On Thu Jun 12, 2025 at 3:09 PM CEST, Andreas Hindborg wrote:
> The intended implementations of `ForeignOwnable` will not return null
> pointers from `into_foreign`, as this would render the implementation of
> `try_from_foreign` useless. Current users of `ForeignOwnable` rely on
> `into_foreign` returning non-null pointers. So require `into_foreign` to
> return non-null pointers.
>
> Suggested-by: Benno Lossin <lossin@xxxxxxxxxx>
> Suggested-by: Alice Ryhl <aliceryhl@xxxxxxxxxx>
> Signed-off-by: Andreas Hindborg <a.hindborg@xxxxxxxxxx>
> ---
> rust/kernel/types.rs | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
> index c156808a78d3..63a2559a545f 100644
> --- a/rust/kernel/types.rs
> +++ b/rust/kernel/types.rs
> @@ -43,6 +43,7 @@ pub unsafe trait ForeignOwnable: Sized {
> /// # Guarantees
> ///
> /// - Minimum alignment of returned pointer is [`Self::FOREIGN_ALIGN`].
> + /// - The returned pointer is not null.
This also needs to be mentioned in the `Safety` section of this trait.
Alternatively you can put "Implementers must ensure the guarantees on
[`into_foreign`] are upheld." or similar.
---
Cheers,
Benno
> ///
> /// [`from_foreign`]: Self::from_foreign
> /// [`try_from_foreign`]: Self::try_from_foreign
