Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp1307147rwl; Wed, 5 Apr 2023 15:11:45 -0700 (PDT) X-Google-Smtp-Source: AKy350Z0N/H/exGR+32CD/12ZjL6Wc3LhRTJPqyngibgGu6sUci7R4D+i4CAj8jWgjpdPJhJfIVR X-Received: by 2002:a17:907:9607:b0:930:3916:df19 with SMTP id gb7-20020a170907960700b009303916df19mr5933940ejc.5.1680732705531; Wed, 05 Apr 2023 15:11:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680732705; cv=none; d=google.com; s=arc-20160816; b=wx6mqtEbHY3K1ZrDEP0kmUtk+qMDXla2Gknw+qiu280a1HPNp9zNbNKwY3M3dMa8oL 2ObRDNvHgFQyVieYeKMMk3jShfPagFwAMat3WptZo9OQIFqbfeE68JcFaOgv5Fyy8DdU rJyNck7XkH2LAOjaSf/qjK+c++Pv0iqiDF9u8b0SHfcspXrIGRXvUbvIJOwkrvStApza zEWLuFBIS5WhE/pe15toN6KjeuEyaLBx2+voYElADoQ3JF4X6BNXD+710sLhPSjQnY0h RB6uZjir46iEamJ7HNcB3haIbqnNyCXTwr+HrQy9DfcD9ryOrR1BKUXWl2z5/mYY8V/N MNxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:in-reply-to:date:subject :cc:to:from:user-agent:references:dkim-signature; bh=9VV/LEg+1K/+PzJjj4wMMq87FxzLFqVRxIlDeAN3GtQ=; b=pOgl4JH3fW6dPLVwaw5yCgvWlfc0Rt9uzYyhCZN2GDpjCt8GhAYgUNqzfhyP/EKyeG Cg21KsYKeRmACOw0t2PTW3YcBuum95/oGyz4+276fE8zvtK5sHvxa2FUY8/89zkP4RgS gewx0BMzsWWdtqcUJzNYwV6D9tDoIV6CeEXzO1BqVDawNdtEelVcDZZ5lpiohqSnhUK0 RF4cu3G9z7NRRYcxhPfdg5vnu0JMH2c+uB2R7gILOpjVi9eyYHsnJ+vnWLl70IYRm3sL gwU5lYBMkzLmOUYiTdP+Gt8llT75e3vn/d1emUQ+u4GZ2MnTB1tkH+I27kDnJwnu/IYL Es9Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@metaspace-dk.20210112.gappssmtp.com header.s=20210112 header.b=1OjuUgQr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t9-20020a1709066bc900b0093b6e1440b3si1669838ejs.764.2023.04.05.15.11.20; Wed, 05 Apr 2023 15:11:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@metaspace-dk.20210112.gappssmtp.com header.s=20210112 header.b=1OjuUgQr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233950AbjDEWJP (ORCPT + 99 others); Wed, 5 Apr 2023 18:09:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45766 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231880AbjDEWJL (ORCPT ); Wed, 5 Apr 2023 18:09:11 -0400 Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 15FBD5FFB for ; Wed, 5 Apr 2023 15:09:09 -0700 (PDT) Received: by mail-ed1-x530.google.com with SMTP id er13so103712421edb.9 for ; Wed, 05 Apr 2023 15:09:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=metaspace-dk.20210112.gappssmtp.com; s=20210112; t=1680732547; h=mime-version:message-id:in-reply-to:date:subject:cc:to:from :user-agent:references:from:to:cc:subject:date:message-id:reply-to; bh=9VV/LEg+1K/+PzJjj4wMMq87FxzLFqVRxIlDeAN3GtQ=; b=1OjuUgQrRjuJT9p80ONTyaXNz4s8PdY39mhrpx1gJY02/lXWHqqaflfvLOguOuEzH7 cPhLjlOxFRb7b7qltgegR11aTNy7Sys/kbjFgBnzr2MAdq2RJWLTtmuRsci2bGGEpS6t cXh9aub7rqGGoZuCbbAYlrVe4ewXmV8Z75h79fzHAQOxwG+VmJ/R5BixX0dhLoKzX1BS rb56SXDcdA6VOPi6nXtexynwSPCn3zz+AoluEz6HQtfPk6Jmzfos4JE2V3xyv0UU+zqx nuYZGbVSnOlQzMgvf7mWlqtt8EIJmVsVU/SAy8TtxajrGH2HESEauYOFGu1KxT4Crpo2 xpmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680732547; h=mime-version:message-id:in-reply-to:date:subject:cc:to:from :user-agent:references:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=9VV/LEg+1K/+PzJjj4wMMq87FxzLFqVRxIlDeAN3GtQ=; b=Z9x50J5R8K1YWDcyUvZf4vj/PzYIyoydDQqC3ri/pSMfNXM47wtvH98O8h/8nKnarY OpALojWCyEu6J++j+DpWu985fnOfamegrCYBK+PoCR93EQWYW9ix90Qm/fsidS/EpCKW lm7vQxgCU6q2mFQhIDh+jz5bqHBfzDE8TE3Rr1LP/xr0FTICXW2n7V64u3np+Efo0y6v Ep0k7xqRJsF475DMEoeVRqRDODu2ApG7tb8qcos6sk4Bl7QVe+WvgsmSSyYTlaBicVEr UU+7qJSijy7MpYDmw9SQh3noSFSi92qHjhmdaJbzCo+jH9O04uzeDgwhtx1TfR+W7RPd bnSA== X-Gm-Message-State: AAQBX9dq2i71Mj7EbXA5MJgITH9OCGHslEDAXRXTld4CN9Tr+uZcPSBv XwesUrm5whYMMZS8wQfAramPUw== X-Received: by 2002:a17:906:4d08:b0:8bf:e95c:467b with SMTP id r8-20020a1709064d0800b008bfe95c467bmr4368186eju.63.1680732547550; Wed, 05 Apr 2023 15:09:07 -0700 (PDT) Received: from localhost ([79.142.230.34]) by smtp.gmail.com with ESMTPSA id i12-20020a1709064ecc00b008e8e975e185sm7857506ejv.32.2023.04.05.15.09.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Apr 2023 15:09:07 -0700 (PDT) References: <20230405193445.745024-1-y86-dev@protonmail.com> <20230405193445.745024-12-y86-dev@protonmail.com> User-agent: mu4e 1.10.1; emacs 28.2.50 From: Andreas Hindborg To: Benno Lossin Cc: Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , =?utf-8?Q?Bj=C3=B6rn?= Roy Baron , Alice Ryhl , rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, patches@lists.linux.dev, Alice Ryhl , Andreas Hindborg Subject: Re: [PATCH v6 11/15] rust: init: add `Zeroable` trait and `init::zeroed` function Date: Thu, 06 Apr 2023 00:08:28 +0200 In-reply-to: <20230405193445.745024-12-y86-dev@protonmail.com> Message-ID: <87lej6rngc.fsf@metaspace.dk> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=0.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Benno Lossin writes: > Add the `Zeroable` trait which marks types that can be initialized by > writing `0x00` to every byte of the type. Also add the `init::zeroed` > function that creates an initializer for a `Zeroable` type that writes > `0x00` to every byte. > > Signed-off-by: Benno Lossin > Reviewed-by: Alice Ryhl > Reviewed-by: Gary Guo > Cc: Andreas Hindborg > --- Reviewed-by: Andreas Hindborg > rust/kernel/init.rs | 97 ++++++++++++++++++++++++++++++++++++++++++++- > 1 file changed, 95 insertions(+), 2 deletions(-) > > diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs > index 99751375e7c8..ffd539e2f5ef 100644 > --- a/rust/kernel/init.rs > +++ b/rust/kernel/init.rs > @@ -195,8 +195,14 @@ use crate::{ > }; > use alloc::boxed::Box; > use core::{ > - alloc::AllocError, cell::Cell, convert::Infallible, marker::PhantomData, mem::MaybeUninit, > - pin::Pin, ptr, > + alloc::AllocError, > + cell::Cell, > + convert::Infallible, > + marker::PhantomData, > + mem::MaybeUninit, > + num::*, > + pin::Pin, > + ptr::{self, NonNull}, > }; > > #[doc(hidden)] > @@ -1323,3 +1329,90 @@ pub unsafe trait PinnedDrop: __internal::HasPinData { > /// automatically. > fn drop(self: Pin<&mut Self>, only_call_from_drop: __internal::OnlyCallFromDrop); > } > + > +/// Marker trait for types that can be initialized by writing just zeroes. > +/// > +/// # Safety > +/// > +/// The bit pattern consisting of only zeroes is a valid bit pattern for this type. In other words, > +/// this is not UB: > +/// > +/// ```rust,ignore > +/// let val: Self = unsafe { core::mem::zeroed() }; > +/// ``` > +pub unsafe trait Zeroable {} > + > +/// Create a new zeroed T. > +/// > +/// The returned initializer will write `0x00` to every byte of the given `slot`. > +#[inline] > +pub fn zeroed() -> impl Init { > + // SAFETY: Because `T: Zeroable`, all bytes zero is a valid bit pattern for `T` > + // and because we write all zeroes, the memory is initialized. > + unsafe { > + init_from_closure(|slot: *mut T| { > + slot.write_bytes(0, 1); > + Ok(()) > + }) > + } > +} > + > +macro_rules! impl_zeroable { > + ($($({$($generics:tt)*})? $t:ty, )*) => { > + $(unsafe impl$($($generics)*)? Zeroable for $t {})* > + }; > +} > + > +impl_zeroable! { > + // SAFETY: All primitives that are allowed to be zero. > + bool, > + char, > + u8, u16, u32, u64, u128, usize, > + i8, i16, i32, i64, i128, isize, > + f32, f64, > + > + // SAFETY: These are ZSTs, there is nothing to zero. > + {} PhantomData, core::marker::PhantomPinned, Infallible, (), > + > + // SAFETY: Type is allowed to take any value, including all zeros. > + {} MaybeUninit, > + > + // SAFETY: All zeros is equivalent to `None` (option layout optimization guarantee). > + Option, Option, Option, Option, > + Option, Option, > + Option, Option, Option, Option, > + Option, Option, > + > + // SAFETY: All zeros is equivalent to `None` (option layout optimization guarantee). > + // > + // In this case we are allowed to use `T: ?Sized`, since all zeros is the `None` variant. > + {} Option>, > + {} Option>, > + > + // SAFETY: `null` pointer is valid. > + // > + // We cannot use `T: ?Sized`, since the VTABLE pointer part of fat pointers is not allowed to be > + // null. > + // > + // When `Pointee` gets stabilized, we could use > + // `T: ?Sized where ::Metadata: Zeroable` > + {} *mut T, {} *const T, > + > + // SAFETY: `null` pointer is valid and the metadata part of these fat pointers is allowed to be > + // zero. > + {} *mut [T], {} *const [T], *mut str, *const str, > + > + // SAFETY: `T` is `Zeroable`. > + {} [T; N], {} Wrapping, > +} > + > +macro_rules! impl_tuple_zeroable { > + ($(,)?) => {}; > + ($first:ident, $($t:ident),* $(,)?) => { > + // SAFETY: All elements are zeroable and padding can be zero. > + unsafe impl<$first: Zeroable, $($t: Zeroable),*> Zeroable for ($first, $($t),*) {} > + impl_tuple_zeroable!($($t),* ,); > + } > +} > + > +impl_tuple_zeroable!(A, B, C, D, E, F, G, H, I, J);