"Benno Lossin" <lossin@xxxxxxxxxx> writes:
> On Thu Jun 12, 2025 at 3:09 PM CEST, Andreas Hindborg wrote:
>> The intended implementations of `ForeignOwnable` will not return null
>> pointers from `into_foreign`, as this would render the implementation of
>> `try_from_foreign` useless. Current users of `ForeignOwnable` rely on
>> `into_foreign` returning non-null pointers. So require `into_foreign` to
>> return non-null pointers.
>>
>> Suggested-by: Benno Lossin <lossin@xxxxxxxxxx>
>> Suggested-by: Alice Ryhl <aliceryhl@xxxxxxxxxx>
>> Signed-off-by: Andreas Hindborg <a.hindborg@xxxxxxxxxx>
>> ---
>> rust/kernel/types.rs | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
>> index c156808a78d3..63a2559a545f 100644
>> --- a/rust/kernel/types.rs
>> +++ b/rust/kernel/types.rs
>> @@ -43,6 +43,7 @@ pub unsafe trait ForeignOwnable: Sized {
>> /// # Guarantees
>> ///
>> /// - Minimum alignment of returned pointer is [`Self::FOREIGN_ALIGN`].
>> + /// - The returned pointer is not null.
>
> This also needs to be mentioned in the `Safety` section of this trait.
> Alternatively you can put "Implementers must ensure the guarantees on
> [`into_foreign`] are upheld." or similar.
Which is exactly what I did :)
Best regards,
Andreas Hindborg
