900b008cc8a6fea26si2875219ejb.561.2023.03.31.15.11.18; Fri, 31 Mar 2023 15:11:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=GJKpOeXl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233376AbjCaVzC (ORCPT + 99 others); Fri, 31 Mar 2023 17:55:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46806 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233297AbjCaVyl (ORCPT ); Fri, 31 Mar 2023 17:54:41 -0400 Received: from mail-40133.protonmail.ch (mail-40133.protonmail.ch [185.70.40.133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D281221ABA; Fri, 31 Mar 2023 14:54:01 -0700 (PDT) Date: Fri, 31 Mar 2023 21:53:25 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1680299614; x=1680558814; bh=DPTzK+Qui1IJXTgvMYy9gbdRtBobG73CivdLCgcwUrA=; h=Date:To:From:Cc:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector; b=GJKpOeXlyfaIGROdt2A8y+Ftn/Jd2JxDZTszCitNIuOOeDCJb0m8PjU1KZ8Qe6nMg N574iFyvm1sGmspnBarR5Da/i93FbOzPe/mBjs/BkNWW3w1FtygzX2xOePNjMDiEL2 3e9MynpzyOPJpBzR/qfbMg+tmeC/xSImhXv34r580U9eu7FjAeQitSN/izDpu5FAp8 OuJvpogDGDVLjlbxYzwvjjv0MKZGn+ZaZqD/sJDrMUceazE6id61jLDU0eQUiykCt8 edbHUtSZ7rKWBbLXakNTqTbg8ss2GJhF3Er6zwmGIltxGNO0o56blGbLMNLB6U/htB P9kfOVaHuVNGw== To: Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Alice Ryhl From: y86-dev@protonmail.com Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, patches@lists.linux.dev, Benno Lossin , Andreas Hindborg , Alice Ryhl Subject: [PATCH v4 08/15] rust: init/sync: add `InPlaceInit` trait to pin-initialize smart pointers Message-ID: <20230331215053.585759-9-y86-dev@protonmail.com> Feedback-ID: 40624463:user:proton MIME-Version: 1.0 X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_MSPIKE_H2, SPF_HELO_PASS,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1761922988788827173?= X-GMAIL-MSGID: =?utf-8?q?1761922988788827173?= From: Benno Lossin The `InPlaceInit` trait that provides two functions, for initializing using `PinInit` and `Init`. It is implemented by `Arc`, `UniqueArc` and `Box`. Signed-off-by: Benno Lossin Cc: Andreas Hindborg Cc: Alice Ryhl Cc: Gary Guo --- rust/kernel/init.rs | 128 ++++++++++++++++++++++++++++++++++++---- rust/kernel/sync/arc.rs | 23 ++++++++ 2 files changed, 138 insertions(+), 13 deletions(-) -- 2.39.2 diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs index 14cc5d2dafef..cf2b9ee6ce0e 100644 --- a/rust/kernel/init.rs +++ b/rust/kernel/init.rs @@ -114,10 +114,16 @@ //! [`impl Init`]: Init //! [`Opaque`]: kernel::types::Opaque //! [`pin_data`]: ::macros::pin_data -//! [`UniqueArc`]: kernel::sync::UniqueArc +use crate::{ + error::{self, Error}, + sync::UniqueArc, +}; use alloc::boxed::Box; -use core::{cell::Cell, convert::Infallible, marker::PhantomData, mem::MaybeUninit, ptr}; +use core::{ + alloc::AllocError, cell::Cell, convert::Infallible, marker::PhantomData, mem::MaybeUninit, + pin::Pin, ptr, +}; #[doc(hidden)] pub mod __internal; @@ -309,7 +315,6 @@ pub mod macros; /// /// [`try_pin_init!`]: kernel::try_pin_init /// [`NonNull`]: core::ptr::NonNull -/// [`Error`]: kernel::error::Error // For a detailed example of how this macro works, see the module documentation of the hidden // module `__internal` inside of `init/__internal.rs`. #[macro_export] @@ -363,8 +368,6 @@ macro_rules! pin_init { /// } /// } /// ``` -/// -/// [`Error`]: kernel::error::Error // For a detailed example of how this macro works, see the module documentation of the hidden // module `__internal` inside of `init/__internal.rs`. #[macro_export] @@ -586,8 +589,6 @@ macro_rules! try_pin_init { /// /// This initializer is for initializing data in-place that might later be moved. If you want to /// pin-initialize, use [`pin_init!`]. -/// -/// [`Error`]: kernel::error::Error // For a detailed example of how this macro works, see the module documentation of the hidden // module `__internal` inside of `init/__internal.rs`. #[macro_export] @@ -638,8 +639,6 @@ macro_rules! init { /// } /// } /// ``` -/// -/// [`Error`]: kernel::error::Error // For a detailed example of how this macro works, see the module documentation of the hidden // module `__internal` inside of `init/__internal.rs`. #[macro_export] @@ -845,7 +844,8 @@ macro_rules! try_init { /// A pin-initializer for the type `T`. /// /// To use this initializer, you will need a suitable memory location that can hold a `T`. This can -/// be [`Box`], [`Arc`], [`UniqueArc`]. +/// be [`Box`], [`Arc`], [`UniqueArc`]. Use the [`InPlaceInit::pin_init`] function of a +/// smart pointer like [`Arc`] on this. /// /// Also see the [module description](self). /// @@ -864,7 +864,6 @@ macro_rules! try_init { /// /// [`Arc`]: crate::sync::Arc /// [`Arc::pin_init`]: crate::sync::Arc::pin_init -/// [`UniqueArc`]: kernel::sync::UniqueArc #[must_use = "An initializer must be used in order to create its value."] pub unsafe trait PinInit: Sized { /// Initializes `slot`. @@ -881,7 +880,8 @@ pub unsafe trait PinInit: Sized { /// An initializer for `T`. /// /// To use this initializer, you will need a suitable memory location that can hold a `T`. This can -/// be [`Box`], [`Arc`], [`UniqueArc`]. Because [`PinInit`] is a super trait, you can +/// be [`Box`], [`Arc`], [`UniqueArc`]. Use the [`InPlaceInit::init`] function of a smart +/// pointer like [`Arc`] on this. Because [`PinInit`] is a super trait, you can /// use every function that takes it as well. /// /// Also see the [module description](self). @@ -906,7 +906,6 @@ pub unsafe trait PinInit: Sized { /// move the pointee after initialization. /// /// [`Arc`]: crate::sync::Arc -/// [`UniqueArc`]: kernel::sync::UniqueArc #[must_use = "An initializer must be used in order to create its value."] pub unsafe trait Init: PinInit { /// Initializes `slot`. @@ -981,3 +980,106 @@ unsafe impl Init for T { Ok(()) } } + +/// Smart pointer that can initialize memory in-place. +pub trait InPlaceInit: Sized { + /// Use the given pin-initializer to pin-initialize a `T` inside of a new smart pointer of this + /// type. + /// + /// If `T: !Unpin` it will not be able to move afterwards. + fn try_pin_init(init: impl PinInit) -> Result, E> + where + E: From; + + /// Use the given pin-initializer to pin-initialize a `T` inside of a new smart pointer of this + /// type. + /// + /// If `T: !Unpin` it will not be able to move afterwards. + fn pin_init(init: impl PinInit) -> error::Result> + where + Error: From, + { + // SAFETY: We delegate to `init` and only change the error type. + let init = unsafe { + pin_init_from_closure(|slot| init.__pinned_init(slot).map_err(|e| Error::from(e))) + }; + Self::try_pin_init(init) + } + + /// Use the given initializer to in-place initialize a `T`. + fn try_init(init: impl Init) -> Result + where + E: From; + + /// Use the given initializer to in-place initialize a `T`. + fn init(init: impl Init) -> error::Result + where + Error: From, + { + // SAFETY: We delegate to `init` and only change the error type. + let init = unsafe { + init_from_closure(|slot| init.__pinned_init(slot).map_err(|e| Error::from(e))) + }; + Self::try_init(init) + } +} + +impl InPlaceInit for Box { + #[inline] + fn try_pin_init(init: impl PinInit) -> Result, E> + where + E: From, + { + let mut this = Box::try_new_uninit()?; + let slot = this.as_mut_ptr(); + // SAFETY: When init errors/panics, slot will get deallocated but not dropped, + // slot is valid and will not be moved, because we pin it later. + unsafe { init.__pinned_init(slot)? }; + // SAFETY: All fields have been initialized. + Ok(unsafe { this.assume_init() }.into()) + } + + #[inline] + fn try_init(init: impl Init) -> Result + where + E: From, + { + let mut this = Box::try_new_uninit()?; + let slot = this.as_mut_ptr(); + // SAFETY: When init errors/panics, slot will get deallocated but not dropped, + // slot is valid. + unsafe { init.__init(slot)? }; + // SAFETY: All fields have been initialized. + Ok(unsafe { this.assume_init() }) + } +} + +impl InPlaceInit for UniqueArc { + #[inline] + fn try_pin_init(init: impl PinInit) -> Result, E> + where + E: From, + { + let mut this = UniqueArc::try_new_uninit()?; + let slot = this.as_mut_ptr(); + // SAFETY: When init errors/panics, slot will get deallocated but not dropped, + // slot is valid and will not be moved, because we pin it later. + unsafe { init.__pinned_init(slot)? }; + // SAFETY: All fields have been initialized. + Ok(unsafe { this.assume_init() }.into()) + } + + #[inline] + fn try_init(init: impl Init) -> Result + where + E: From, + { + let mut this = UniqueArc::try_new_uninit()?; + let slot = this.as_mut_ptr(); + // SAFETY: When init errors/panics, slot will get deallocated but not dropped, + // slot is valid. + unsafe { init.__init(slot)? }; + // SAFETY: All fields have been initialized. + Ok(unsafe { this.assume_init() }) + } +} diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index eee7008e5e3e..24dc96603090 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -17,6 +17,7 @@ use crate::{ bindings, + init::{InPlaceInit, Init, PinInit}, types::{ForeignOwnable, Opaque}, }; use alloc::boxed::Box; @@ -163,6 +164,28 @@ impl Arc { // `Arc` object. Ok(unsafe { Self::from_inner(Box::leak(inner).into()) }) } + + /// Use the given initializer to in-place initialize a `T`. + /// + /// If `T: !Unpin` it will not be able to move afterwards. + #[inline] + pub fn pin_init(init: impl PinInit) -> Result + where + Error: From, + { + UniqueArc::pin_init(init).map(|u| u.into()) + } + + /// Use the given initializer to in-place initialize a `T`. + /// + /// This is equivalent to [`pin_init`], since an [`Arc`] is always pinned. + #[inline] + pub fn init(init: impl Init) -> Result + where + Error: From, + { + UniqueArc::init(init).map(|u| u.into()) + } } impl Arc { From patchwork Fri Mar 31 21:53:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: y86-dev X-Patchwork-Id: 78018 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp876616vqo; Fri, 31 Mar 2023 15:24:58 -0700 (PDT) X-Google-Smtp-Source: AK7set/eNGnTFC006rJMIVByVYoKDWF4DjOIJehsvDC9uFGd8q1IHgAHamM2XCIkvgIDZbclZN2c X-Received: by 2002:a05:6a20:92a4:b0:db:d9b6:7fad with SMTP id q36-20020a056a2092a400b000dbd9b67fadmr26185883pzg.6.1680301498059; Fri, 31 Mar 2023 15:24:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680301498; cv=none; d=google.com; s=arc-20160816; b=yrkbyAPBDRYMm6RXwHnLnEKhvvc6QTsH0Awo/+WN3gxp/xtsrqqMGjYLn8Y263NHl0 UUiiY4OBQH9A9sAwTOFdiYqD/DEU8PcetjpO2OF6dEtmKwigBjZprnayneQBNtTmn/Ha IYk6HoioDcZKwRi/ivp5g+h1q+xBGmH/qik8RPHLjKitglVwmuDy9Ju/fY6b0l2gH4bU jcUsP4MgtlPU6BZfyySZe+8XKKFP9Nq1Q574iHBqYTCkZ1anRABG+EzXDjuvqH5jGztc m/KzZjJmcJlkzLrmeR2WqfpuG41SWM9DzsGr+n9scqBVTQ6xEaxDal8F+KlfDjGQXw3v TO9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :feedback-id:message-id:subject:cc:from:to:dkim-signature:date; bh=wWMSdMXkhquoaO8JuT4ULTJBxQfocMe/i+cefmRTwNo=; b=W9OM0GY0ZwSHsXFQRyjA7DlM0ahxoR5OehVUsa/q4SWVmJaL0cNVLb7zRPGp8UzeLH qsGQtHr0aCILFB2nOvv5I1gnrBTOU8HWehCFteErBmmmt6DWNdkK1QXnVrCbbVtczNZE 0fEz0jtKWnuJkZOGSuMdcOmlZT86+82uso3vrvmS/p4is0hINZnCjND2mo4X1+0CRk4A lDb1311hRgCAGvzvOe7VJc7QAKS0bJDb3K/+SLP7thTgIDdtNRGzQ5M0EE3dAyfxNlcM g5Uqzo41jopDi7FPQ/OfUb02d8hTFSoriKVrthazRDRzQUp4EI9sr3En4jgeoeiwAxQW GvdQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=DLWY1cUA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w63-20020a638242000000b0050bef774fbfsi3264066pgd.838.2023.03.31.15.24.45; Fri, 31 Mar 2023 15:24:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=DLWY1cUA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233361AbjCaVz2 (ORCPT + 99 others); Fri, 31 Mar 2023 17:55:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46858 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233380AbjCaVzN (ORCPT ); Fri, 31 Mar 2023 17:55:13 -0400 Received: from mail-4316.protonmail.ch (mail-4316.protonmail.ch [185.70.43.16]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F2146265AB for ; Fri, 31 Mar 2023 14:54:17 -0700 (PDT) Date: Fri, 31 Mar 2023 21:53:38 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1680299627; x=1680558827; bh=wWMSdMXkhquoaO8JuT4ULTJBxQfocMe/i+cefmRTwNo=; h=Date:To:From:Cc:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector; b=DLWY1cUAYrYeRSDxwzBcd8T3SkLcYBMF/6mt3iGYecHC5+Tk1egjcvR4u3m62L25E y1ytgOIY7Ynx5RFVR8/bMaddCB0CTrjF+E8VI8hwyswuikBZ/0ssXLoisUgkVey/K2 8GgINcElY3sbAcF8V7bAGro/u1cIbuWYGcclHwEn86XJWgMMFebE0wq81AnTBdGsMZ mdSj24C7ZDqq9uN+TnCQW0RsIBAZUbYZpHCFMmzKAEbZKkEXFAU0Qmul5ECqXZpSIF xLDR5+eLPcjC4GBoXbcHfxrx2xduKLuZJd0Z1RkzDWO1yquL3wOfN/u7SiI7oYM0FS omY4a7gJuVLqg== To: Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Alice Ryhl From: y86-dev@protonmail.com Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, patches@lists.linux.dev, Benno Lossin , Alice Ryhl , Andreas Hindborg Subject: [PATCH v4 09/15] rust: init: add `PinnedDrop` trait and macros Message-ID: <20230331215053.585759-10-y86-dev@protonmail.com> Feedback-ID: 40624463:user:proton MIME-Version: 1.0 X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_MSPIKE_H2, SPF_HELO_PASS,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1761923823496676678?= X-GMAIL-MSGID: =?utf-8?q?1761923823496676678?= From: Benno Lossin The `PinnedDrop` trait that facilitates destruction of pinned types. It has to be implemented via the `#[pinned_drop]` macro, since the `drop` function should not be called by normal code, only by other destructors. It also only works on structs that are annotated with `#[pin_data(PinnedDrop)]`. Co-developed-by: Gary Guo Signed-off-by: Gary Guo Signed-off-by: Benno Lossin Cc: Alice Ryhl Cc: Andreas Hindborg --- rust/kernel/init.rs | 111 ++++++++++++++ rust/kernel/init/__internal.rs | 15 ++ rust/kernel/init/macros.rs | 264 +++++++++++++++++++++++++++++++++ rust/macros/lib.rs | 49 ++++++ rust/macros/pinned_drop.rs | 49 ++++++ 5 files changed, 488 insertions(+) create mode 100644 rust/macros/pinned_drop.rs -- 2.39.2 diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs index cf2b9ee6ce0e..a507536f1724 100644 --- a/rust/kernel/init.rs +++ b/rust/kernel/init.rs @@ -104,6 +104,78 @@ //! } //! ``` //! +//! ## Manual creation of an initializer +//! +//! Often when working with primitives the previous approaches are not sufficient. That is where +//! [`pin_init_from_closure()`] comes in. This `unsafe` function allows you to create a +//! [`impl PinInit`] directly from a closure. Of course you have to ensure that the closure +//! actually does the initialization in the correct way. Here are the things to look out for +//! (we are calling the parameter to the closure `slot`): +//! - when the closure returns `Ok(())`, then it has completed the initialization successfully, so +//! `slot` now contains a valid bit pattern for the type `T`, +//! - when the closure returns `Err(e)`, then the caller may deallocate the memory at `slot`, so +//! you need to take care to clean up anything if your initialization fails mid-way, +//! - you may assume that `slot` will stay pinned even after the closure returns until `drop` of +//! `slot` gets called. +//! +//! ```rust +//! use kernel::{prelude::*, init}; +//! use core::{ptr::addr_of_mut, marker::PhantomPinned, pin::Pin}; +//! # mod bindings { +//! # pub struct foo; +//! # pub unsafe fn init_foo(_ptr: *mut foo) {} +//! # pub unsafe fn destroy_foo(_ptr: *mut foo) {} +//! # pub unsafe fn enable_foo(_ptr: *mut foo, _flags: u32) -> i32 { 0 } +//! # } +//! /// # Invariants +//! /// +//! /// `foo` is always initialized +//! #[pin_data(PinnedDrop)] +//! pub struct RawFoo { +//! #[pin] +//! foo: Opaque, +//! #[pin] +//! _p: PhantomPinned, +//! } +//! +//! impl RawFoo { +//! pub fn new(flags: u32) -> impl PinInit { +//! // SAFETY: +//! // - when the closure returns `Ok(())`, then it has successfully initialized and +//! // enabled `foo`, +//! // - when it returns `Err(e)`, then it has cleaned up before +//! unsafe { +//! init::pin_init_from_closure(move |slot: *mut Self| { +//! // `slot` contains uninit memory, avoid creating a reference. +//! let foo = addr_of_mut!((*slot).foo); +//! +//! // Initialize the `foo` +//! bindings::init_foo(Opaque::raw_get(foo)); +//! +//! // Try to enable it. +//! let err = bindings::enable_foo(Opaque::raw_get(foo), flags); +//! if err != 0 { +//! // Enabling has failed, first clean up the foo and then return the error. +//! bindings::destroy_foo(Opaque::raw_get(foo)); +//! return Err(Error::from_kernel_errno(err)); +//! } +//! +//! // All fields of `RawFoo` have been initialized, since `_p` is a ZST. +//! Ok(()) +//! }) +//! } +//! } +//! } +//! +//! #[pinned_drop] +//! impl PinnedDrop for RawFoo { +//! fn drop(self: Pin<&mut Self>) { +//! // SAFETY: Since `foo` is initialized, destroying is safe. +//! unsafe { bindings::destroy_foo(self.foo.get()) }; +//! } +//! } +//! ``` +//! //! [`sync`]: kernel::sync //! [pinning]: https://doc.rust-lang.org/std/pin/index.html //! [structurally pinned fields]: @@ -1083,3 +1155,42 @@ impl InPlaceInit for UniqueArc { Ok(unsafe { this.assume_init() }) } } + +/// Trait facilitating pinned destruction. +/// +/// Use [`pinned_drop`] to implement this trait safely: +/// +/// ```rust +/// # use kernel::sync::Mutex; +/// use kernel::macros::pinned_drop; +/// use core::pin::Pin; +/// #[pin_data(PinnedDrop)] +/// struct Foo { +/// #[pin] +/// mtx: Mutex, +/// } +/// +/// #[pinned_drop] +/// impl PinnedDrop for Foo { +/// fn drop(self: Pin<&mut Self>) { +/// pr_info!("Foo is being dropped!"); +/// } +/// } +/// ``` +/// +/// # Safety +/// +/// This trait must be implemented via the [`pinned_drop`] proc-macro attribute on the impl. +/// +/// [`pinned_drop`]: kernel::macros::pinned_drop +pub unsafe trait PinnedDrop: __internal::HasPinData { + /// Executes the pinned destructor of this type. + /// + /// While this function is marked safe, it is actually unsafe to call it manually. For this + /// reason it takes an additional parameter. This type can only be constructed by `unsafe` code + /// and thus prevents this function from being called where it should not. + /// + /// This extra parameter will be generated by the `#[pinned_drop]` proc-macro attribute + /// automatically. + fn drop(self: Pin<&mut Self>, only_call_from_drop: __internal::OnlyCallFromDrop); +} diff --git a/rust/kernel/init/__internal.rs b/rust/kernel/init/__internal.rs index 0105290250f8..4d13d0ef3b5e 100644 --- a/rust/kernel/init/__internal.rs +++ b/rust/kernel/init/__internal.rs @@ -167,3 +167,18 @@ impl Drop for DropGuard { } } } + +/// Token used by `PinnedDrop` to prevent calling the function without creating this unsafely +/// created struct. This is needed, because the `drop` function is safe, but should not be called +/// manually. +pub struct OnlyCallFromDrop(()); + +impl OnlyCallFromDrop { + /// # Safety + /// + /// This function should only be called from the [`Drop::drop`] function and only be used to + /// delegate the destruction to the pinned destructor [`PinnedDrop::drop`] of the same type. + pub unsafe fn new() -> Self { + Self(()) + } +} diff --git a/rust/kernel/init/macros.rs b/rust/kernel/init/macros.rs index e27c309c7ffd..7f9bf35ded3a 100644 --- a/rust/kernel/init/macros.rs +++ b/rust/kernel/init/macros.rs @@ -31,6 +31,26 @@ //! pin_init!(Self { t, x: 0 }) //! } //! } +//! +//! #[pin_data(PinnedDrop)] +//! struct Foo { +//! a: usize, +//! #[pin] +//! b: Bar, +//! } +//! +//! #[pinned_drop] +//! impl PinnedDrop for Foo { +//! fn drop(self: Pin<&mut Self>) { +//! println!("{self:p} is getting dropped."); +//! } +//! } +//! +//! let a = 42; +//! let initializer = pin_init!(Foo { +//! a, +//! b <- Bar::new(36), +//! }); //! ``` //! //! This example includes the most common and important features of the pin-init API. @@ -155,6 +175,14 @@ //! #[allow(drop_bounds)] //! impl MustNotImplDrop for T {} //! impl MustNotImplDrop for Bar {} +//! // Here comes a convenience check, if one implemented `PinnedDrop`, but forgot to add it to +//! // `#[pin_data]`, then this will error with the same mechanic as above, this is not needed +//! // for safety, but a good sanity check, since no normal code calls `PinnedDrop::drop`. +//! #[allow(non_camel_case_types)] +//! trait UselessPinnedDropImpl_you_need_to_specify_PinnedDrop {} +//! impl +//! UselessPinnedDropImpl_you_need_to_specify_PinnedDrop for T {} +//! impl UselessPinnedDropImpl_you_need_to_specify_PinnedDrop for Bar {} //! }; //! ``` //! @@ -265,6 +293,210 @@ //! } //! } //! ``` +//! +//! ## `#[pin_data]` on `Foo` +//! +//! Since we already took a look at `#[pin_data]` on `Bar`, this section will only explain the +//! differences/new things in the expansion of the `Foo` definition: +//! +//! ```rust +//! #[pin_data(PinnedDrop)] +//! struct Foo { +//! a: usize, +//! #[pin] +//! b: Bar, +//! } +//! ``` +//! +//! This expands to the following code: +//! +//! ```rust +//! struct Foo { +//! a: usize, +//! b: Bar, +//! } +//! const _: () = { +//! struct __ThePinData { +//! __phantom: ::core::marker::PhantomData Foo>, +//! } +//! impl ::core::clone::Clone for __ThePinData { +//! fn clone(&self) -> Self { +//! *self +//! } +//! } +//! impl ::core::marker::Copy for __ThePinData {} +//! #[allow(dead_code)] +//! impl __ThePinData { +//! unsafe fn b( +//! self, +//! slot: *mut Bar, +//! // Note that this is `PinInit` instead of `Init`, this is because `b` is +//! // structurally pinned, as marked by the `#[pin]` attribute. +//! init: impl ::kernel::init::PinInit, E>, +//! ) -> ::core::result::Result<(), E> { +//! unsafe { ::kernel::init::PinInit::__pinned_init(init, slot) } +//! } +//! unsafe fn a( +//! self, +//! slot: *mut usize, +//! init: impl ::kernel::init::Init, +//! ) -> ::core::result::Result<(), E> { +//! unsafe { ::kernel::init::Init::__init(init, slot) } +//! } +//! } +//! unsafe impl ::kernel::init::__internal::HasPinData for Foo { +//! type PinData = __ThePinData; +//! unsafe fn __pin_data() -> Self::PinData { +//! __ThePinData { +//! __phantom: ::core::marker::PhantomData, +//! } +//! } +//! } +//! unsafe impl ::kernel::init::__internal::PinData for __ThePinData { +//! type Datee = Foo; +//! } +//! #[allow(dead_code)] +//! struct __Unpin<'__pin> { +//! __phantom_pin: ::core::marker::PhantomData &'__pin ()>, +//! __phantom: ::core::marker::PhantomData Foo>, +//! // Since this field is `#[pin]`, it is listed here. +//! b: Bar, +//! } +//! #[doc(hidden)] +//! impl<'__pin> ::core::marker::Unpin for Foo where __Unpin<'__pin>: ::core::marker::Unpin {} +//! // Since we specified `PinnedDrop` as the argument to `#[pin_data]`, we expect `Foo` to +//! // implement `PinnedDrop`. Thus we do not need to prevent `Drop` implementations like +//! // before, instead we implement it here and delegate to `PinnedDrop`. +//! impl ::core::ops::Drop for Foo { +//! fn drop(&mut self) { +//! // Since we are getting dropped, no one else has a reference to `self` and thus we +//! // can assume that we never move. +//! let pinned = unsafe { ::core::pin::Pin::new_unchecked(self) }; +//! // Create the unsafe token that proves that we are inside of a destructor, this +//! // type is only allowed to be created in a destructor. +//! let token = unsafe { ::kernel::init::__internal::OnlyCallFromDrop::new() }; +//! ::kernel::init::PinnedDrop::drop(pinned, token); +//! } +//! } +//! }; +//! ``` +//! +//! ## `#[pinned_drop]` on `impl PinnedDrop for Foo` +//! +//! This macro is used to implement the `PinnedDrop` trait, since that trait is `unsafe` and has an +//! extra parameter that should not be used at all. The macro hides that parameter. +//! +//! Here is the `PinnedDrop` impl for `Foo`: +//! +//! ```rust +//! #[pinned_drop] +//! impl PinnedDrop for Foo { +//! fn drop(self: Pin<&mut Self>) { +//! println!("{self:p} is getting dropped."); +//! } +//! } +//! ``` +//! +//! This expands to the following code: +//! +//! ```rust +//! // `unsafe`, full path and the token parameter are added, everything else stays the same. +//! unsafe impl ::kernel::init::PinnedDrop for Foo { +//! fn drop(self: Pin<&mut Self>, _: ::kernel::init::__internal::OnlyCallFromDrop) { +//! println!("{self:p} is getting dropped."); +//! } +//! } +//! ``` +//! +//! ## `pin_init!` on `Foo` +//! +//! Since we already took a look at `pin_init!` on `Bar`, this section will only explain the +//! differences/new things in the expansion of `pin_init!` on `Foo`: +//! +//! ```rust +//! let a = 42; +//! let initializer = pin_init!(Foo { +//! a, +//! b <- Bar::new(36), +//! }); +//! ``` +//! +//! This expands to the following code: +//! +//! ```rust +//! let a = 42; +//! let initializer = { +//! struct __InitOk; +//! let data = unsafe { +//! use ::kernel::init::__internal::HasPinData; +//! Foo::__pin_data() +//! }; +//! let init = ::kernel::init::__internal::PinData::make_closure::< +//! _, +//! __InitOk, +//! ::core::convert::Infallible, +//! >(data, move |slot| { +//! { +//! struct __InitOk; +//! unsafe { ::core::ptr::write(&raw mut (*slot).a, a) }; +//! let a = &unsafe { ::kernel::init::__internal::DropGuard::new(&raw mut (*slot).a) }; +//! let b = Bar::new(36); +//! // Here we use `data` to access the correct field and require that `b` is of type +//! // `PinInit, Infallible>`. +//! unsafe { data.b(&raw mut (*slot).b, b)? }; +//! let b = &unsafe { ::kernel::init::__internal::DropGuard::new(&raw mut (*slot).b) }; +//! +//! #[allow(unreachable_code, clippy::diverging_sub_expression)] +//! if false { +//! unsafe { +//! ::core::ptr::write( +//! slot, +//! Foo { +//! a: ::core::panic!(), +//! b: ::core::panic!(), +//! }, +//! ); +//! }; +//! } +//! unsafe { ::kernel::init::__internal::DropGuard::forget(a) }; +//! unsafe { ::kernel::init::__internal::DropGuard::forget(b) }; +//! } +//! Ok(__InitOk) +//! }); +//! let init = move |slot| -> ::core::result::Result<(), ::core::convert::Infallible> { +//! init(slot).map(|__InitOk| ()) +//! }; +//! let init = unsafe { +//! ::kernel::init::pin_init_from_closure::<_, ::core::convert::Infallible>(init) +//! }; +//! init +//! }; +//! ``` + +/// Creates a `unsafe impl<...> PinnedDrop for $type` block. +/// +/// See [`PinnedDrop`] for more information. +#[doc(hidden)] +#[macro_export] +macro_rules! __pinned_drop { + ( + @impl_sig($($impl_sig:tt)*), + @impl_body( + $(#[$($attr:tt)*])* + fn drop($self:ident: $st:ty) { + $($inner:stmt)* + } + ), + ) => { + unsafe $($impl_sig)* { + // Inherit all attributes and the type/ident tokens for the signature. + $(#[$($attr)*])* + fn drop($self: $st, _: $crate::init::__internal::OnlyCallFromDrop) { + $($inner)* + } + } + } +} /// This macro first parses the struct definition such that it separates pinned and not pinned /// fields. Afterwards it declares the struct and implement the `PinData` trait safely. @@ -653,6 +885,38 @@ macro_rules! __pin_data { impl MustNotImplDrop for T {} impl<$($impl_generics)*> MustNotImplDrop for $name<$($ty_generics)*> where $($whr)* {} + // We also take care to prevent users from writing a useless `PinnedDrop` implementation. + // They might implement `PinnedDrop` correctly for the struct, but forget to give + // `PinnedDrop` as the parameter to `#[pin_data]`. + #[allow(non_camel_case_types)] + trait UselessPinnedDropImpl_you_need_to_specify_PinnedDrop {} + impl + UselessPinnedDropImpl_you_need_to_specify_PinnedDrop for T {} + impl<$($impl_generics)*> + UselessPinnedDropImpl_you_need_to_specify_PinnedDrop for $name<$($ty_generics)*> + where $($whr)* {} + }; + // When `PinnedDrop` was specified we just implement `Drop` and delegate. + (drop_prevention: + @name($name:ident), + @impl_generics($($impl_generics:tt)*), + @ty_generics($($ty_generics:tt)*), + @where($($whr:tt)*), + @pinned_drop(PinnedDrop), + ) => { + impl<$($impl_generics)*> ::core::ops::Drop for $name<$($ty_generics)*> + where $($whr)* + { + fn drop(&mut self) { + // SAFETY: Since this is a destructor, `self` will not move after this function + // terminates, since it is inaccessible. + let pinned = unsafe { ::core::pin::Pin::new_unchecked(self) }; + // SAFETY: Since this is a drop function, we can create this token to call the + // pinned destructor of this type. + let token = unsafe { $crate::init::__internal::OnlyCallFromDrop::new() }; + $crate::init::PinnedDrop::drop(pinned, token); + } + } }; // If some other parameter was specified, we emit a readable error. (drop_prevention: diff --git a/rust/macros/lib.rs b/rust/macros/lib.rs index 4def038fe71a..86eb06f2d9fe 100644 --- a/rust/macros/lib.rs +++ b/rust/macros/lib.rs @@ -8,6 +8,7 @@ mod concat_idents; mod helpers; mod module; mod pin_data; +mod pinned_drop; mod vtable; use proc_macro::TokenStream; @@ -180,6 +181,10 @@ pub fn concat_idents(ts: TokenStream) -> TokenStream { /// This macro enables the use of the [`pin_init!`] macro. When pin-initializing a `struct`, /// then `#[pin]` directs the type of intializer that is required. /// +/// If your `struct` implements `Drop`, then you need to add `PinnedDrop` as arguments to this +/// macro, and change your `Drop` implementation to `PinnedDrop` annotated with +/// `#[`[`macro@pinned_drop`]`]`, since dropping pinned values requires extra care. +/// /// # Examples /// /// ```rust,ignore @@ -191,9 +196,53 @@ pub fn concat_idents(ts: TokenStream) -> TokenStream { /// } /// ``` /// +/// ```rust,ignore +/// #[pin_data(PinnedDrop)] +/// struct DriverData { +/// #[pin] +/// queue: Mutex>, +/// buf: Box<[u8; 1024 * 1024]>, +/// raw_info: *mut Info, +/// } +/// +/// #[pinned_drop] +/// impl PinnedDrop for DriverData { +/// fn drop(self: Pin<&mut Self>) { +/// unsafe { bindings::destroy_info(self.raw_info) }; +/// } +/// } +/// ``` +/// /// [`pin_init!`]: ../kernel/macro.pin_init.html // ^ cannot use direct link, since `kernel` is not a dependency of `macros`. #[proc_macro_attribute] pub fn pin_data(inner: TokenStream, item: TokenStream) -> TokenStream { pin_data::pin_data(inner, item) } + +/// Used to implement `PinnedDrop` safely. +/// +/// Only works on structs that are annotated via `#[`[`macro@pin_data`]`]`. +/// +/// # Examples +/// +/// ```rust,ignore +/// #[pin_data(PinnedDrop)] +/// struct DriverData { +/// #[pin] +/// queue: Mutex>, +/// buf: Box<[u8; 1024 * 1024]>, +/// raw_info: *mut Info, +/// } +/// +/// #[pinned_drop] +/// impl PinnedDrop for DriverData { +/// fn drop(self: Pin<&mut Self>) { +/// unsafe { bindings::destroy_info(self.raw_info) }; +/// } +/// } +/// ``` +#[proc_macro_attribute] +pub fn pinned_drop(args: TokenStream, input: TokenStream) -> TokenStream { + pinned_drop::pinned_drop(args, input) +} diff --git a/rust/macros/pinned_drop.rs b/rust/macros/pinned_drop.rs new file mode 100644 index 000000000000..88fb72b20660 --- /dev/null +++ b/rust/macros/pinned_drop.rs @@ -0,0 +1,49 @@ +// SPDX-License-Identifier: Apache-2.0 OR MIT + +use proc_macro::{TokenStream, TokenTree}; + +pub(crate) fn pinned_drop(_args: TokenStream, input: TokenStream) -> TokenStream { + let mut toks = input.into_iter().collect::>(); + assert!(!toks.is_empty()); + // Ensure that we have an `impl` item. + assert!(matches!(&toks[0], TokenTree::Ident(i) if i.to_string() == "impl")); + // Ensure that we are implementing `PinnedDrop`. + let mut nesting: usize = 0; + let mut pinned_drop_idx = None; + for (i, tt) in toks.iter().enumerate() { + match tt { + TokenTree::Punct(p) if p.as_char() == '<' => { + nesting += 1; + } + TokenTree::Punct(p) if p.as_char() == '>' => { + nesting = nesting.checked_sub(1).unwrap(); + continue; + } + _ => {} + } + if i >= 1 && nesting == 0 { + // Found the end of the generics, this should be `PinnedDrop`. + assert!( + matches!(tt, TokenTree::Ident(i) if i.to_string() == "PinnedDrop"), + "expected 'PinnedDrop', found: '{:?}'", + tt + ); + pinned_drop_idx = Some(i); + break; + } + } + let idx = pinned_drop_idx + .unwrap_or_else(|| panic!("Expected an `impl` block implementing `PinnedDrop`.")); + // Fully qualify the `PinnedDrop`, as to avoid any tampering. + toks.splice(idx..idx, quote!(::kernel::init::)); + // Take the `{}` body and call the declarative macro. + if let Some(TokenTree::Group(last)) = toks.pop() { + let last = last.stream(); + quote!(::kernel::__pinned_drop! { + @impl_sig(#(#toks)*), + @impl_body(#last), + }) + } else { + TokenStream::from_iter(toks) + } +} From patchwork Fri Mar 31 21:53:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: y86-dev X-Patchwork-Id: 78002 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp868501vqo; Fri, 31 Mar 2023 15:08:02 -0700 (PDT) X-Google-Smtp-Source: AKy350ZLm4uPR1Gk7YvBvrXaf3N/TVo+h57lpjDrq/gmoCmmmaW7/kLXpBoADDfwSIrd4dmu6deq X-Received: by 2002:a17:906:27c4:b0:931:c2f0:9437 with SMTP id k4-20020a17090627c400b00931c2f09437mr30361281ejc.8.1680300482709; Fri, 31 Mar 2023 15:08:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680300482; cv=none; d=google.com; s=arc-20160816; b=jjKyH6nLywbAGCno90sZ/4jAxlugk6OMFsLRxbic334n5TTdQ8PqC+TF0o4Ze3Ny6Z 89KYfGLbDi1suLp2sQ+j1V+CRsGU0sJl64r6Lt0teB4UUhZiv92zEXkvfb1ckGQZkMQX cWaRRV/8xZuCacLuWyHqc26UbsC06u1nGNhqodpgZBgS2097w6vKrDyb18FFgfEtju2B 3kGGiInmdIU7TrIcbkvVhfjAtbQ2ZZqv12FH1C20J6MAramOGjVhZpyP+ZClMjI28IKR 6AhDOKdTorlH7F8YkGFhmpU0C6oc090uyjYx3RKSjziRzWVGGIoVUN0rdtvo2KL1u2Xs fYAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :feedback-id:message-id:subject:cc:from:to:dkim-signature:date; bh=sr2JvwCQdmMvlR7/qpZ4bQwbcN/uY8dZ+qqwZJYCJHk=; b=s4lPs4uhVzUJFIv+RdTXyQnMO27YhTPuHW6mxCeHIwP9eXFr7N1usu78zATFZV3V2h Q1jiqkvi13sOKlM10Le9W0xggth+yKW5+Gboq4zlkWMPFsanJa56xn68wSaUI7v9RiGL xHp5NpIMNzrz6HzA50vxZ+yLtLxI1TdNOcqQpkhSu8AAVGwaMuFiAnpb2ew4KMXhangw ejqVLl14dCJzb7MQHeXH366oauYjXbxlqmHA1+a7pYjX/pdH0jQJgvuKF6pTttCN8CtQ 8OcJFs1IpOmwEZkM0dwjFOv/3cVcetmnn9D6fPiRmIuOFqRd4PF+6XyM39P5Pv8gDiLs ZLlQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=hMiLXroT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v15-20020a170906564f00b0093fa751d442si2711055ejr.24.2023.03.31.15.07.39; Fri, 31 Mar 2023 15:08:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=hMiLXroT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233179AbjCaV4h (ORCPT + 99 others); Fri, 31 Mar 2023 17:56:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46790 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233231AbjCaV4c (ORCPT ); Fri, 31 Mar 2023 17:56:32 -0400 Received: from mail-41103.protonmail.ch (mail-41103.protonmail.ch [185.70.41.103]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D8F3D21ABA for ; Fri, 31 Mar 2023 14:55:58 -0700 (PDT) Date: Fri, 31 Mar 2023 21:53:51 +0000 Authentication-Results: mail-41103.protonmail.ch; dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com header.b="hMiLXroT" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1680299645; x=1680558845; bh=sr2JvwCQdmMvlR7/qpZ4bQwbcN/uY8dZ+qqwZJYCJHk=; h=Date:To:From:Cc:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector; b=hMiLXroTIFFAz5EJ8MA6SeSM1L2VB6VfiLs7V2lXWsY0ii+BdM7PlmBNayeFk8LVx Y4LS4MuI23KoTGP3FQ3Ir2VazfBs6q7EUogHVabF1HEy9mA7Dwz6gg2GLGGcXQ6b83 7OoBjlqSdnArgA6Kh3ddRWCCXjFceronO95l3FxKn76+LlBecx3DrSKHoEJ9u/Jz1e MFrTlBt2/HJYeacwYoaIZ6pYFHyYP8/k/i31FEJWRiD6YTVnQGJgUUQk1NtPxwc48d b1/GTaVFSD10CqP2/OAiLp9/eh1D4iuZ+GBMegfn3M20QIc9Op1ELnJewNuInBSg+G nRpN2FDRdVtOw== To: Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Alice Ryhl From: y86-dev@protonmail.com Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, patches@lists.linux.dev, Benno Lossin , Alice Ryhl , Andreas Hindborg Subject: [PATCH v4 10/15] rust: init: add `stack_pin_init!` macro Message-ID: <20230331215053.585759-11-y86-dev@protonmail.com> Feedback-ID: 40624463:user:proton MIME-Version: 1.0 X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,SPF_HELO_PASS,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1761922759205300636?= X-GMAIL-MSGID: =?utf-8?q?1761922759205300636?= From: Benno Lossin The `stack_pin_init!` macro allows pin-initializing a value on the stack. It accepts a `impl PinInit` to initialize a `T`. It allows propagating any errors via `?` or handling it normally via `match`. Signed-off-by: Benno Lossin Cc: Alice Ryhl Cc: Andreas Hindborg Cc: Gary Guo --- rust/kernel/init.rs | 146 +++++++++++++++++++++++++++++++-- rust/kernel/init/__internal.rs | 50 +++++++++++ 2 files changed, 190 insertions(+), 6 deletions(-) -- 2.39.2 diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs index a507536f1724..5661f30bb0e4 100644 --- a/rust/kernel/init.rs +++ b/rust/kernel/init.rs @@ -12,7 +12,8 @@ //! //! To initialize a `struct` with an in-place constructor you will need two things: //! - an in-place constructor, -//! - a memory location that can hold your `struct`. +//! - a memory location that can hold your `struct` (this can be the [stack], an [`Arc`], +//! [`UniqueArc`], [`Box`] or any other smart pointer that implements [`InPlaceInit`]). //! //! To get an in-place constructor there are generally three options: //! - directly creating an in-place constructor using the [`pin_init!`] macro, @@ -180,6 +181,7 @@ //! [pinning]: https://doc.rust-lang.org/std/pin/index.html //! [structurally pinned fields]: //! https://doc.rust-lang.org/std/pin/index.html#pinning-is-structural-for-field +//! [stack]: crate::stack_pin_init //! [`Arc`]: crate::sync::Arc //! [`impl PinInit`]: PinInit //! [`impl PinInit`]: PinInit @@ -202,6 +204,138 @@ pub mod __internal; #[doc(hidden)] pub mod macros; +/// Initialize and pin a type directly on the stack. +/// +/// # Examples +/// +/// ```rust +/// # #![allow(clippy::disallowed_names, clippy::new_ret_no_self)] +/// # use kernel::{init, pin_init, stack_pin_init, init::*, sync::Mutex, new_mutex}; +/// # use macros::pin_data; +/// # use core::pin::Pin; +/// #[pin_data] +/// struct Foo { +/// #[pin] +/// a: Mutex, +/// b: Bar, +/// } +/// +/// #[pin_data] +/// struct Bar { +/// x: u32, +/// } +/// +/// stack_pin_init!(let foo = pin_init!(Foo { +/// a <- new_mutex!(42), +/// b: Bar { +/// x: 64, +/// }, +/// })); +/// let foo: Pin<&mut Foo> = foo; +/// pr_info!("a: {}", &*foo.a.lock()); +/// ``` +/// +/// # Syntax +/// +/// A normal `let` binding with optional type annotation. The expression is expected to implement +/// [`PinInit`]/[`Init`] with the error type [`Infallible`]. If you want to use a different error +/// type, then use [`stack_try_pin_init!`]. +#[macro_export] +macro_rules! stack_pin_init { + (let $var:ident $(: $t:ty)? = $val:expr) => { + let mut $var = ::core::pin::pin!($crate::init::__internal::StackInit$(::<$t>)?::uninit()); + let mut $var = { + let val = $val; + match $crate::init::__internal::StackInit::init($var, val) { + Ok(res) => res, + Err(x) => { + let x: ::core::convert::Infallible = x; + match x {} + } + } + }; + }; +} + +/// Initialize and pin a type directly on the stack. +/// +/// # Examples +/// +/// ```rust +/// # #![allow(clippy::disallowed_names, clippy::new_ret_no_self)] +/// # use kernel::{init, pin_init, stack_try_pin_init, init::*, sync::Mutex, new_mutex}; +/// # use macros::pin_data; +/// # use core::{alloc::AllocError, pin::Pin}; +/// #[pin_data] +/// struct Foo { +/// #[pin] +/// a: Mutex, +/// b: Box, +/// } +/// +/// struct Bar { +/// x: u32, +/// } +/// +/// stack_try_pin_init!(let foo: Result, AllocError> = pin_init!(Foo { +/// a <- new_mutex!(42), +/// b: Box::try_new(Bar { +/// x: 64, +/// })?, +/// })); +/// let foo = foo.unwrap(); +/// pr_info!("a: {}", &*foo.a.lock()); +/// ``` +/// +/// ```rust +/// # #![allow(clippy::disallowed_names, clippy::new_ret_no_self)] +/// # use kernel::{init, pin_init, stack_try_pin_init, init::*, sync::Mutex, new_mutex}; +/// # use macros::pin_data; +/// # use core::{alloc::AllocError, pin::Pin}; +/// #[pin_data] +/// struct Foo { +/// #[pin] +/// a: Mutex, +/// b: Box, +/// } +/// +/// struct Bar { +/// x: u32, +/// } +/// +/// stack_try_pin_init!(let foo: Pin<&mut Foo> =? pin_init!(Foo { +/// a <- new_mutex!(42), +/// b: Box::try_new(Bar { +/// x: 64, +/// })?, +/// })); +/// pr_info!("a: {}", &*foo.a.lock()); +/// # Ok::<_, AllocError>(()) +/// ``` +/// +/// # Syntax +/// +/// A normal `let` binding with optional type annotation. The expression is expected to implement +/// [`PinInit`]/[`Init`]. This macro assigns a result to the given variable, adding a `?` after the +/// `=` will propagate this error. +#[macro_export] +macro_rules! stack_try_pin_init { + (let $var:ident $(: $t:ty)? = $val:expr) => { + let mut $var = ::core::pin::pin!($crate::init::__internal::StackInit$(::<$t>)?::uninit()); + let mut $var = { + let val = $val; + $crate::init::__internal::StackInit::init($var, val) + }; + }; + (let $var:ident $(: $t:ty)? =? $val:expr) => { + let mut $var = ::core::pin::pin!($crate::init::__internal::StackInit$(::<$t>)?::uninit()); + let mut $var = { + let val = $val; + $crate::init::__internal::StackInit::init($var, val)? + }; + }; +} + /// Construct an in-place, pinned initializer for `struct`s. /// /// This macro defaults the error to [`Infallible`]. If you need [`Error`], then use @@ -916,8 +1050,8 @@ macro_rules! try_init { /// A pin-initializer for the type `T`. /// /// To use this initializer, you will need a suitable memory location that can hold a `T`. This can -/// be [`Box`], [`Arc`], [`UniqueArc`]. Use the [`InPlaceInit::pin_init`] function of a -/// smart pointer like [`Arc`] on this. +/// be [`Box`], [`Arc`], [`UniqueArc`] or even the stack (see [`stack_pin_init!`]). Use the +/// [`InPlaceInit::pin_init`] function of a smart pointer like [`Arc`] on this. /// /// Also see the [module description](self). /// @@ -952,9 +1086,9 @@ pub unsafe trait PinInit: Sized { /// An initializer for `T`. /// /// To use this initializer, you will need a suitable memory location that can hold a `T`. This can -/// be [`Box`], [`Arc`], [`UniqueArc`]. Use the [`InPlaceInit::init`] function of a smart -/// pointer like [`Arc`] on this. Because [`PinInit`] is a super trait, you can -/// use every function that takes it as well. +/// be [`Box`], [`Arc`], [`UniqueArc`] or even the stack (see [`stack_pin_init!`]). Use the +/// [`InPlaceInit::init`] function of a smart pointer like [`Arc`] on this. Because +/// [`PinInit`] is a super trait, you can use every function that takes it as well. /// /// Also see the [module description](self). /// diff --git a/rust/kernel/init/__internal.rs b/rust/kernel/init/__internal.rs index 4d13d0ef3b5e..5f753ff324b2 100644 --- a/rust/kernel/init/__internal.rs +++ b/rust/kernel/init/__internal.rs @@ -124,6 +124,56 @@ unsafe impl HasInitData for T { } } +/// Stack initializer helper type. Use [`stack_pin_init`] instead of this primitive. +/// +/// # Invariants +/// +/// If `self.1` is true, then `self.0` is initialized. +/// +/// [`stack_pin_init`]: kernel::stack_pin_init +pub struct StackInit(MaybeUninit, bool); + +impl Drop for StackInit { + #[inline] + fn drop(&mut self) { + if self.1 { + // SAFETY: As we are being dropped, we only call this once. And since `self.1 == true`, + // `self.0` has to be initialized. + unsafe { self.0.assume_init_drop() }; + } + } +} + +impl StackInit { + /// Creates a new [`StackInit`] that is uninitialized. Use [`stack_pin_init`] instead of this + /// primitive. + /// + /// [`stack_pin_init`]: kernel::stack_pin_init + #[inline] + pub fn uninit() -> Self { + Self(MaybeUninit::uninit(), false) + } + + /// Initializes the contents and returns the result. + #[inline] + pub fn init(self: Pin<&mut Self>, init: impl PinInit) -> Result, E> { + // SAFETY: We never move out of `this`. + let this = unsafe { Pin::into_inner_unchecked(self) }; + // The value is currently initialized, so it needs to be dropped before we can reuse + // the memory (this is a safety guarantee of `Pin`). + if this.1 { + // SAFETY: `this.1` is true and we set it to false after this. + unsafe { this.0.assume_init_drop() }; + this.1 = false; + } + // SAFETY: The memory slot is valid and this type ensures that it will stay pinned. + unsafe { init.__pinned_init(this.0.as_mut_ptr())? }; + this.1 = true; + // SAFETY: The slot is now pinned, since we will never give access to `&mut T`. + Ok(unsafe { Pin::new_unchecked(this.0.assume_init_mut()) }) + } +} + /// When a value of this type is dropped, it drops a `T`. /// /// Can be forgotton to prevent the drop. From patchwork Fri Mar 31 21:54:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: y86-dev X-Patchwork-Id: 78024 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp878002vqo; Fri, 31 Mar 2023 15:27:35 -0700 (PDT) X-Google-Smtp-Source: AKy350Y2yxqCIYYPYsJZuDfn/UwfdEbqaEVbXqlcVJovOe3xvQfQwkdL9GNeY/QX/+rl23p4EyDf X-Received: by 2002:a17:902:fa46:b0:1a0:514c:c2d2 with SMTP id lb6-20020a170902fa4600b001a0514cc2d2mr25032871plb.68.1680301655098; Fri, 31 Mar 2023 15:27:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680301655; cv=none; d=google.com; s=arc-20160816; b=nbLwQcUbsi4Hda7UmjNIKgZk47q3Z4aBUdc/U55pEXrRPEBtus054l2jQST0lgQ6// suSyCe+TQWkABmoxYPN7VXpUlArxyT8Fvb9gqHT/NMcgE7q3C87rOcJdIvtnTNxFswxr N23eht26WrJs/H8Ub2pS6QU6SVOJQuUKq4OQeswLAu5m62CVREnxhyEKOGegppA0tX1i whPtzr0kiRC2h1Cfrkux1NqAJ3aR2K5TIO/yl5eFjjn0oyvrnzu+SEeGWTjL/46gurt6 jq5hSuoJdH1E9oeEDqaEJfoz4Mq4LiEbwhmv8lSJ4WwifU9aWxzda6Zr/c26yH1DS2q7 LI7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :feedback-id:message-id:subject:cc:from:to:dkim-signature:date; bh=tbeoCLL5wBqVLfIxQMLYa/pwVZdYzKbff0TZ81OcW1Y=; b=dVuDzfjdwY+GHPaycv215f6rgtmKtCazju8n9KloVoPqAlkI7wvQJ9g8AVLL3JRo43 LIlpv4R/g4QKaNreYW69dw6i68EkQ0rjvFlRNBnx4DOWN6k+/ZvZs6WkPZy7QtTLi11V lmWIUxNYqLtH4GxkO53OhzUISx7IgAt3JBDlSckc5SvB8a4Q/YH2jh7dODXvbqF3pznX oo3rRapnRYQIxjbaXqCtWuQMA7V5mvEPnDNzlgOvLnI1xQ7WhmCbs721iKd2ISii2caR WoQyKfN6UeE967gWrAG6jxZWc8g7CdoH7G2tuuXNpmYhxSrIFw7FzFkQkXwIfvDYYUib 0z7g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=Wkj2CPI+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u17-20020a170902e81100b001a05d12eeb3si3638295plg.189.2023.03.31.15.27.23; Fri, 31 Mar 2023 15:27:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=Wkj2CPI+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233302AbjCaV5B (ORCPT + 99 others); Fri, 31 Mar 2023 17:57:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51584 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233258AbjCaV4z (ORCPT ); Fri, 31 Mar 2023 17:56:55 -0400 Received: from mail-0201.mail-europe.com (mail-0201.mail-europe.com [51.77.79.158]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F2DA618F9A; Fri, 31 Mar 2023 14:56:22 -0700 (PDT) Date: Fri, 31 Mar 2023 21:54:04 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1680299654; x=1680558854; bh=tbeoCLL5wBqVLfIxQMLYa/pwVZdYzKbff0TZ81OcW1Y=; h=Date:To:From:Cc:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector; b=Wkj2CPI+CxUz9qnTXoJ0BESJfECV+o263NE7aT9uB162R0xjR8Jo70mF3KabF9QyP 27jouhyKuFefarQoMzF1T0hXOsAD+2r7BCMI7d7VwiGGOQ+9YcKyWLiRWzGiYxjhSt Hl/mHsetRwFDTHJVF6XH14lzZjPTqtiDDgEY2ZKHlc3LUprzztDkxOYnSn2ZAL5Rwf nCe4wgLcH92pX61a692W0nSCMb07ghH0Te5l+peVZ8A6kC/TnZ3mVMzCZDsr0BmJjw 2Z0Y3aNdbILTFWDYlmlEHTn1KHLCZUEBe/rAdA7IRq8nF7Jv3SIDW/nJYrUb9Rnl2o k9PtLPfNM61Ug== To: Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Alice Ryhl From: y86-dev@protonmail.com Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, patches@lists.linux.dev, Benno Lossin , Alice Ryhl , Andreas Hindborg Subject: [PATCH v4 11/15] rust: init: add `Zeroable` trait and `init::zeroed` function Message-ID: <20230331215053.585759-12-y86-dev@protonmail.com> Feedback-ID: 40624463:user:proton MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1761923988691630985?= X-GMAIL-MSGID: =?utf-8?q?1761923988691630985?= From: Benno Lossin Add the `Zeroable` trait which marks types that can be initialized by writing `0x00` to every byte of the type. Also add the `init::zeroed` function that creates an initializer for a `Zeroable` type that writes `0x00` to every byte. Signed-off-by: Benno Lossin Cc: Gary Guo Cc: Alice Ryhl Cc: Andreas Hindborg --- rust/kernel/init.rs | 94 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 92 insertions(+), 2 deletions(-) -- 2.39.2 diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs index 5661f30bb0e4..fef14c3c0642 100644 --- a/rust/kernel/init.rs +++ b/rust/kernel/init.rs @@ -195,8 +195,14 @@ use crate::{ }; use alloc::boxed::Box; use core::{ - alloc::AllocError, cell::Cell, convert::Infallible, marker::PhantomData, mem::MaybeUninit, - pin::Pin, ptr, + alloc::AllocError, + cell::Cell, + convert::Infallible, + marker::PhantomData, + mem::MaybeUninit, + num::*, + pin::Pin, + ptr::{self, NonNull}, }; #[doc(hidden)] @@ -1328,3 +1334,87 @@ pub unsafe trait PinnedDrop: __internal::HasPinData { /// automatically. fn drop(self: Pin<&mut Self>, only_call_from_drop: __internal::OnlyCallFromDrop); } + +/// Marker trait for types that can be initialized by writing just zeroes. +/// +/// # Safety +/// +/// The bit pattern consisting of only zeroes is a valid bit pattern for this type. In other words, +/// this is not UB: +/// +/// ```rust,ignore +/// let val: Self = unsafe { core::mem::zeroed() }; +/// ``` +pub unsafe trait Zeroable {} + +/// Create a new zeroed T. +/// +/// The returned initializer will write `0x00` to every byte of the given `slot`. +#[inline] +pub fn zeroed() -> impl Init { + // SAFETY: Because `T: Zeroable`, all bytes zero is a valid bit pattern for `T` + // and because we write all zeroes, the memory is initialized. + unsafe { + init_from_closure(|slot: *mut T| { + slot.write_bytes(0, 1); + Ok(()) + }) + } +} + +macro_rules! impl_zeroable { + ($($({$($generics:tt)*})? $t:ty, )*) => { + $(unsafe impl$($($generics)*)? Zeroable for $t {})* + }; +} + +impl_zeroable! { + // SAFETY: All primitives that are allowed to be zero. + bool, + char, + u8, u16, u32, u64, u128, usize, + i8, i16, i32, i64, i128, isize, + f32, f64, + + // SAFETY: These are ZSTs, there is nothing to zero. + {} PhantomData, core::marker::PhantomPinned, Infallible, (), + + // SAFETY: Type is allowed to take any value, including all zeros. + {} MaybeUninit, + + // SAFETY: All zeros is equivalent to `None` (option layout optimization guarantee). + Option, Option, Option, Option, + Option, Option, + Option, Option, Option, Option, + Option, Option, + + // SAFETY: All zeros is equivalent to `None` (option layout optimization guarantee). + // + // In this case we are allowed to use `T: ?Sized`, since all zeros is the `None` variant. + {} Option>, + {} Option>, + + // SAFETY: `null` pointer is valid. + // + // We cannot use `T: ?Sized`, since the VTABLE pointer part of fat pointers is not allowed to be + // null. + {} *mut T, {} *const T, + + // SAFETY: `null` pointer is valid and the metadata part of these fat pointers is allowed to be + // zero. + {} *mut [T], {} *const [T], *mut str, *const str, + + // SAFETY: `T` is `Zeroable`. + {} [T; N], {} Wrapping, +} + +macro_rules! impl_tuple_zeroable { + ($(,)?) => {}; + ($first:ident, $($t:ident),* $(,)?) => { + // SAFETY: All elements are zeroable and padding can be zero. + unsafe impl<$first: Zeroable, $($t: Zeroable),*> Zeroable for ($first, $($t),*) {} + impl_tuple_zeroable!($($t),* ,); + } +} + +impl_tuple_zeroable!(A, B, C, D, E, F, G, H, I, J); From patchwork Fri Mar 31 21:54:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: y86-dev X-Patchwork-Id: 78001 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp866980vqo; Fri, 31 Mar 2023 15:05:35 -0700 (PDT) X-Google-Smtp-Source: AKy350awPHxdHH2DpymMrVzbotbKLOmKDM9yo9NSmDcBRxVWmykBXKCy1h/P3JCHn3co3oCtnb+h X-Received: by 2002:a17:902:ced0:b0:19f:1c69:54b5 with SMTP id d16-20020a170902ced000b0019f1c6954b5mr31432513plg.12.1680300335404; Fri, 31 Mar 2023 15:05:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680300335; cv=none; d=google.com; s=arc-20160816; b=MLA/CepGbPrpDB3K+GNz2GEbnld+yBYn6nYnRrpL5Ig6dNmSeWW+Dw2zlmMA7Kkomw t+YuO+p29ZclQizwH18ACgMnMy13FgP8kSaVf6U03/DJaOi6r2Z1srpXGHxrJuOhWaXo WJ7NYgDYonrXiYDka6qLXHo6i0UVxVNiPaq7Wam96DdeQofYvwRI3UepKLYnLvQmTuGo niarUZ9wBkCEMHfBMIkcbKB4u1Zkcaed8/hl11gdnPrLIk3yDD8SxS3hCatF4AFms3mg a5R3wvHDchJaZGWOZcksW0SLlB44v21eJHoM4SGXjBUgOoDOUXuHSwEeIO0qslw+LsPz kkMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :feedback-id:message-id:subject:cc:from:to:dkim-signature:date; bh=c1SYY0A1KylQEiGsgr7yJxl7OSG6W1YCjWLUakx2GG0=; b=NTLfERJ6d9Woa+vMinXKYHYayHHfKFMlCjnuKA/1BWj7X56eg/tdgf8K2IoA7/lvbf 38x5F0zgq8kcsOhPQ0LKNLPwPlcf9vOpsDHGQmUpcczWn11thaNozvXv/nhtMwLgou5H bbd9dr3jrIA6t5+KJMjM1T9VnQ67yboFNZiRimcBy+AK+soSiF8bUgEnGlNd8AmIy4CR SKPwDKjYiGhG12xw8gYueyDX86xq16C4b9iVqDEffgdf2xVgBq6idRBRlGalKFyNPWK+ eCloGrra7As67nqJCP59XIypoPt1cXXwQGU6ICpxPbtMwpVuap4RcINqXA/c75iYdYEr JVMQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=ecaPmHSh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 7-20020a630707000000b00513946a0d18si3477641pgh.9.2023.03.31.15.04.58; Fri, 31 Mar 2023 15:05:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=ecaPmHSh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233316AbjCaV61 (ORCPT + 99 others); Fri, 31 Mar 2023 17:58:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54752 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231858AbjCaV6Z (ORCPT ); Fri, 31 Mar 2023 17:58:25 -0400 Received: from mail-4321.protonmail.ch (mail-4321.protonmail.ch [185.70.43.21]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E8A5865A8; Fri, 31 Mar 2023 14:58:01 -0700 (PDT) Date: Fri, 31 Mar 2023 21:54:17 +0000 Authentication-Results: mail-4321.protonmail.ch; dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com header.b="ecaPmHSh" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1680299665; x=1680558865; bh=c1SYY0A1KylQEiGsgr7yJxl7OSG6W1YCjWLUakx2GG0=; h=Date:To:From:Cc:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector; b=ecaPmHShyhmlyjowiPezN9aHf9KTDyMQu5g50xbfnkbXTq2q65c6pZj7jECrNgzpK upLffycjxrpuun1Gudt0U1QPUXxNVN5B8FSpLqOo7DVVbtFbe71e9ISuhabesxdL7O 8nkKN8xlmhhWgjhUmjJ6ZfDTEpyAug2603lIwxbmSW/CV2r73Hi/f8kZvGZeINyy11 WZl4upbV4yyycbZVz/ZH4UfUUBKeqXpaVb/zVVlVPDWLIUkTQFHzVLNo6T0PMRh8zB 8OwilGUr/Wcva3KDEbqgOFs/sD+3SCYEaLDXGlk7ZSAFsZB/Jlo9cqzDWjWgxqAu7u blNTI3gfJ7bzA== To: Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Alice Ryhl From: y86-dev@protonmail.com Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, patches@lists.linux.dev, Benno Lossin , Alice Ryhl , Andreas Hindborg Subject: [PATCH v4 12/15] rust: prelude: add `pin-init` API items to prelude Message-ID: <20230331215053.585759-13-y86-dev@protonmail.com> Feedback-ID: 40624463:user:proton MIME-Version: 1.0 X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,SPF_HELO_PASS,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1761922604308770048?= X-GMAIL-MSGID: =?utf-8?q?1761922604308770048?= From: Benno Lossin Add `pin-init` API macros and traits to the prelude. Signed-off-by: Benno Lossin Reviewed-by: Gary Guo Reviewed-by: Alice Ryhl Reviewed-by: Andreas Hindborg --- rust/kernel/prelude.rs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) -- 2.39.2 diff --git a/rust/kernel/prelude.rs b/rust/kernel/prelude.rs index 0bc1c97e5604..fcdc511d2ce8 100644 --- a/rust/kernel/prelude.rs +++ b/rust/kernel/prelude.rs @@ -18,7 +18,7 @@ pub use core::pin::Pin; pub use alloc::{boxed::Box, vec::Vec}; #[doc(no_inline)] -pub use macros::{module, vtable}; +pub use macros::{module, pin_data, pinned_drop, vtable}; pub use super::build_assert; @@ -27,8 +27,12 @@ pub use super::build_assert; pub use super::dbg; pub use super::{pr_alert, pr_crit, pr_debug, pr_emerg, pr_err, pr_info, pr_notice, pr_warn}; +pub use super::{init, pin_init, try_init, try_pin_init}; + pub use super::static_assert; pub use super::error::{code::*, Error, Result}; pub use super::{str::CStr, ThisModule}; + +pub use super::init::{InPlaceInit, Init, PinInit}; From patchwork Fri Mar 31 21:54:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: y86-dev X-Patchwork-Id: 78020 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp877136vqo; Fri, 31 Mar 2023 15:25:55 -0700 (PDT) X-Google-Smtp-Source: AK7set8dd+Y25sDIuL1gxlr49Mp8DN1WC1p5CHn8gN0bMMoXoVvgcJgeUolBIzu7hLRtKmGGrEax X-Received: by 2002:a05:6a20:8009:b0:d9:e5db:5287 with SMTP id e9-20020a056a20800900b000d9e5db5287mr23452264pza.4.1680301555704; Fri, 31 Mar 2023 15:25:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680301555; cv=none; d=google.com; s=arc-20160816; b=IeCUN+UsPL7CHgkTmy+xsDxJxEY00mgxtnEIpvgh08J5X/8IklV1UPWckQbIdoppzw BLABtvZ30398ycUpw0hvfz9GHz3DEpam0pmSbiM1nqDQHx2UjI99H6mYL2+MHJk8FWvP 9KlNCZ8up0zY4G550Y4vlyE3MFZNZhluI5z7rVPoaIBzj7v/qEtrNcNTwUx+48SCUXvp c4AHIddDdO2P5ECCHiDQB73yzupHV/oMroTem0CyTA5l7Ask/OMP8k8MKG9Ryf/gtFxp LBumTuc4tTiWkVZyot2ABVv5FmW7SPVUQCCzpjy5+XnjlmA870t/sK6A4vwpEknPxwNA 9u0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :feedback-id:message-id:subject:cc:from:to:dkim-signature:date; bh=5Fn50wx9SjwjEk+7PFvrVXZ6Yt0uZEDngF0z84FHnKc=; b=VHyPaBGWbs/ILamXOCWEfcphDMSv3obc/wsiZoMhYOVhfT6UuDPw0nXhE6pzoetO4o +2ez4h82d3JOglv6x1jfjejpC6vZb/ak/SSucshz6IwAbgi908GCVemlcqZ8K7ws2tqx nMTYcoSr8+k5qaW0rznbN+o0GEDqs0CXyzBtzAH8ES9DNV6F2z9V+4nagzDUuxZ6ESDF 56zt8AyecYHkDqsuCWksVgbi/2wDDeRsXmP9ZCXiAvknSe3KqgbUy2bQAQ/Y7c1w+1Vv CSpHdn/wNDxw0D4jvzLE1fGYmkD+amyHJaIe+VWMth2xg2c1wEh/gsweoOo3CQFzBZoe 4s2A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=rpl7HOJl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i12-20020a056a00004c00b0062a4722bb2asi3487900pfk.278.2023.03.31.15.25.43; Fri, 31 Mar 2023 15:25:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=rpl7HOJl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233224AbjCaWGH (ORCPT + 99 others); Fri, 31 Mar 2023 18:06:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35410 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233153AbjCaWGE (ORCPT ); Fri, 31 Mar 2023 18:06:04 -0400 Received: from mail-41104.protonmail.ch (mail-41104.protonmail.ch [185.70.41.104]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9CC6B1FD3E for ; Fri, 31 Mar 2023 15:06:03 -0700 (PDT) Date: Fri, 31 Mar 2023 21:54:29 +0000 Authentication-Results: mail-41104.protonmail.ch; dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com header.b="rpl7HOJl" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1680299680; x=1680558880; bh=5Fn50wx9SjwjEk+7PFvrVXZ6Yt0uZEDngF0z84FHnKc=; h=Date:To:From:Cc:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector; b=rpl7HOJlJTDiEG+BmuTzQHlWSHu2+U/blhvLlzXyQhzz6HEl0LLvfR+RJZaLdgU5x wy4YjiDBPq3QrCgHdYLrpaBKuPgSDp/UTF02H07Gg7s/hWGahPBI7C2UfhhalDMH9z V9j0Bh5KZWdTTXkuugNCdeNGj8ZDa0RcrXmURX4W09gfCCoYeS7bfkX3d7KaFF5xsx u7bQhmnHgWTudRL9qRHFvo+d1crdrVx6Q1cllbsnYOPztVMm5F2VuUT4oIgUMBl8r0 5yU9XftQvtDwWeqZbdSBDlv6WzRTwN1k2Ps8T03vZdkqNOXQusNPMkirvlJp59ylG0 xeYIRQ7xpT97g== To: Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Alice Ryhl From: y86-dev@protonmail.com Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, patches@lists.linux.dev, Benno Lossin , Alice Ryhl , Andreas Hindborg Subject: [PATCH v4 13/15] rust: types: add common init-helper functions for `Opaque` Message-ID: <20230331215053.585759-14-y86-dev@protonmail.com> Feedback-ID: 40624463:user:proton MIME-Version: 1.0 X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,SPF_HELO_PASS,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1761923883551728854?= X-GMAIL-MSGID: =?utf-8?q?1761923883551728854?= From: Benno Lossin Add helper functions to more easily initialize `Opaque` via FFI and rust raw initializer functions. These functions take a function pointer to the FFI/raw initialization function and take between 0-4 other arguments. It then returns an initializer that uses the FFI/raw initialization function along with the given arguments to initialize an `Opaque`. Signed-off-by: Benno Lossin Reviewed-by: Alice Ryhl Reviewed-by: Andreas Hindborg Cc: Gary Guo --- rust/kernel/init.rs | 9 +++++++++ rust/kernel/types.rs | 47 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) -- 2.39.2 diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs index fef14c3c0642..7b452e458391 100644 --- a/rust/kernel/init.rs +++ b/rust/kernel/init.rs @@ -177,6 +177,14 @@ //! } //! ``` //! +//! For the special case where initializing a field is a single FFI-function call that cannot fail, +//! there exist helper functions [`Opaque::ffi_init`]. These functions initialize a single +//! [`Opaque`] field by just delegating to the FFI-function. You can use these in combination with +//! [`pin_init!`]. +//! +//! For more information on how to use [`pin_init_from_closure()`], take a look at the uses inside +//! the `kernel` crate. The [`sync`] module is a good starting point. +//! //! [`sync`]: kernel::sync //! [pinning]: https://doc.rust-lang.org/std/pin/index.html //! [structurally pinned fields]: @@ -187,6 +195,7 @@ //! [`impl PinInit`]: PinInit //! [`impl Init`]: Init //! [`Opaque`]: kernel::types::Opaque +//! [`Opaque::ffi_init`]: kernel::types::Opaque::ffi_init //! [`pin_data`]: ::macros::pin_data use crate::{ diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs index ff2b2fac951d..dbfae9bb97ce 100644 --- a/rust/kernel/types.rs +++ b/rust/kernel/types.rs @@ -2,6 +2,7 @@ //! Kernel types. +use crate::init::{self, PinInit}; use alloc::boxed::Box; use core::{ cell::UnsafeCell, @@ -248,6 +249,52 @@ impl Opaque { } } +macro_rules! opaque_init_funcs { + ($($abi:literal $name:ident($($arg_name:ident: $arg_typ:ident),*);)*) => { + impl Opaque { + $( + /// Create an initializer using the given initializer function. + /// + /// # Safety + /// + /// The given function **must** under all circumstances initialize the memory + /// location to a valid `T`. If it fails to do so it results in UB. + /// + /// If any parameters are given, those need to be valid for the function. Valid + /// means that calling the function with those parameters complies with the above + /// requirement **and** every other requirement on the function itself. + pub unsafe fn $name<$($arg_typ),*>( + init_func: unsafe extern $abi fn(*mut T $(, $arg_typ)*), + $($arg_name: $arg_typ,)* + ) -> impl PinInit { + // SAFETY: The safety contract of this function ensures that `init_func` fully + // initializes `slot`. + unsafe { + init::pin_init_from_closure(move |slot| { + init_func(Self::raw_get(slot) $(, $arg_name)*); + Ok(()) + }) + } + } + )* + } + } +} + +opaque_init_funcs! { + "C" ffi_init(); + "C" ffi_init1(arg1: A1); + "C" ffi_init2(arg1: A1, arg2: A2); + "C" ffi_init3(arg1: A1, arg2: A2, arg3: A3); + "C" ffi_init4(arg1: A1, arg2: A2, arg3: A3, arg4: A4); + + "Rust" manual_init(); + "Rust" manual_init1(arg1: A1); + "Rust" manual_init2(arg1: A1, arg2: A2); + "Rust" manual_init3(arg1: A1, arg2: A2, arg3: A3); + "Rust" manual_init4(arg1: A1, arg2: A2, arg3: A3, arg4: A4); +} + /// A sum type that always holds either a value of type `L` or `R`. pub enum Either { /// Constructs an instance of [`Either`] containing a value of type `L`. From patchwork Fri Mar 31 21:54:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: y86-dev X-Patchwork-Id: 78019 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp876995vqo; Fri, 31 Mar 2023 15:25:39 -0700 (PDT) X-Google-Smtp-Source: AKy350ZGMp/ROuetqXcKpXu5SOvbTQOaD3UG8y6NdX90vlG4aLoVjqj0hywN8PcPCZFvNouJgbAz X-Received: by 2002:a17:90a:1997:b0:234:b964:5708 with SMTP id 23-20020a17090a199700b00234b9645708mr31823339pji.5.1680301539504; Fri, 31 Mar 2023 15:25:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680301539; cv=none; d=google.com; s=arc-20160816; b=xIjLRfn6uoPrrjwgN7Eyx7sbrIC9Ppojj11FMaO+98PkEKBbrPNR17kiv7leAswspw 9QLQg/KI6oDy9ywJ6fJvyXQ+7PjBdxLG0Vhg5yyul2B710Cv0RseAIhJlKEveq7MSYO5 JiBdPA42aLVUOSHug2YsEyOTQAhwKzkjEMeUYsxbEJ8gdZX9MfcMSZZ4sXphQtOy88Q0 gZsBxqxswHrGAptZu5mDM22LmgXKsHnN49NLeEPLYPSWQQmeYj0dSQo9rDeg1GMheVg2 ZetNLGT9o5qHCzRJNLVrUiOEDcL0MkzedVFpkU5GeiVq3K3PrU6WckGDfQLJXod3UtWr qCPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :feedback-id:message-id:subject:cc:from:to:dkim-signature:date; bh=1GecTG6cMNHUnl55zwpVGr5SWiWDxMMvxrRphdMkDzM=; b=YEbeQ5EvwU7vPGmVonKeZFXnmm7A1jy5vRO1wSuaSsCfl3dpHKqbISmT6zW6FoMsS2 o0G+q2X3vbvCgJYwqlsiEXtTIKQbXRib5/n7MDraGnZ+Dgcdd/ezbdqdpam0pJ6EJd9I q1092wxaQYzd9lmhcKib5TmpnlU2l5IQEjEv+KQPUADUyJmFjd/H0ixvqPGiv6I8+XrK fVTu5mGssavkq4J6UfRxMJ+YdCfocTVVws36yba1qZOja3nZQuFYYMzXb/hDm4ll9A74 35MeOwf6kyj985yHbexblEqPVFuOSi7PB9M8otIeVisET/dI27Z1/CsxDcnFLVNWEAgA m/pw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b="H/mNqIvO"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a11-20020a17090a854b00b0023f86fda6b0si3167009pjw.51.2023.03.31.15.25.27; Fri, 31 Mar 2023 15:25:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b="H/mNqIvO"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233380AbjCaV4X (ORCPT + 99 others); Fri, 31 Mar 2023 17:56:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47716 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233384AbjCaV4I (ORCPT ); Fri, 31 Mar 2023 17:56:08 -0400 Received: from mail-4322.protonmail.ch (mail-4322.protonmail.ch [185.70.43.22]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 11C1B24AF4; Fri, 31 Mar 2023 14:55:35 -0700 (PDT) Date: Fri, 31 Mar 2023 21:54:41 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1680299693; x=1680558893; bh=1GecTG6cMNHUnl55zwpVGr5SWiWDxMMvxrRphdMkDzM=; h=Date:To:From:Cc:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector; b=H/mNqIvOr45ghmNt8qtgctkPuixhU+PCgVBeee893sIWCHl6p2qEZN27wioRs4E+n FqFbvKSBhEF3K3trcy9aH8/qQU9J8cROLpYIYkNal6jzEdiPV5Gpdd0FVFb+adqRfF zdhQnkhGl9QDb54OEJFhVIFwMG6Jkj8KVwKiw/OdzQWQg8QR1JRtKUdVljeQvf8oX4 +Qg0Eg2lNwkaU8E0Cu8qyhJvJrm6buuSXuvwgm2AVA82sfgYtHFQC2ofC/TZhPsfNP F/ICkJlIgQlSDtKX9mngxonjkcjfGPRs4crPUMcRz29WuC6hoxnBzw4FIE+m9IDCgS Qpro+dh3HIZXg== To: Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Alice Ryhl From: y86-dev@protonmail.com Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, patches@lists.linux.dev, Benno Lossin , Alice Ryhl , Andreas Hindborg Subject: [PATCH v4 14/15] rust: sync: reduce stack usage of `UniqueArc::try_new_uninit` Message-ID: <20230331215053.585759-15-y86-dev@protonmail.com> Feedback-ID: 40624463:user:proton MIME-Version: 1.0 X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_MSPIKE_H2, SPF_HELO_PASS,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1761923867051572011?= X-GMAIL-MSGID: =?utf-8?q?1761923867051572011?= From: Benno Lossin `UniqueArc::try_new_uninit` calls `Arc::try_new(MaybeUninit::uninit())`. This results in the uninitialized memory being placed on the stack, which may be arbitrarily large due to the generic `T` and thus could cause a stack overflow for large types. Change the implementation to use the pin-init API which enables in-place initialization. In particular it avoids having to first construct and then move the uninitialized memory from the stack into the final location. Signed-off-by: Benno Lossin Cc: Gary Guo Cc: Alice Ryhl Cc: Andreas Hindborg --- rust/kernel/lib.rs | 1 - rust/kernel/sync/arc.rs | 16 +++++++++++++--- 2 files changed, 13 insertions(+), 4 deletions(-) -- 2.39.2 diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs index 821bd067151c..2d7606135ef6 100644 --- a/rust/kernel/lib.rs +++ b/rust/kernel/lib.rs @@ -28,7 +28,6 @@ #[cfg(not(CONFIG_RUST))] compile_error!("Missing kernel configuration for conditional compilation"); -#[allow(unused_extern_crates)] // Allow proc-macros to refer to `::kernel` inside the `kernel` crate (this crate). extern crate self as kernel; diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index 24dc96603090..5f64affd8f33 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -17,7 +17,8 @@ use crate::{ bindings, - init::{InPlaceInit, Init, PinInit}, + init::{self, InPlaceInit, Init, PinInit}, + try_init, types::{ForeignOwnable, Opaque}, }; use alloc::boxed::Box; @@ -29,6 +30,7 @@ use core::{ pin::Pin, ptr::NonNull, }; +use macros::pin_data; /// A reference-counted pointer to an instance of `T`. /// @@ -121,6 +123,7 @@ pub struct Arc { _p: PhantomData>, } +#[pin_data] #[repr(C)] struct ArcInner { refcount: Opaque, @@ -501,9 +504,16 @@ impl UniqueArc { /// Tries to allocate a new [`UniqueArc`] instance whose contents are not initialised yet. pub fn try_new_uninit() -> Result>, AllocError> { - Ok(UniqueArc::> { + // INVARIANT: The refcount is initialised to a non-zero value. + let inner = Box::try_init::(try_init!(ArcInner { + // SAFETY: There are no safety requirements for this FFI call. + refcount: Opaque::new(unsafe { bindings::REFCOUNT_INIT(1) }), + data <- init::uninit::(), + }? AllocError))?; + Ok(UniqueArc { // INVARIANT: The newly-created object has a ref-count of 1. - inner: Arc::try_new(MaybeUninit::uninit())?, + // SAFETY: The pointer from the `Box` is valid. + inner: unsafe { Arc::from_inner(Box::leak(inner).into()) }, }) } } From patchwork Fri Mar 31 21:54:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: y86-dev X-Patchwork-Id: 78004 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp870752vqo; Fri, 31 Mar 2023 15:12:16 -0700 (PDT) X-Google-Smtp-Source: AKy350atYHKFfvMuUtV0LQ8vvc9SP9qFd09qF2ahN8QQ8BuQv6/gKvHwRC07UaVBBhGZ/9hShY8O X-Received: by 2002:a17:907:c015:b0:947:d9b1:89a3 with SMTP id ss21-20020a170907c01500b00947d9b189a3mr1885285ejc.27.1680300736688; Fri, 31 Mar 2023 15:12:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680300736; cv=none; d=google.com; s=arc-20160816; b=G3wMJuShbRuwRyT5DA3wj84ZF6On0JGV0d2Dq/O7Z4tTDlH4LTW0nT9ulbH+nTYZnr nDwj6k88ldwDbJwyOP6uq6hcS6BuB1zizvY1k6ucA0hZcPww4lqFJ0asKafOl1bK1QOe fnlX0nhpncOBuu3Ef+B6Ak63AztgcnqSyRUss66qF94r+QqbmBEJTxE8j2sKXgWJUDD6 kxoXG/OjHHa5S++HBaICaD7m2ZDJ2KbZcD/aDv+upe18fGUTlmV+E3yvQvoy1yH/HdKQ G8b0vKXjybavnsC1RzjmIurAzmYOMMkFSw0/32BbpB0H/sMkOMA4KcmouT3+CKgQ1GLx SuIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :feedback-id:message-id:subject:cc:from:to:dkim-signature:date; bh=KCurfW5Y+j7R5fMbjmPJwPW9L2YVYu9q3k1eOHB2SiI=; b=TKsh8TQS1KxKBEHrM8ylq18+jqvHzV7wp76T6n3Id1HEAZIY9g+brZYybKzzPbzEZ5 G2wESmVtjs5G1aw9O4yD3keTj2GkjTa7rkQUWgXTORftKEBw8FZHpsYUjewIplRPAdMF NcaeWhRtTZdaLOmNPkFfO5oEa3uvuF7e6Y3qFEPSit9sJ6RtDVxzvVoUq1sGIg5zCnAc Oco7/telQ7GyEewNGtE8SBzEDIglREGCkM8Z8Qn+E3WeV/fnnzHv5rimN++g3z0hQBGU eHf2gL5H7DO/Ah/ywS3dnD/XBavhXEmnMyTHwEzviJHHwSq7NiNMt1rgEJa3NuNl2Vua aFaw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=wxkdvrmX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id jl14-20020a17090775ce00b009448ef3cfb8si2786379ejc.614.2023.03.31.15.11.52; Fri, 31 Mar 2023 15:12:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=wxkdvrmX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233304AbjCaV43 (ORCPT + 99 others); Fri, 31 Mar 2023 17:56:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46988 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233316AbjCaV4S (ORCPT ); Fri, 31 Mar 2023 17:56:18 -0400 Received: from mail-40134.protonmail.ch (mail-40134.protonmail.ch [185.70.40.134]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 810472441C; Fri, 31 Mar 2023 14:55:48 -0700 (PDT) Date: Fri, 31 Mar 2023 21:54:52 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1680299697; x=1680558897; bh=KCurfW5Y+j7R5fMbjmPJwPW9L2YVYu9q3k1eOHB2SiI=; h=Date:To:From:Cc:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector; b=wxkdvrmXC/k4XiTyxLpBUK+Cqntvv+0ZjbikRImKsmvixU+eA6ryqIS9apKPmgana Ez+zL/wUyzlotdDxsXXe6U1I1SzleZvchId1yRlFa84YWxfolCXFFxyrXvHrvYdZuV Ox28mr33BMaizAA1dwxWFip6LQBuGhlFUpJmfNBNBJzlGLyc9DSlDLpJPWDp9Yju1R KZveNXe7wfAE1ukEJ8/KtRn0IxqwP7zGAaCqHhUQmPj13oI5t4hJzmhXsTUmepU3FP A0gyw27n11yAPgKQrz7gWFlfUI8QfSfhDAHm3imB5edueXzruT809K3erxWCPhlvjb iLNbQbj//iRQw== To: Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Alice Ryhl From: y86-dev@protonmail.com Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, patches@lists.linux.dev, Benno Lossin , Alice Ryhl , Andreas Hindborg Subject: [PATCH v4 15/15] rust: sync: add functions for initializing `UniqueArc>` Message-ID: <20230331215053.585759-16-y86-dev@protonmail.com> Feedback-ID: 40624463:user:proton MIME-Version: 1.0 X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_MSPIKE_H2, SPF_HELO_PASS,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1761923025355946095?= X-GMAIL-MSGID: =?utf-8?q?1761923025355946095?= From: Benno Lossin Add two functions `init_with` and `pin_init_with` to `UniqueArc>` to initialize the memory of already allocated `UniqueArc`s. This is useful when you want to allocate memory check some condition inside of a context where allocation is forbidden and then conditionally initialize an object. Signed-off-by: Benno Lossin Reviewed-by: Gary Guo Reviewed-by: Alice Ryhl Reviewed-by: Andreas Hindborg --- rust/kernel/sync/arc.rs | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) -- 2.39.2 diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index 5f64affd8f33..fddb7a2b1890 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -540,6 +540,30 @@ impl UniqueArc> { inner: unsafe { Arc::from_inner(inner.cast()) }, } } + + /// Initialize `self` using the given initializer. + pub fn init_with(mut self, init: impl Init) -> core::result::Result, E> { + // SAFETY: The supplied pointer is valid for initialization. + match unsafe { init.__init(self.as_mut_ptr()) } { + // SAFETY: Initialization completed successfully. + Ok(()) => Ok(unsafe { self.assume_init() }), + Err(err) => Err(err), + } + } + + /// Pin-initialize `self` using the given pin-initializer. + pub fn pin_init_with( + mut self, + init: impl PinInit, + ) -> core::result::Result>, E> { + // SAFETY: The supplied pointer is valid for initialization and we will later pin the value + // to ensure it does not move. + match unsafe { init.__pinned_init(self.as_mut_ptr()) } { + // SAFETY: Initialization completed successfully. + Ok(()) => Ok(unsafe { self.assume_init() }.into()), + Err(err) => Err(err), + } + } } impl From> for Pin> {