From: Andreas Hindborg <a.hindborg@kernel.org>
To: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>
Cc: "Alice Ryhl" <aliceryhl@google.com>,
"Lorenzo Stoakes" <lorenzo.stoakes@oracle.com>,
"Liam R. Howlett" <Liam.Howlett@oracle.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <lossin@kernel.org>,
"Trevor Gross" <tmgross@umich.edu>,
"Danilo Krummrich" <dakr@kernel.org>,
linux-mm@kvack.org, rust-for-linux@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2/2] rust: page: add method to copy data between safe pages
Date: Mon, 16 Feb 2026 00:40:21 +0100 [thread overview]
Message-ID: <87ldgteftm.fsf@t14s.mail-host-address-is-not-set> (raw)
In-Reply-To: <CANiq72kovxkiF1Kj66yVyQYKx1OijjtTGB6UN5M35th57UFFeQ@mail.gmail.com>
"Miguel Ojeda" <miguel.ojeda.sandonis@gmail.com> writes:
> On Sun, Feb 15, 2026 at 9:04 PM Andreas Hindborg <a.hindborg@kernel.org> wrote:
>>
>> + /// Copies data from this page to another page at the specified offset.
>> + ///
>> + /// # Arguments
>> + ///
>> + /// - `dst` - The destination page to copy data to.
>> + /// - `offset` - The byte offset within both pages where copying starts.
>> + /// - `len` - The number of bytes to copy.
>
> We generally try to avoid this kind of argument-by-argument docs
> unless they are really needed.
Why?
>
> For instance, would this suffice?
>
> /// Copies `len` bytes from this page to another one at the
> specified byte offset.
> ///
> /// Copying starts within both pages at the same offset.
>
>> + /// ```
>> + /// # use kernel::page::SafePage;
>> + /// # use kernel::alloc::flags::GFP_KERNEL;
>> + /// let mut src_page = SafePage::alloc_page(GFP_KERNEL)?;
>> + /// let mut dst_page = SafePage::alloc_page(GFP_KERNEL)?;
>> + /// src_page.copy_to_page(dst_page.get_pin_mut(), 0, 1024)?;
>> + /// # Ok::<(), kernel::error::Error>(())
>> + /// ```
>
> Could we show some error cases?
>
> In addition, why could the test fail here? i.e. if you use `?` in the
> "main line", then it means this could fail for reasons outside the
> test. If it cannot, please assert it instead.
>
> Also, couldn't you assert that some bytes were copied as expected?
> Could you show an error case with e.g. an out of bounds case?
I can demo an out of bounds error, sure.
>
>> + // - By type invariant and existence of shared reference, there are no other writes to
>> + // `src` during this call.
>
> If you use the type invariant here that you promise not to break
> above, isn't it circular logic? Why someone couldn't have another
> `&self` and call this?
Writes require a mutable reference. There cannot be a mutable reference
while we have a shared reference.
Best regards,
Andreas Hindborg
next prev parent reply other threads:[~2026-02-16 4:10 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-15 20:03 [PATCH 0/2] rust: pages that cannot be racy Andreas Hindborg
2026-02-15 20:03 ` [PATCH 1/2] rust: page: add `SafePage` for race-free page access Andreas Hindborg
2026-02-16 8:52 ` Alice Ryhl
2026-02-15 20:03 ` [PATCH 2/2] rust: page: add method to copy data between safe pages Andreas Hindborg
2026-02-15 22:33 ` Miguel Ojeda
2026-02-15 23:40 ` Andreas Hindborg [this message]
2026-02-17 21:35 ` Miguel Ojeda
2026-02-18 9:37 ` Andreas Hindborg
2026-02-18 11:41 ` Miguel Ojeda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ldgteftm.fsf@t14s.mail-host-address-is-not-set \
--to=a.hindborg@kernel.org \
--cc=Liam.Howlett@oracle.com \
--cc=aliceryhl@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=gary@garyguo.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=lossin@kernel.org \
--cc=miguel.ojeda.sandonis@gmail.com \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox