[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250430-debugfs-rust-v2-3-2e8d3985812b@google.com>
Date: Wed, 30 Apr 2025 23:31:58 +0000
From: Matthew Maurer <mmaurer@...gle.com>
To: Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>,
Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>,
"Björn Roy Baron" <bjorn3_gh@...tonmail.com>, Benno Lossin <benno.lossin@...ton.me>,
Andreas Hindborg <a.hindborg@...nel.org>, Alice Ryhl <aliceryhl@...gle.com>,
Trevor Gross <tmgross@...ch.edu>, Danilo Krummrich <dakr@...nel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>, "Rafael J. Wysocki" <rafael@...nel.org>,
Sami Tolvanen <samitolvanen@...gle.com>, Timur Tabi <ttabi@...dia.com>
Cc: linux-kernel@...r.kernel.org, rust-for-linux@...r.kernel.org,
Matthew Maurer <mmaurer@...gle.com>
Subject: [PATCH v2 3/4] rust: debugfs: Support format hooks
Rather than always using Display, allow hooking arbitrary functions to
arbitrary files. Display technically has the expressiveness to do this,
but requires a new type be declared for every different way to render
things, which can be very clumsy.
Signed-off-by: Matthew Maurer <mmaurer@...gle.com>
---
rust/kernel/debugfs.rs | 110 ++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 109 insertions(+), 1 deletion(-)
diff --git a/rust/kernel/debugfs.rs b/rust/kernel/debugfs.rs
index 87de94da3b27c2a399bb377afd47280f65208d41..2935c7ffbfaf460fff5b5f1ffc768f803c2da345 100644
--- a/rust/kernel/debugfs.rs
+++ b/rust/kernel/debugfs.rs
@@ -7,6 +7,7 @@
//! C header: [`include/linux/debugfs.h`](srctree/include/linux/debugfs.h)
use crate::str::CStr;
+use core::fmt;
use core::fmt::Display;
/// Handle to a DebugFS directory.
@@ -136,6 +137,47 @@ pub fn keep(self) {
/// // "my_debugfs_dir/foo" now contains the number 200.
/// ```
pub fn display_file<T: Display + Sized>(&self, name: &CStr, data: &'static T) -> Self {
+ // SAFETY: As `data` lives for the static lifetime, it outlives the file.
+ unsafe { self.display_file_raw(name, data) }
+ }
+
+ /// Create a file in a DebugFS directory with the provided name, and contents from invoking `f`
+ /// on the provided reference.
+ ///
+ /// `f` must be a function item or a non-capturing closure, or this will fail to compile.
+ ///
+ /// # Examples
+ ///
+ /// ```
+ /// # use core::sync::atomic::{AtomicU32, Ordering};
+ /// # use kernel::c_str;
+ /// # use kernel::debugfs::Dir;
+ /// let dir = Dir::new(c_str!("foo"));
+ /// static MY_ATOMIC: AtomicU32 = AtomicU32::new(3);
+ /// let file = dir.fmt_file(c_str!("bar"), &MY_ATOMIC, &|val, f| {
+ /// let out = val.load(Ordering::Relaxed);
+ /// writeln!(f, "{out:#010x}")
+ /// });
+ /// MY_ATOMIC.store(10, Ordering::Relaxed);
+ /// ```
+ pub fn fmt_file<T, F: Fn(&T, &mut fmt::Formatter<'_>) -> fmt::Result>(
+ &self,
+ name: &CStr,
+ data: &'static T,
+ f: &'static F,
+ ) -> Self {
+ // SAFETY: As `data` lives for the static lifetime, it outlives the file
+ unsafe { self.fmt_file_raw(name, data, f) }
+ }
+
+ /// Creates a DebugFS file backed by the display implementation of the provided pointer.
+ ///
+ /// # Safety
+ /// The pointee of `data` must outlive the accessibility of the `Dir` returned by this function.
+ /// This means that before `data` may become invalid, either:
+ /// * The refcount must go to zero
+ /// * The file must be rendered inaccessible, e.g. via `debugfs_remove`
+ unsafe fn display_file_raw<T: Display + Sized>(&self, name: &CStr, data: *const T) -> Self {
// SAFETY:
// * `name` is a NUL-terminated C string, living across the call, by CStr invariant
// * `parent` is a live dentry since we have a reference to it
@@ -163,6 +205,32 @@ pub fn display_file<T: Display + Sized>(&self, name: &CStr, data: &'static T) ->
Self()
}
}
+
+ /// Create a file in a DebugFS directory with the provided name, and contents from invoking the
+ /// fomatter on the attached data.
+ ///
+ /// The attached function must be a ZST, and will cause a compilation error if it is not.
+ ///
+ /// # Safety
+ ///
+ /// `data` must outlive the resulting file's accessibility
+ unsafe fn fmt_file_raw<T, F: Fn(&T, &mut fmt::Formatter<'_>) -> fmt::Result>(
+ &self,
+ name: &CStr,
+ data: &T,
+ f: &'static F,
+ ) -> Self {
+ #[cfg(CONFIG_DEBUG_FS)]
+ let data_adapted = FormatAdapter::new(data, f);
+ #[cfg(not(CONFIG_DEBUG_FS))]
+ let data_adapted = {
+ // Mark used
+ let (_, _) = (data, f);
+ &0
+ };
+ // SAFETY: data outlives the file's accessibility, so data_adapted does too
+ unsafe { self.display_file_raw(name, data_adapted) }
+ }
}
impl Drop for Dir {
@@ -180,7 +248,9 @@ fn drop(&mut self) {
mod helpers {
use crate::seq_file::SeqFile;
use crate::seq_print;
- use core::fmt::Display;
+ use core::fmt;
+ use core::fmt::{Display, Formatter};
+ use core::marker::PhantomData;
/// Implements `open` for `file_operations` via `single_open` to fill out a `seq_file`
///
@@ -231,6 +301,44 @@ pub(crate) trait DisplayFile: Display + Sized {
}
impl<T: Display + Sized> DisplayFile for T {}
+
+ // INVARIANT: F is inhabited
+ #[repr(transparent)]
+ pub(crate) struct FormatAdapter<T, F> {
+ inner: T,
+ _formatter: PhantomData<F>,
+ }
+
+ impl<T, F> FormatAdapter<T, F> {
+ pub(crate) fn new<'a>(inner: &'a T, _f: &'static F) -> &'a Self {
+ // SAFETY: FormatAdapater is a repr(transparent) wrapper around T, so
+ // casting a reference is legal
+ // INVARIANT: We were passed a reference to F, so it is inhabited.
+ unsafe { core::mem::transmute(inner) }
+ }
+ }
+
+ impl<T, F> Display for FormatAdapter<T, F>
+ where
+ F: Fn(&T, &mut Formatter<'_>) -> fmt::Result + 'static,
+ {
+ fn fmt(&self, fmt: &mut Formatter<'_>) -> fmt::Result {
+ // SAFETY: FormatAdapter<_, F> can only be constructed if F is inhabited
+ let f: &F = unsafe { materialize_zst_fmt() };
+ f(&self.inner, fmt)
+ }
+ }
+
+ /// # Safety
+ /// The caller asserts that F is inhabited
+ unsafe fn materialize_zst_fmt<F>() -> &'static F {
+ const { assert!(core::mem::size_of::<F>() == 0) };
+ let zst_dangle: core::ptr::NonNull<F> = core::ptr::NonNull::dangling();
+ // SAFETY: While the pointer is dangling, it is a dangling pointer to a ZST, based on the
+ // assertion above. The type is also inhabited, by the caller's assertion. This means
+ // we can materialize it.
+ unsafe { zst_dangle.as_ref() }
+ }
}
#[cfg(CONFIG_DEBUG_FS)]
--
2.49.0.906.g1f30a19c02-goog
Powered by blists - more mailing lists