"Benno Lossin" <lossin@xxxxxxxxxx> writes:
> On Tue Jun 10, 2025 at 1:30 PM CEST, Andreas Hindborg wrote:
>> diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
>> index 22985b6f6982..0ccef6b5a20a 100644
>> --- a/rust/kernel/types.rs
>> +++ b/rust/kernel/types.rs
>> @@ -21,15 +21,11 @@
>> ///
>> /// # Safety
>> ///
>> -/// Implementers must ensure that [`into_foreign`] returns a pointer which meets the alignment
>> -/// requirements of [`PointedTo`].
>> -///
>> -/// [`into_foreign`]: Self::into_foreign
>> -/// [`PointedTo`]: Self::PointedTo
>> +/// Implementers must ensure that [`Self::into_foreign`] returns pointers aligned to
>> +/// [`Self::FOREIGN_ALIGN`].
>> pub unsafe trait ForeignOwnable: Sized {
>> - /// Type used when the value is foreign-owned. In practical terms only defines the alignment of
>> - /// the pointer.
>> - type PointedTo;
>> + /// The alignment of pointers returned by `into_foreign`.
>> + const FOREIGN_ALIGN: usize;
>>
>> /// Type used to immutably borrow a value that is currently foreign-owned.
>> type Borrowed<'a>;
>> @@ -39,18 +35,20 @@ pub unsafe trait ForeignOwnable: Sized {
>>
>> /// Converts a Rust-owned object to a foreign-owned one.
>> ///
>> + /// The foreign representation is a pointer to void. Aside from the guarantees listed below,
>
> I feel like this reads better:
>
> s/guarantees/ones/
>
>> + /// there are no other guarantees for this pointer. For example, it might be invalid, dangling
>
> We should also mention that it could be null. (or is that assumption
> wrong?)
It is probably not going to be null, but it is allowed to. I can add it.
The list does not claim to be exhaustive, and a null pointer is just a
special case of an invalid pointer.
Best regards,
Andreas Hindborg
