Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp13930315rwd; Sat, 24 Jun 2023 08:49:43 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5sSspPV6pR/v3srPtOarZznNzlSTDTN1gr/+rSGeb+UnBdZFFmgZr7o4TQnSUZqGomWMWa X-Received: by 2002:a17:902:c946:b0:1af:a2a4:837f with SMTP id i6-20020a170902c94600b001afa2a4837fmr1389712pla.26.1687621783590; Sat, 24 Jun 2023 08:49:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687621783; cv=none; d=google.com; s=arc-20160816; b=m6XyivFj2mfb/9yB7SlsMa1n5siPy7sityYLyzT9PlxvaE1q0SDzVZT1fC3ibfKWM/ Vfl+VpQGpthSg5WJZhwuFxTwWT28/wPipWKiIkWRoao3qmR/l2UFlzbpDavV+PEvyRxf 23OPKCs3IcfDLUct+rknyF/ranbIBUIq9evPdp7kmOqx06nFI+5kpG0/qjf/izz9jpvi VHJr3hGgRLYDYgZpsAxm1Ovcenf7qBsCZeJWhQkJ7NTC/xqonJcxTUK47apPMPhcmhvJ DWSPyc7FNo80zDR03SZKdajOgiBEPfde5NYScmxQIZyo2b7c4BqB/Wp8iaAc1CE1OvqH xZUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :feedback-id:references:in-reply-to:message-id:subject:cc:from:to :dkim-signature:date; bh=PGrRg8/LesaPKKANzQnFHjiA3Roa28wYAQr/ty0Oxv0=; fh=G5JJZHPpWxnD6ZFNcd5f5J3pAM1l8A+sr+uFjGq+s0E=; b=K3Qthtw6JqTqJQJtHiC3bUDPzqXcAfRXUzvy41Vc20N5VKHhF3IBHrc6J5w2LexDph sKUes5tEtqV9fbwu+pmX0Y/9Eu8/A72dnkx+OaKLvcLfZ5wZfYe56sLr6HDCPNciOa7B /v0Yso8yYUmdjHfzJcVTGTHxI715EGjZzaIkkeXtoD2M6keM5GuVZT4wSb2akBrqnyMU oo117ogvhaXe5M12MtXuWnCCfBu73tWpd7qtAakbabE06XMMTPrD8KXuf4L/Q3cNcdFl q/Wb4Cc4kVqf6PYSxazr2ySJNJGl0or2T+4dZIFJqLeJxFFFCfsskNiIWtID8xPdhjAm xlKA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=Z00Av2p9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id iw1-20020a170903044100b001b3c62d71ccsi1429123plb.227.2023.06.24.08.49.30; Sat, 24 Jun 2023 08:49:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=Z00Av2p9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232981AbjFXO7C (ORCPT + 99 others); Sat, 24 Jun 2023 10:59:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44690 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230116AbjFXO7A (ORCPT ); Sat, 24 Jun 2023 10:59:00 -0400 Received: from mail-0301.mail-europe.com (mail-0301.mail-europe.com [188.165.51.139]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3EB7F1B4 for ; Sat, 24 Jun 2023 07:58:59 -0700 (PDT) Date: Sat, 24 Jun 2023 14:58:50 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1687618734; x=1687877934; bh=PGrRg8/LesaPKKANzQnFHjiA3Roa28wYAQr/ty0Oxv0=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=Z00Av2p9BVo2ONknTbvNUUaLKcap3c75jTieiUM6I/ztToIqLInzdQXOqEVPC40lI TN2P9I1qs+IC+T0thp+i0TQfS0Sq/DFX6E284xWT9HaqBA7UlZ4er4Hv46kIPxRDM2 uwyMIZPSErZYLQxQkADQ6nqAsK1SH+dPXFeXDHOztihR12KyQKKzah5RgQDYSNAEiU v4d1KD2xSVIRedNHbXXzy2+5pBG9IeP/IZXrCw9S6lcOUyiT9LO2CAtgu1+w1MMQCl 1JgIPZ5ji68SoB+UrdVfCN5785wVu07mMAKAb+OTTeD9c4Nwzb/aJfQljruQXSzoGf xd1h737Yg2l5A== To: Benno Lossin From: =?utf-8?Q?Bj=C3=B6rn_Roy_Baron?= Cc: Miguel Ojeda , Wedson Almeida Filho , Alex Gaynor , Boqun Feng , Gary Guo , Alice Ryhl , Andreas Hindborg , rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, patches@lists.linux.dev, Asahi Lina Subject: Re: [PATCH 3/7] rust: init: make guards in the init macros hygienic Message-ID: In-Reply-To: <20230624092330.157338-3-benno.lossin@proton.me> References: <20230624092330.157338-1-benno.lossin@proton.me> <20230624092330.157338-3-benno.lossin@proton.me> Feedback-ID: 27884398:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Saturday, June 24th, 2023 at 11:25, Benno Lossin wrote: > Use hygienic identifiers for the guards instead of the field names. This > makes the init macros feel more like normal struct initializers, since > assigning identifiers with the name of a field does not create > conflicts. > Also change the internals of the guards, no need to make the `forget` > function `unsafe`, since users cannot access the guards anyways. Now the > guards are carried directly on the stack and have no extra `Cell` > field that marks if they have been forgotten or not, instead they are > just forgotten via `mem::forget`. >=20 > Suggested-by: Asahi Lina > Signed-off-by: Benno Lossin Reviewed-by: Bj=C3=B6rn Roy Baron > --- > rust/kernel/init.rs | 1 - > rust/kernel/init/__internal.rs | 25 +++------------ > rust/kernel/init/macros.rs | 56 ++++++++++++---------------------- > 3 files changed, 23 insertions(+), 59 deletions(-) >=20 > diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs > index d9a91950cba2..ecf6a4bd0ce4 100644 > --- a/rust/kernel/init.rs > +++ b/rust/kernel/init.rs > @@ -206,7 +206,6 @@ > use alloc::boxed::Box; > use core::{ > alloc::AllocError, > - cell::Cell, > convert::Infallible, > marker::PhantomData, > mem::MaybeUninit, > diff --git a/rust/kernel/init/__internal.rs b/rust/kernel/init/__internal= .rs > index 44751fb62b51..7abd1fb65e41 100644 > --- a/rust/kernel/init/__internal.rs > +++ b/rust/kernel/init/__internal.rs > @@ -174,7 +174,6 @@ pub fn init(self: Pin<&mut Self>, init: impl PinIn= it) -> Result /// Can be forgotten to prevent the drop. > pub struct DropGuard { > ptr: *mut T, > - do_drop: Cell, > } >=20 > impl DropGuard { > @@ -190,32 +189,16 @@ impl DropGuard { > /// - will not be dropped by any other means. > #[inline] > pub unsafe fn new(ptr: *mut T) -> Self { > - Self { > - ptr, > - do_drop: Cell::new(true), > - } > - } > - > - /// Prevents this guard from dropping the supplied pointer. > - /// > - /// # Safety > - /// > - /// This function is unsafe in order to prevent safe code from forge= tting this guard. It should > - /// only be called by the macros in this module. > - #[inline] > - pub unsafe fn forget(&self) { > - self.do_drop.set(false); > + Self { ptr } > } > } >=20 > impl Drop for DropGuard { > #[inline] > fn drop(&mut self) { > - if self.do_drop.get() { > - // SAFETY: A `DropGuard` can only be constructed using the u= nsafe `new` function > - // ensuring that this operation is safe. > - unsafe { ptr::drop_in_place(self.ptr) } > - } > + // SAFETY: A `DropGuard` can only be constructed using the unsaf= e `new` function > + // ensuring that this operation is safe. > + unsafe { ptr::drop_in_place(self.ptr) } > } > } >=20 > diff --git a/rust/kernel/init/macros.rs b/rust/kernel/init/macros.rs > index e8165ff53a94..df4281743175 100644 > --- a/rust/kernel/init/macros.rs > +++ b/rust/kernel/init/macros.rs > @@ -992,7 +992,6 @@ impl<$($impl_generics)*> $pin_data<$($ty_generics)*> > /// - `init_slot`: recursively creates the code that initializes all fie= lds in `slot`. > /// - `make_initializer`: recursively create the struct initializer that= guarantees that every > /// field has been initialized exactly once. > -/// - `forget_guards`: recursively forget the drop guards for every fiel= d. > #[doc(hidden)] > #[macro_export] > macro_rules! __init_internal { > @@ -1032,6 +1031,7 @@ macro_rules! __init_internal { > $crate::__init_internal!(init_slot($($use_data)?): > @data(data), > @slot(slot), > + @guards(), > @munch_fields($($fields)*,), > ); > // We use unreachable code to ensure that all fields= have been mentioned exactly > @@ -1046,10 +1046,6 @@ macro_rules! __init_internal { > @acc(), > ); > } > - // Forget all guards, since initialization was a suc= cess. > - $crate::__init_internal!(forget_guards: > - @munch_fields($($fields)*,), > - ); > } > Ok(__InitOk) > } > @@ -1063,13 +1059,17 @@ macro_rules! __init_internal { > (init_slot($($use_data:ident)?): > @data($data:ident), > @slot($slot:ident), > + @guards($($guards:ident,)*), > @munch_fields($(,)?), > ) =3D> { > - // Endpoint of munching, no fields are left. > + // Endpoint of munching, no fields are left. If execution reache= s this point, all fields > + // have been initialized. Therefore we can now dismiss the guard= s by forgetting them. > + $(::core::mem::forget($guards);)* > }; > (init_slot($use_data:ident): // use_data is present, so we use the `= data` to init fields. > @data($data:ident), > @slot($slot:ident), > + @guards($($guards:ident,)*), > // In-place initialization syntax. > @munch_fields($field:ident <- $val:expr, $($rest:tt)*), > ) =3D> { > @@ -1080,24 +1080,26 @@ macro_rules! __init_internal { > // return when an error/panic occurs. > // We also use the `data` to require the correct trait (`Init` o= r `PinInit`) for `$field`. > unsafe { $data.$field(::core::ptr::addr_of_mut!((*$slot).$field)= , $field)? }; > - // Create the drop guard. > + // Create the drop guard: > // > - // We only give access to `&DropGuard`, so it cannot be forgotte= n via safe code. > + // We rely on macro hygiene to make it impossible for users to a= ccess this local variable. > // > // SAFETY: We forget the guard later when initialization has suc= ceeded. > - let $field =3D &unsafe { > + let guard =3D unsafe { > $crate::init::__internal::DropGuard::new(::core::ptr::addr_o= f_mut!((*$slot).$field)) > }; >=20 > $crate::__init_internal!(init_slot($use_data): > @data($data), > @slot($slot), > + @guards(guard, $($guards,)*), > @munch_fields($($rest)*), > ); > }; > (init_slot(): // no use_data, so we use `Init::__init` directly. > @data($data:ident), > @slot($slot:ident), > + @guards($($guards:ident,)*), > // In-place initialization syntax. > @munch_fields($field:ident <- $val:expr, $($rest:tt)*), > ) =3D> { > @@ -1107,24 +1109,26 @@ macro_rules! __init_internal { > // SAFETY: `slot` is valid, because we are inside of an initiali= zer closure, we > // return when an error/panic occurs. > unsafe { $crate::init::Init::__init($field, ::core::ptr::addr_of= _mut!((*$slot).$field))? }; > - // Create the drop guard. > + // Create the drop guard: > // > - // We only give access to `&DropGuard`, so it cannot be forgotte= n via safe code. > + // We rely on macro hygiene to make it impossible for users to a= ccess this local variable. > // > // SAFETY: We forget the guard later when initialization has suc= ceeded. > - let $field =3D &unsafe { > + let guard =3D unsafe { > $crate::init::__internal::DropGuard::new(::core::ptr::addr_o= f_mut!((*$slot).$field)) > }; >=20 > $crate::__init_internal!(init_slot(): > @data($data), > @slot($slot), > + @guards(guard, $($guards,)*), > @munch_fields($($rest)*), > ); > }; > (init_slot($($use_data:ident)?): > @data($data:ident), > @slot($slot:ident), > + @guards($($guards:ident,)*), > // Init by-value. > @munch_fields($field:ident $(: $val:expr)?, $($rest:tt)*), > ) =3D> { > @@ -1135,16 +1139,17 @@ macro_rules! __init_internal { > unsafe { ::core::ptr::write(::core::ptr::addr_of_mut!((*$slot).$= field), $field) }; > // Create the drop guard: > // > - // We only give access to `&DropGuard`, so it cannot be accident= ally forgotten. > + // We rely on macro hygiene to make it impossible for users to a= ccess this local variable. > // > // SAFETY: We forget the guard later when initialization has suc= ceeded. > - let $field =3D &unsafe { > + let guard =3D unsafe { > $crate::init::__internal::DropGuard::new(::core::ptr::addr_o= f_mut!((*$slot).$field)) > }; >=20 > $crate::__init_internal!(init_slot($($use_data)?): > @data($data), > @slot($slot), > + @guards(guard, $($guards,)*), > @munch_fields($($rest)*), > ); > }; > @@ -1189,29 +1194,6 @@ macro_rules! __init_internal { > @acc($($acc)* $field: ::core::panic!(),), > ); > }; > - (forget_guards: > - @munch_fields($(,)?), > - ) =3D> { > - // Munching finished. > - }; > - (forget_guards: > - @munch_fields($field:ident <- $val:expr, $($rest:tt)*), > - ) =3D> { > - unsafe { $crate::init::__internal::DropGuard::forget($field) }; > - > - $crate::__init_internal!(forget_guards: > - @munch_fields($($rest)*), > - ); > - }; > - (forget_guards: > - @munch_fields($field:ident $(: $val:expr)?, $($rest:tt)*), > - ) =3D> { > - unsafe { $crate::init::__internal::DropGuard::forget($field) }; > - > - $crate::__init_internal!(forget_guards: > - @munch_fields($($rest)*), > - ); > - }; > } >=20 > #[doc(hidden)] > -- > 2.41.0