1 // SPDX-License-Identifier: GPL-2.0 2 3 //! Rust interface for C doubly circular intrusive linked lists. 4 //! 5 //! This module provides Rust abstractions for iterating over C `list_head`-based 6 //! linked lists. It should only be used for cases where C and Rust code share 7 //! direct access to the same linked list through a C interop interface. 8 //! 9 //! Note: This *must not* be used by Rust components that just need a linked list 10 //! primitive. Use [`kernel::list::List`] instead. 11 //! 12 //! # Examples 13 //! 14 //! ``` 15 //! use kernel::{ 16 //! bindings, 17 //! interop::list::clist_create, 18 //! types::Opaque, 19 //! }; 20 //! # // Create test list with values (0, 10, 20) - normally done by C code but it is 21 //! # // emulated here for doctests using the C bindings. 22 //! # use core::mem::MaybeUninit; 23 //! # 24 //! # /// C struct with embedded `list_head` (typically will be allocated by C code). 25 //! # #[repr(C)] 26 //! # pub struct SampleItemC { 27 //! # pub value: i32, 28 //! # pub link: bindings::list_head, 29 //! # } 30 //! # 31 //! # let mut head = MaybeUninit::<bindings::list_head>::uninit(); 32 //! # 33 //! # let head = head.as_mut_ptr(); 34 //! # // SAFETY: `head` and all the items are test objects allocated in this scope. 35 //! # unsafe { bindings::INIT_LIST_HEAD(head) }; 36 //! # 37 //! # let mut items = [ 38 //! # MaybeUninit::<SampleItemC>::uninit(), 39 //! # MaybeUninit::<SampleItemC>::uninit(), 40 //! # MaybeUninit::<SampleItemC>::uninit(), 41 //! # ]; 42 //! # 43 //! # for (i, item) in items.iter_mut().enumerate() { 44 //! # let ptr = item.as_mut_ptr(); 45 //! # // SAFETY: `ptr` points to a valid `MaybeUninit<SampleItemC>`. 46 //! # unsafe { (*ptr).value = i as i32 * 10 }; 47 //! # // SAFETY: `&raw mut` creates a pointer valid for `INIT_LIST_HEAD`. 48 //! # unsafe { bindings::INIT_LIST_HEAD(&raw mut (*ptr).link) }; 49 //! # // SAFETY: `link` was just initialized and `head` is a valid list head. 50 //! # unsafe { bindings::list_add_tail(&mut (*ptr).link, head) }; 51 //! # } 52 //! 53 //! /// Rust wrapper for the C struct. 54 //! /// 55 //! /// The list item struct in this example is defined in C code as: 56 //! /// 57 //! /// ```c 58 //! /// struct SampleItemC { 59 //! /// int value; 60 //! /// struct list_head link; 61 //! /// }; 62 //! /// ``` 63 //! #[repr(transparent)] 64 //! pub struct Item(Opaque<SampleItemC>); 65 //! 66 //! impl Item { 67 //! pub fn value(&self) -> i32 { 68 //! // SAFETY: `Item` has the same layout as `SampleItemC`. 69 //! unsafe { (*self.0.get()).value } 70 //! } 71 //! } 72 //! 73 //! // Create typed [`CList`] from sentinel head. 74 //! // SAFETY: `head` is valid and initialized, items are `SampleItemC` with 75 //! // embedded `link` field, and `Item` is `#[repr(transparent)]` over `SampleItemC`. 76 //! let list = unsafe { clist_create!(head, Item, SampleItemC, link) }; 77 //! 78 //! // Iterate directly over typed items. 79 //! let mut found_0 = false; 80 //! let mut found_10 = false; 81 //! let mut found_20 = false; 82 //! 83 //! for item in list.iter() { 84 //! let val = item.value(); 85 //! if val == 0 { found_0 = true; } 86 //! if val == 10 { found_10 = true; } 87 //! if val == 20 { found_20 = true; } 88 //! } 89 //! 90 //! assert!(found_0 && found_10 && found_20); 91 //! ``` 92 93 use core::{ 94 iter::FusedIterator, 95 marker::PhantomData, // 96 }; 97 98 use crate::{ 99 bindings, 100 types::Opaque, // 101 }; 102 103 use pin_init::{ 104 pin_data, 105 pin_init, 106 PinInit, // 107 }; 108 109 /// FFI wrapper for a C `list_head` object used in intrusive linked lists. 110 /// 111 /// # Invariants 112 /// 113 /// - The underlying `list_head` is initialized with valid non-`NULL` `next`/`prev` pointers. 114 #[pin_data] 115 #[repr(transparent)] 116 pub struct CListHead { 117 #[pin] 118 inner: Opaque<bindings::list_head>, 119 } 120 121 impl CListHead { 122 /// Create a `&CListHead` reference from a raw `list_head` pointer. 123 /// 124 /// # Safety 125 /// 126 /// - `ptr` must be a valid pointer to an initialized `list_head` (e.g. via 127 /// `INIT_LIST_HEAD()`), with valid non-`NULL` `next`/`prev` pointers. 128 /// - `ptr` must remain valid for the lifetime `'a`. 129 /// - The list and all linked `list_head` nodes must not be modified from 130 /// anywhere for the lifetime `'a`, unless done so via any [`CListHead`] APIs. 131 #[inline] 132 pub unsafe fn from_raw<'a>(ptr: *mut bindings::list_head) -> &'a Self { 133 // SAFETY: 134 // - `CListHead` has the same layout as `list_head`. 135 // - `ptr` is valid and unmodified for `'a` per caller guarantees. 136 unsafe { &*ptr.cast() } 137 } 138 139 /// Get the raw `list_head` pointer. 140 #[inline] 141 pub fn as_raw(&self) -> *mut bindings::list_head { 142 self.inner.get() 143 } 144 145 /// Get the next [`CListHead`] in the list. 146 #[inline] 147 pub fn next(&self) -> &Self { 148 let raw = self.as_raw(); 149 // SAFETY: 150 // - `self.as_raw()` is valid and initialized per type invariants. 151 // - The `next` pointer is valid and non-`NULL` per type invariants 152 // (initialized via `INIT_LIST_HEAD()` or equivalent). 153 unsafe { Self::from_raw((*raw).next) } 154 } 155 156 /// Check if this node is linked in a list (not isolated). 157 #[inline] 158 pub fn is_linked(&self) -> bool { 159 let raw = self.as_raw(); 160 // SAFETY: `self.as_raw()` is valid per type invariants. 161 unsafe { (*raw).next != raw && (*raw).prev != raw } 162 } 163 164 /// Returns a pin-initializer for the list head. 165 pub fn new() -> impl PinInit<Self> { 166 pin_init!(Self { 167 // SAFETY: `INIT_LIST_HEAD` initializes `slot` to a valid empty list. 168 inner <- Opaque::ffi_init(|slot| unsafe { bindings::INIT_LIST_HEAD(slot) }), 169 }) 170 } 171 } 172 173 // SAFETY: `list_head` contains no thread-bound state; it only holds 174 // `next`/`prev` pointers. 175 unsafe impl Send for CListHead {} 176 177 // SAFETY: `CListHead` can be shared among threads as modifications are 178 // not allowed at the moment. 179 unsafe impl Sync for CListHead {} 180 181 impl PartialEq for CListHead { 182 #[inline] 183 fn eq(&self, other: &Self) -> bool { 184 core::ptr::eq(self, other) 185 } 186 } 187 188 impl Eq for CListHead {} 189 190 /// Low-level iterator over `list_head` nodes. 191 /// 192 /// An iterator used to iterate over a C intrusive linked list (`list_head`). The caller has to 193 /// perform conversion of returned [`CListHead`] to an item (using [`container_of`] or similar). 194 /// 195 /// # Invariants 196 /// 197 /// `current` and `sentinel` are valid references into an initialized linked list. 198 struct CListHeadIter<'a> { 199 /// Current position in the list. 200 current: &'a CListHead, 201 /// The sentinel head (used to detect end of iteration). 202 sentinel: &'a CListHead, 203 } 204 205 impl<'a> Iterator for CListHeadIter<'a> { 206 type Item = &'a CListHead; 207 208 #[inline] 209 fn next(&mut self) -> Option<Self::Item> { 210 // Check if we've reached the sentinel (end of list). 211 if self.current == self.sentinel { 212 return None; 213 } 214 215 let item = self.current; 216 self.current = item.next(); 217 Some(item) 218 } 219 } 220 221 impl<'a> FusedIterator for CListHeadIter<'a> {} 222 223 /// A typed C linked list with a sentinel head intended for FFI use-cases where 224 /// a C subsystem manages a linked list that Rust code needs to read. Generally 225 /// required only for special cases. 226 /// 227 /// A sentinel head [`CListHead`] represents the entire linked list and can be used 228 /// for iteration over items of type `T`; it is not associated with a specific item. 229 /// 230 /// The const generic `OFFSET` specifies the byte offset of the `list_head` field within 231 /// the struct that `T` wraps. 232 /// 233 /// # Invariants 234 /// 235 /// - The sentinel [`CListHead`] has valid non-`NULL` `next`/`prev` pointers. 236 /// - `OFFSET` is the byte offset of the `list_head` field within the struct that `T` wraps. 237 /// - All the list's `list_head` nodes have valid non-`NULL` `next`/`prev` pointers. 238 #[repr(transparent)] 239 pub struct CList<T, const OFFSET: usize>(CListHead, PhantomData<T>); 240 241 impl<T, const OFFSET: usize> CList<T, OFFSET> { 242 /// Create a typed [`CList`] reference from a raw sentinel `list_head` pointer. 243 /// 244 /// # Safety 245 /// 246 /// - `ptr` must be a valid pointer to an initialized sentinel `list_head` (e.g. via 247 /// `INIT_LIST_HEAD()`), with valid non-`NULL` `next`/`prev` pointers. 248 /// - `ptr` must remain valid for the lifetime `'a`. 249 /// - The list and all linked nodes must not be concurrently modified for the lifetime `'a`. 250 /// - The list must contain items where the `list_head` field is at byte offset `OFFSET`. 251 /// - `T` must be `#[repr(transparent)]` over the C struct. 252 #[inline] 253 pub unsafe fn from_raw<'a>(ptr: *mut bindings::list_head) -> &'a Self { 254 // SAFETY: 255 // - `CList` has the same layout as `CListHead` due to `#[repr(transparent)]`. 256 // - Caller guarantees `ptr` is a valid, sentinel `list_head` object. 257 unsafe { &*ptr.cast() } 258 } 259 260 /// Check if the list is empty. 261 #[inline] 262 pub fn is_empty(&self) -> bool { 263 !self.0.is_linked() 264 } 265 266 /// Create an iterator over typed items. 267 #[inline] 268 pub fn iter(&self) -> CListIter<'_, T, OFFSET> { 269 let head = &self.0; 270 CListIter { 271 head_iter: CListHeadIter { 272 current: head.next(), 273 sentinel: head, 274 }, 275 _phantom: PhantomData, 276 } 277 } 278 } 279 280 /// High-level iterator over typed list items. 281 pub struct CListIter<'a, T, const OFFSET: usize> { 282 head_iter: CListHeadIter<'a>, 283 _phantom: PhantomData<&'a T>, 284 } 285 286 impl<'a, T, const OFFSET: usize> Iterator for CListIter<'a, T, OFFSET> { 287 type Item = &'a T; 288 289 #[inline] 290 fn next(&mut self) -> Option<Self::Item> { 291 let head = self.head_iter.next()?; 292 293 // Convert to item using `OFFSET`. 294 // 295 // SAFETY: The pointer calculation is valid because `OFFSET` is derived 296 // from `offset_of!` per type invariants. 297 Some(unsafe { &*head.as_raw().byte_sub(OFFSET).cast::<T>() }) 298 } 299 } 300 301 impl<'a, T, const OFFSET: usize> FusedIterator for CListIter<'a, T, OFFSET> {} 302 303 /// Create a C doubly-circular linked list interface [`CList`] from a raw `list_head` pointer. 304 /// 305 /// This macro creates a `CList<T, OFFSET>` that can iterate over items of type `$rust_type` 306 /// linked via the `$field` field in the underlying C struct `$c_type`. 307 /// 308 /// # Arguments 309 /// 310 /// - `$head`: Raw pointer to the sentinel `list_head` object (`*mut bindings::list_head`). 311 /// - `$rust_type`: Each item's Rust wrapper type. 312 /// - `$c_type`: Each item's C struct type that contains the embedded `list_head`. 313 /// - `$field`: The name of the `list_head` field within the C struct. 314 /// 315 /// # Safety 316 /// 317 /// The caller must ensure: 318 /// 319 /// - `$head` is a valid, initialized sentinel `list_head` (e.g. via `INIT_LIST_HEAD()`) 320 /// pointing to a list that is not concurrently modified for the lifetime of the [`CList`]. 321 /// - The list contains items of type `$c_type` linked via an embedded `$field`. 322 /// - `$rust_type` is `#[repr(transparent)]` over `$c_type` or has compatible layout. 323 /// 324 /// # Examples 325 /// 326 /// Refer to the examples in the [`crate::interop::list`] module documentation. 327 #[macro_export] 328 macro_rules! clist_create { 329 ($head:expr, $rust_type:ty, $c_type:ty, $($field:tt).+) => {{ 330 // Compile-time check that field path is a `list_head`. 331 let _: fn(*const $c_type) -> *const $crate::bindings::list_head = 332 |p| &raw const (*p).$($field).+; 333 334 // Calculate offset and create `CList`. 335 const OFFSET: usize = ::core::mem::offset_of!($c_type, $($field).+); 336 $crate::interop::list::CList::<$rust_type, OFFSET>::from_raw($head) 337 }}; 338 } 339 pub use clist_create; 340