Commit 5657c3a9 authored by Benno Lossin's avatar Benno Lossin Committed by Miguel Ojeda
Browse files

rust: add `ZeroableOption` and implement it instead of `Zeroable` for `Option<Box<T, A>>` 



When making pin-init its own crate, `Zeroable` will no longer be defined
by the kernel crate and thus implementing it for `Option<Box<T, A>>` is
no longer possible due to the orphan rule.
For this reason introduce a new `ZeroableOption` trait that circumvents
this problem.

Signed-off-by: default avatarBenno Lossin <benno.lossin@proton.me>
Reviewed-by: default avatarFiona Behrens <me@kloenk.dev>
Reviewed-by: default avatarAndreas Hindborg <a.hindborg@kernel.org>
Tested-by: default avatarAndreas Hindborg <a.hindborg@kernel.org>
Link: https://lore.kernel.org/r/20250308110339.2997091-11-benno.lossin@proton.me


Signed-off-by: default avatarMiguel Ojeda <ojeda@kernel.org>
parent 9d29c682

rust/kernel/alloc/kbox.rs

+2 −2
Original line number Diff line number Diff line
@@ -15,7 +15,7 @@ 
use core::ptr::NonNull;

use core::result::Result;



use crate::init::{InPlaceWrite, Init, PinInit, Zeroable};

use crate::init::{InPlaceWrite, Init, PinInit, ZeroableOption};

use crate::init_ext::InPlaceInit;

use crate::types::ForeignOwnable;
@@ -104,7 +104,7 @@ 
//

// In this case we are allowed to use `T: ?Sized`, since all zeros is the `None` variant and there

// is no problem with a VTABLE pointer being null.

unsafe impl<T: ?Sized, A: Allocator> Zeroable for Option<Box<T, A>> {}

unsafe impl<T: ?Sized, A: Allocator> ZeroableOption for Box<T, A> {}



// SAFETY: `Box` is `Send` if `T` is `Send` because the `Box` owns a `T`.

unsafe impl<T, A> Send for Box<T, A>

rust/pin-init/src/lib.rs

+11 −0
Original line number Diff line number Diff line
@@ -1297,6 +1297,17 @@ pub unsafe trait PinnedDrop: __internal::HasPinData { 
/// ```

pub unsafe trait Zeroable {}



/// Marker trait for types that allow `Option<Self>` to be set to all zeroes in order to write

/// `None` to that location.

///

/// # Safety

///

/// The implementer needs to ensure that `unsafe impl Zeroable for Option<Self> {}` is sound.

pub unsafe trait ZeroableOption {}



// SAFETY: by the safety requirement of `ZeroableOption`, this is valid.

unsafe impl<T: ZeroableOption> Zeroable for Option<T> {}



/// Create a new zeroed T.

///

/// The returned initializer will write `0x00` to every byte of the given `slot`.