Thank you for your contribution! Sashiko AI review found 1 potential issue(s) 
to consider:
- [Low] Small functions in the `ForeignOwnable` trait implementation for 
`ARef<T>` are missing `#[inline]` annotations.
--

commit 5f304b2260799e0fe0be8848ec9e82f882fdc711
Author: Danilo Krummrich <[email protected]>

rust: types: implement ForeignOwnable for ARef<T>

This commit implements ForeignOwnable for ARef<T>, making it possible for
C code to own an ARef<T>. Since ARef represents shared ownership,
BorrowedMut is &T rather than &mut T, matching the semantics of the
underlying reference-counted type.

> diff --git a/rust/kernel/sync/aref.rs b/rust/kernel/sync/aref.rs
> index 9989f56d06052..82907383c44b5 100644
> --- a/rust/kernel/sync/aref.rs
> +++ b/rust/kernel/sync/aref.rs
[ ... ]
> @@ -183,6 +187,41 @@ fn eq(&self, other: &ARef<U>) -> bool {
>  }
>  impl<T: AlwaysRefCounted + Eq> Eq for ARef<T> {}
>  
> +// SAFETY: `into_foreign` returns a pointer from `NonNull::as_ptr`, so it's 
> non-null. The
> +// `ARef` invariant guarantees that `ptr` points to a valid `T`, so it's 
> aligned to `T`.
> +unsafe impl<T: AlwaysRefCounted + 'static> ForeignOwnable for ARef<T> {
> +    const FOREIGN_ALIGN: usize = core::mem::align_of::<T>();
> +
> +    type Borrowed<'a> = &'a T;
> +    type BorrowedMut<'a> = &'a T;
> +
> +    fn into_foreign(self) -> *mut c_void {
> +        ARef::into_raw(self).as_ptr().cast()
> +    }

[Severity: Low]
This isn't a bug, but according to the Rust subsystem guidelines, should this
small forwarding function in the abstraction be annotated with #[inline]?

> +
> +    unsafe fn from_foreign(ptr: *mut c_void) -> Self {
> +        // SAFETY: The safety requirements of this function ensure that 
> `ptr` comes from a previous
> +        // call to `Self::into_foreign`.
> +        let ptr = unsafe { NonNull::new_unchecked(ptr.cast()) };
> +
> +        // SAFETY: `ptr` came from `into_foreign`, which consumed an `ARef` 
> without decrementing
> +        // the refcount, so we can transfer the ownership to the new `ARef`.
> +        unsafe { ARef::from_raw(ptr) }
> +    }

[Severity: Low]
This isn't a bug, but should from_foreign() also be annotated with #[inline]
since it is a small forwarding function?

> +
> +    unsafe fn borrow<'a>(ptr: *mut c_void) -> &'a T {
> +        // SAFETY: The safety requirements of this method ensure that the 
> object remains alive and
> +        // immutable for the duration of 'a.
> +        unsafe { &*ptr.cast() }
> +    }

[Severity: Low]
This isn't a bug, but should borrow() also be annotated with #[inline]?

> +
> +    unsafe fn borrow_mut<'a>(ptr: *mut c_void) -> &'a T {
> +        // SAFETY: The safety requirements for `borrow_mut` are a superset 
> of the safety
> +        // requirements for `borrow`.
> +        unsafe { <Self as ForeignOwnable>::borrow(ptr) }
> +    }

[Severity: Low]
This isn't a bug, but should borrow_mut() also be annotated with #[inline]?

> +}

-- 
Sashiko AI review ยท 
https://sashiko.dev/#/patchset/[email protected]?part=1

Reply via email to