Re: [PATCH v4 1/5] rust: implement `kernel::sync::Refcount`

From: Benno Lossin
Date: Sun Jun 22 2025 - 17:05:43 EST

Next message: Abdelrahman Fekry: "Re: [PATCH v2] staging: media: atomisp: Replace scnprintf with sysfs_emit in bo_show"
Previous message: Benno Lossin: "Re: [PATCH v4 2/5] rust: make `Arc::into_unique_or_drop` associated function"
In reply to: Gary Guo: "[PATCH v4 1/5] rust: implement `kernel::sync::Refcount`"
Next in thread: Gary Guo: "Re: [PATCH v4 1/5] rust: implement `kernel::sync::Refcount`"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun Jun 22, 2025 at 2:57 PM CEST, Gary Guo wrote:
> +impl Refcount {
> + /// Construct a new [`Refcount`] from an initial value.
> + #[inline]
> + pub fn new(value: i32) -> Self {

Should we really allow users to set a negative value from the get-go?
Here a `u31` might come in real handy...

> + // SAFETY: There are no safety requirements for this FFI call.
> + Self(Opaque::new(unsafe { bindings::REFCOUNT_INIT(value) }))
> + }
> +
> + #[inline]
> + fn as_ptr(&self) -> *mut bindings::refcount_t {
> + self.0.get()
> + }
> +
> + /// Set a refcount's value.
> + #[inline]
> + pub fn set(&self, value: i32) {

Same here. We should of course provide a `saturate` function, but I
don't see a reason to set it to another negative value.

---
Cheers,
Benno

> + // SAFETY: `self.as_ptr()` is valid.
> + unsafe { bindings::refcount_set(self.as_ptr(), value) }
> + }

Next message: Abdelrahman Fekry: "Re: [PATCH v2] staging: media: atomisp: Replace scnprintf with sysfs_emit in bo_show"
Previous message: Benno Lossin: "Re: [PATCH v4 2/5] rust: make `Arc::into_unique_or_drop` associated function"
In reply to: Gary Guo: "[PATCH v4 1/5] rust: implement `kernel::sync::Refcount`"
Next in thread: Gary Guo: "Re: [PATCH v4 1/5] rust: implement `kernel::sync::Refcount`"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]