From 15ecd83dc06277385ad71dc7ea26911d9a79acaf Mon Sep 17 00:00:00 2001 From: Pekka Ristola Date: Tue, 27 May 2025 20:48:55 +0000 Subject: rust: file: mark `LocalFile` as `repr(transparent)` Unsafe code in `LocalFile`'s methods assumes that the type has the same layout as the inner `bindings::file`. This is not guaranteed by the default struct representation in Rust, but requires specifying the `transparent` representation. The `File` struct (which also wraps `bindings::file`) is already marked as `repr(transparent)`, so this change makes their layouts equivalent. Fixes: 851849824bb5 ("rust: file: add Rust abstraction for `struct file`") Closes: https://github.com/Rust-for-Linux/linux/issues/1165 Signed-off-by: Pekka Ristola Link: https://lore.kernel.org/20250527204636.12573-1-pekkarr@protonmail.com Reviewed-by: Benno Lossin Reviewed-by: Alice Ryhl Signed-off-by: Christian Brauner --- rust/kernel/fs/file.rs | 1 + 1 file changed, 1 insertion(+) (limited to 'rust/kernel/fs') diff --git a/rust/kernel/fs/file.rs b/rust/kernel/fs/file.rs index 13a0e44cd1aa..138693bdeb3f 100644 --- a/rust/kernel/fs/file.rs +++ b/rust/kernel/fs/file.rs @@ -219,6 +219,7 @@ unsafe impl AlwaysRefCounted for File { /// must be on the same thread as this file. /// /// [`assume_no_fdget_pos`]: LocalFile::assume_no_fdget_pos +#[repr(transparent)] pub struct LocalFile { inner: Opaque, } -- cgit From 946026ba4293a14970b4b0b72f5f0cbb698ad77e Mon Sep 17 00:00:00 2001 From: Pekka Ristola Date: Tue, 27 May 2025 20:48:59 +0000 Subject: rust: file: improve safety comments Some of the safety comments in `LocalFile`'s methods incorrectly refer to the `File` type instead of `LocalFile`, so fix them to use the correct type. Also add missing Markdown code spans around lifetimes in the safety comments, i.e. change 'a to `'a`. Link: https://github.com/Rust-for-Linux/linux/issues/1165 Signed-off-by: Pekka Ristola Link: https://lore.kernel.org/20250527204636.12573-2-pekkarr@protonmail.com Reviewed-by: Benno Lossin Reviewed-by: Alice Ryhl Signed-off-by: Christian Brauner --- rust/kernel/fs/file.rs | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'rust/kernel/fs') diff --git a/rust/kernel/fs/file.rs b/rust/kernel/fs/file.rs index 138693bdeb3f..72d84fb0e266 100644 --- a/rust/kernel/fs/file.rs +++ b/rust/kernel/fs/file.rs @@ -225,7 +225,7 @@ pub struct LocalFile { } // SAFETY: The type invariants guarantee that `LocalFile` is always ref-counted. This implementation -// makes `ARef` own a normal refcount. +// makes `ARef` own a normal refcount. unsafe impl AlwaysRefCounted for LocalFile { #[inline] fn inc_ref(&self) { @@ -236,7 +236,8 @@ unsafe impl AlwaysRefCounted for LocalFile { #[inline] unsafe fn dec_ref(obj: ptr::NonNull) { // SAFETY: To call this method, the caller passes us ownership of a normal refcount, so we - // may drop it. The cast is okay since `File` has the same representation as `struct file`. + // may drop it. The cast is okay since `LocalFile` has the same representation as + // `struct file`. unsafe { bindings::fput(obj.cast().as_ptr()) } } } @@ -274,7 +275,7 @@ impl LocalFile { #[inline] pub unsafe fn from_raw_file<'a>(ptr: *const bindings::file) -> &'a LocalFile { // SAFETY: The caller guarantees that the pointer is not dangling and stays valid for the - // duration of 'a. The cast is okay because `File` is `repr(transparent)`. + // duration of `'a`. The cast is okay because `LocalFile` is `repr(transparent)`. // // INVARIANT: The caller guarantees that there are no problematic `fdget_pos` calls. unsafe { &*ptr.cast() } @@ -348,7 +349,7 @@ impl File { #[inline] pub unsafe fn from_raw_file<'a>(ptr: *const bindings::file) -> &'a File { // SAFETY: The caller guarantees that the pointer is not dangling and stays valid for the - // duration of 'a. The cast is okay because `File` is `repr(transparent)`. + // duration of `'a`. The cast is okay because `File` is `repr(transparent)`. // // INVARIANT: The caller guarantees that there are no problematic `fdget_pos` calls. unsafe { &*ptr.cast() } -- cgit