Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp1369907rwl; Fri, 7 Apr 2023 15:01:17 -0700 (PDT) X-Google-Smtp-Source: AKy350Y4CoIJyNJuRcH5lA0jvpwXYX1Q+reCk8ET2riYNYFZ+XuQCN5fgS+EQFXg19LyPpTSntEe X-Received: by 2002:a50:ed85:0:b0:504:7fdc:df16 with SMTP id h5-20020a50ed85000000b005047fdcdf16mr2466045edr.29.1680904877065; Fri, 07 Apr 2023 15:01:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680904877; cv=none; d=google.com; s=arc-20160816; b=sNymlpn891XO/t3HiK/SPtzjTvQGrskR4nQCeV8VGw9sYTF0BT2D9xKX5ibjJZdsd7 qfdicYJslp1r7flh4j4O8oJT6UK0LCZP8lsNaT4fV8mCU9HcJcVJbyWyFVj22At+WW8P V8uFBYMCW2/O+1+oFjLLpHHXYYTlo4lRJOCocgqTqtTHVkZ6F19OSe7oAVCRRoesBXMU UDmTgjJxsB+dzQLiLTyM6piW0i4O13bLkVXcUdat5SYMP7dhblSP1IhlpbTnRL9uR5FO vG1aFB/2Wg5gXNaIUjdT90fDBh7fw+Vn5Cq5bfqkS6X9M4m5zSfAxYlEeK97wymRGLOr vD4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :feedback-id:references:in-reply-to:message-id:subject:cc:from:to :dkim-signature:date; bh=/4akTJdCic2QY2I7m0VwCcocwGvSRK4Skfpuoyu1kww=; b=l832tQGBD6m2RWqdD0sMjTQYBO0OV0VUWcYNL7qiywi+4nA+2CMGQ9T5W7b8s9TI26 66e+ezwdPWSm3rCvhoqjjjjuN9nueWtQW2Dd14t/EWWWZn2cskiWLC8svnlnJJfmqrN3 rfFJTFwO2yBjaBSrZUKQkogEKYJHgQgJwZURZHaIH36lvvWSX6pEwB9ncQlTBEq98x49 SElcq/5yni/2c74QM7to0DZHXHEuOPa+1oy8DieCnpY3p1wO7w7pRQni72PjszBjwER7 f4tfqm+9/0aD+0gLi/4j720fhd9J8rwcOks856/6vcIxhXBbSNc9evC3ftGcKu8MQGqT Qtow== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=uU2Fx9cU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p1-20020a056402074100b004acdf8ed00asi4168669edy.3.2023.04.07.15.00.52; Fri, 07 Apr 2023 15:01:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=uU2Fx9cU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229666AbjDGV7j (ORCPT + 99 others); Fri, 7 Apr 2023 17:59:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54936 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231379AbjDGV7i (ORCPT ); Fri, 7 Apr 2023 17:59:38 -0400 Received: from mail-40133.protonmail.ch (mail-40133.protonmail.ch [185.70.40.133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D0A307ED0 for ; Fri, 7 Apr 2023 14:59:36 -0700 (PDT) Date: Fri, 07 Apr 2023 21:59:20 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1680904774; x=1681163974; bh=/4akTJdCic2QY2I7m0VwCcocwGvSRK4Skfpuoyu1kww=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=uU2Fx9cUTnwZVafX317cac7uuUYBszjxUHcrXR0M/49VMnpHsIFWvicKQmUXyGfGw yo3iax0MkyH3ttcV2HgFBhzSdV+hnBij/umqs9nXUQwapzsGIPEL+XrcdVJFvZNN+9 WxcFazU6mh/WXaa3swlfQnNMUgVATSAZT6HKxjKi1GmnUdgWc/OYG+sA+uN7ST6NbY s/Fr1U1SwkmObE7e8g2aq+LBX9GHUTc4u81/FUDQu4wzjktFYqYJElNc9DGcWirqvK aT5++lwop2chx993BQyfLsVnjKejfP25T4LXza0rkQRyS6uZWkxsKrRylQZovUxLx0 ld8n//87XrniA== To: Wedson Almeida Filho , rust-for-linux@vger.kernel.org From: Benno Lossin Cc: Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?Q?Bj=C3=B6rn_Roy_Baron?= , linux-kernel@vger.kernel.org, Wedson Almeida Filho Subject: Re: [PATCH v2 08/13] rust: introduce `ARef` Message-ID: <236fe27d-ce0c-88e0-6830-f4079ef23a87@protonmail.com> In-Reply-To: <20230405175111.5974-8-wedsonaf@gmail.com> References: <20230405175111.5974-1-wedsonaf@gmail.com> <20230405175111.5974-8-wedsonaf@gmail.com> Feedback-ID: 40624463:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_MSPIKE_H2, SPF_HELO_PASS,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 05.04.23 19:51, Wedson Almeida Filho wrote: > From: Wedson Almeida Filho > > This is an owned reference to an object that is always ref-counted. This > is meant to be used in wrappers for C types that have their own ref > counting functions, for example, tasks, files, inodes, dentries, etc. > > Signed-off-by: Wedson Almeida Filho > --- > v1 -> v2: No changes > > rust/kernel/types.rs | 107 +++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 107 insertions(+) > > diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs > index dbfae9bb97ce..b071730253c7 100644 > --- a/rust/kernel/types.rs > +++ b/rust/kernel/types.rs > @@ -6,8 +6,10 @@ use crate::init::{self, PinInit}; > use alloc::boxed::Box; > use core::{ > cell::UnsafeCell, > + marker::PhantomData, > mem::MaybeUninit, > ops::{Deref, DerefMut}, > + ptr::NonNull, > }; > > /// Used to transfer ownership to and from foreign (non-Rust) languages= . > @@ -295,6 +297,111 @@ opaque_init_funcs! { > "Rust" manual_init4(arg1: A1, arg2: A2, arg3: A3, arg4: A4); > } > > +/// Types that are _always_ reference counted. > +/// > +/// It allows such types to define their own custom ref increment and de= crement functions. > +/// Additionally, it allows users to convert from a shared reference `&T= ` to an owned reference > +/// [`ARef`]. > +/// > +/// This is usually implemented by wrappers to existing structures on th= e C side of the code. For > +/// Rust code, the recommendation is to use [`Arc`](crate::sync::Arc) to= create reference-counted > +/// instances of a type. > +/// > +/// # Safety > +/// > +/// Implementers must ensure that increments to the reference count keep= the object alive in memory > +/// at least until matching decrements are performed. > +/// > +/// Implementers must also ensure that all instances are reference-count= ed. (Otherwise they > +/// won't be able to honour the requirement that [`AlwaysRefCounted::inc= _ref`] keep the object > +/// alive.) > +pub unsafe trait AlwaysRefCounted { > + /// Increments the reference count on the object. > + fn inc_ref(&self); > + > + /// Decrements the reference count on the object. > + /// > + /// Frees the object when the count reaches zero. > + /// > + /// # Safety > + /// > + /// Callers must ensure that there was a previous matching increment= to the reference count, > + /// and that the object is no longer used after its reference count = is decremented (as it may > + /// result in the object being freed), unless the caller owns anothe= r increment on the refcount > + /// (e.g., it calls [`AlwaysRefCounted::inc_ref`] twice, then calls > + /// [`AlwaysRefCounted::dec_ref`] once). > + unsafe fn dec_ref(obj: NonNull); > +} > + > +/// An owned reference to an always-reference-counted object. > +/// > +/// The object's reference count is automatically decremented when an in= stance of [`ARef`] is > +/// dropped. It is also automatically incremented when a new instance is= created via > +/// [`ARef::clone`]. > +/// > +/// # Invariants > +/// > +/// The pointer stored in `ptr` is non-null and valid for the lifetime o= f the [`ARef`] instance. In > +/// particular, the [`ARef`] instance owns an increment on the underlyin= g object's reference count. > +pub struct ARef { > + ptr: NonNull, > + _p: PhantomData, > +} > + > +impl ARef { > + /// Creates a new instance of [`ARef`]. > + /// > + /// It takes over an increment of the reference count on the underly= ing object. > + /// > + /// # Safety > + /// > + /// Callers must ensure that the reference count was incremented at = least once, and that they > + /// are properly relinquishing one increment. That is, if there is o= nly one increment, callers > + /// must not use the underlying object anymore -- it is only safe to= do so via the newly > + /// created [`ARef`]. I think you should also mention that the pointee at `ptr` must live at least until this `ARef` decides to decrement the refcount. Otherwise I would interpret the docs as written to allow you to give a pointer to the stack and then free the backing storage and then continue to use the `ARef`. -- Cheers, Benno > + pub unsafe fn from_raw(ptr: NonNull) -> Self { > + // INVARIANT: The safety requirements guarantee that the new ins= tance now owns the > + // increment on the refcount. > + Self { > + ptr, > + _p: PhantomData, > + } > + } > +} > + > +impl Clone for ARef { > + fn clone(&self) -> Self { > + self.inc_ref(); > + // SAFETY: We just incremented the refcount above. > + unsafe { Self::from_raw(self.ptr) } > + } > +} > + > +impl Deref for ARef { > + type Target =3D T; > + > + fn deref(&self) -> &Self::Target { > + // SAFETY: The type invariants guarantee that the object is vali= d. > + unsafe { self.ptr.as_ref() } > + } > +} > + > +impl From<&T> for ARef { > + fn from(b: &T) -> Self { > + b.inc_ref(); > + // SAFETY: We just incremented the refcount above. > + unsafe { Self::from_raw(NonNull::from(b)) } > + } > +} > + > +impl Drop for ARef { > + fn drop(&mut self) { > + // SAFETY: The type invariants guarantee that the `ARef` owns th= e reference we're about to > + // decrement. > + unsafe { T::dec_ref(self.ptr) }; > + } > +} > + > /// A sum type that always holds either a value of type `L` or `R`. > pub enum Either { > /// Constructs an instance of [`Either`] containing a value of type= `L`. > -- > 2.34.1 >