Re: [PATCH v3 2/2] rust: types: require `ForeignOwnable::into_foreign` return non-null

[Benno Lossin]

On Fri Jun 13, 2025 at 2:53 PM CEST, Andreas Hindborg wrote:
> "Benno Lossin" <lossin@xxxxxxxxxx> writes:
>
>> On Thu Jun 12, 2025 at 3:09 PM CEST, Andreas Hindborg wrote:
>>> The intended implementations of `ForeignOwnable` will not return null
>>> pointers from `into_foreign`, as this would render the implementation of
>>> `try_from_foreign` useless. Current users of `ForeignOwnable` rely on
>>> `into_foreign` returning non-null pointers. So require `into_foreign` to
>>> return non-null pointers.
>>>
>>> Suggested-by: Benno Lossin <lossin@xxxxxxxxxx>
>>> Suggested-by: Alice Ryhl <aliceryhl@xxxxxxxxxx>
>>> Signed-off-by: Andreas Hindborg <a.hindborg@xxxxxxxxxx>
>>> ---
>>>  rust/kernel/types.rs | 1 +
>>>  1 file changed, 1 insertion(+)
>>>
>>> diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
>>> index c156808a78d3..63a2559a545f 100644
>>> --- a/rust/kernel/types.rs
>>> +++ b/rust/kernel/types.rs
>>> @@ -43,6 +43,7 @@ pub unsafe trait ForeignOwnable: Sized {
>>>      /// # Guarantees
>>>      ///
>>>      /// - Minimum alignment of returned pointer is [`Self::FOREIGN_ALIGN`].
>>> +    /// - The returned pointer is not null.
>>
>> This also needs to be mentioned in the `Safety` section of this trait.
>> Alternatively you can put "Implementers must ensure the guarantees on
>> [`into_foreign`] are upheld." or similar.
>
> Which is exactly what I did :)

Ah didn't look at the first patch again, then it's fine :)

Reviewed-by: Benno Lossin <lossin@xxxxxxxxxx>

---
Cheers,
Benno