diff options
author | Chirantan Ekbote <chirantan@chromium.org> | 2020-11-30 17:14:49 +0900 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2020-12-09 14:31:09 +0000 |
commit | f1444aaf7211aa81e5b6fbbaa389619d5d65fa98 (patch) | |
tree | 3f71b556d17fdc3439cc1bea9f5c38c56f1d4c5a | |
parent | 0a086e6cbec6b8f46bf4a845a026769628522e2a (diff) | |
download | crosvm-f1444aaf7211aa81e5b6fbbaa389619d5d65fa98.tar.gz |
data_model: Implement Send + Sync for IoSliceMut
Pointers in rust don't implement Send or Sync and so any struct that
contains a raw pointer doesn't implement those traits either. However,
there's nothing inherently unsafe about sending a pointer across thread
boundaries. The only unsafety comes from actually de-referencing the
pointer, which already requires an unsafe block.
Explicitly implement Send + Sync for IoSliceMut since the iovec
internally holds a *mut c_void, which prevents those traits from being
auto-implemented. Send + Sync is also implemented by
std::io::IoSliceMut, which is almost exactly the same as our IoSliceMut,
so that can provide some additional reassurance that this is safe.
Also add a missing copyright header in the file.
BUG=none
TEST=unit tests
Change-Id: Ic21fc0de9b29923420f36ab166fec80d4d4cf2e3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2571146
Reviewed-by: Noah Gold <nkgold@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
-rw-r--r-- | data_model/src/sys.rs | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/data_model/src/sys.rs b/data_model/src/sys.rs index 8201c4380..646cced4c 100644 --- a/data_model/src/sys.rs +++ b/data_model/src/sys.rs @@ -1,3 +1,7 @@ +// Copyright 2020 The Chromium OS Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + use std::ffi::c_void; use std::fmt::{self, Debug}; use std::marker::PhantomData; @@ -70,6 +74,13 @@ impl<'a> IoSliceMut<'a> { } } +// It's safe to implement Send + Sync for this type for the same reason that `std::io::IoSliceMut` +// is Send + Sync. Internally, it contains a pointer and a length. The integer length is safely Send +// + Sync. There's nothing wrong with sending a pointer between threads and de-referencing the +// pointer requires an unsafe block anyway. See also https://github.com/rust-lang/rust/pull/70342. +unsafe impl<'a> Send for IoSliceMut<'a> {} +unsafe impl<'a> Sync for IoSliceMut<'a> {} + struct DebugIovec(iovec); impl Debug for DebugIovec { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { |