Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider: - [Low] Small functions in the `ForeignOwnable` trait implementation for `ARef<T>` are missing `#[inline]` annotations. --
commit 5f304b2260799e0fe0be8848ec9e82f882fdc711 Author: Danilo Krummrich <[email protected]> rust: types: implement ForeignOwnable for ARef<T> This commit implements ForeignOwnable for ARef<T>, making it possible for C code to own an ARef<T>. Since ARef represents shared ownership, BorrowedMut is &T rather than &mut T, matching the semantics of the underlying reference-counted type. > diff --git a/rust/kernel/sync/aref.rs b/rust/kernel/sync/aref.rs > index 9989f56d06052..82907383c44b5 100644 > --- a/rust/kernel/sync/aref.rs > +++ b/rust/kernel/sync/aref.rs [ ... ] > @@ -183,6 +187,41 @@ fn eq(&self, other: &ARef<U>) -> bool { > } > impl<T: AlwaysRefCounted + Eq> Eq for ARef<T> {} > > +// SAFETY: `into_foreign` returns a pointer from `NonNull::as_ptr`, so it's > non-null. The > +// `ARef` invariant guarantees that `ptr` points to a valid `T`, so it's > aligned to `T`. > +unsafe impl<T: AlwaysRefCounted + 'static> ForeignOwnable for ARef<T> { > + const FOREIGN_ALIGN: usize = core::mem::align_of::<T>(); > + > + type Borrowed<'a> = &'a T; > + type BorrowedMut<'a> = &'a T; > + > + fn into_foreign(self) -> *mut c_void { > + ARef::into_raw(self).as_ptr().cast() > + } [Severity: Low] This isn't a bug, but according to the Rust subsystem guidelines, should this small forwarding function in the abstraction be annotated with #[inline]? > + > + unsafe fn from_foreign(ptr: *mut c_void) -> Self { > + // SAFETY: The safety requirements of this function ensure that > `ptr` comes from a previous > + // call to `Self::into_foreign`. > + let ptr = unsafe { NonNull::new_unchecked(ptr.cast()) }; > + > + // SAFETY: `ptr` came from `into_foreign`, which consumed an `ARef` > without decrementing > + // the refcount, so we can transfer the ownership to the new `ARef`. > + unsafe { ARef::from_raw(ptr) } > + } [Severity: Low] This isn't a bug, but should from_foreign() also be annotated with #[inline] since it is a small forwarding function? > + > + unsafe fn borrow<'a>(ptr: *mut c_void) -> &'a T { > + // SAFETY: The safety requirements of this method ensure that the > object remains alive and > + // immutable for the duration of 'a. > + unsafe { &*ptr.cast() } > + } [Severity: Low] This isn't a bug, but should borrow() also be annotated with #[inline]? > + > + unsafe fn borrow_mut<'a>(ptr: *mut c_void) -> &'a T { > + // SAFETY: The safety requirements for `borrow_mut` are a superset > of the safety > + // requirements for `borrow`. > + unsafe { <Self as ForeignOwnable>::borrow(ptr) } > + } [Severity: Low] This isn't a bug, but should borrow_mut() also be annotated with #[inline]? > +} -- Sashiko AI review ยท https://sashiko.dev/#/patchset/[email protected]?part=1
