[PATCH v2] docs: rust: extend abstraction and binding documentation

Rust-for-linux archive mirror
 help / color / mirror / Atom feed

From: Dirk Behme <dirk.behme@de.bosch.com>
To: <rust-for-linux@vger.kernel.org>
Cc: Dirk Behme <dirk.behme@de.bosch.com>,
	Valentin Obst <kernel@valentinobst.de>,
	Miguel Ojeda <ojeda@kernel.org>
Subject: [PATCH v2] docs: rust: extend abstraction and binding documentation
Date: Fri, 9 Feb 2024 08:05:48 +0100	[thread overview]
Message-ID: <20240209070548.3693410-1-dirk.behme@de.bosch.com> (raw)

Add some basics explained by Miguel in [1] to the documentation.
And connect it with some hints where this is implemented in the
kernel.

[1] https://www.linuxfoundation.org/webinars/rust-for-linux-writing-abstractions-and-drivers

Cc: Miguel Ojeda <ojeda@kernel.org>
Signed-off-by: Dirk Behme <dirk.behme@de.bosch.com>
---
Changes in v2: Try to incorporate the v1 comments from Valentin and Miguel.

 Documentation/rust/general-information.rst | 48 ++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/Documentation/rust/general-information.rst b/Documentation/rust/general-information.rst
index 081397827a7e..91a5a69c7c74 100644
--- a/Documentation/rust/general-information.rst
+++ b/Documentation/rust/general-information.rst
@@ -64,6 +64,54 @@ but it is intended that coverage is expanded as time goes on. "Leaf" modules
 (e.g. drivers) should not use the C bindings directly. Instead, subsystems
 should provide as-safe-as-possible abstractions as needed.
 
+.. code-block::
+
+	                                                rust/bindings/
+                                                       (rust/helpers.c)
+
+                                                          include/ -----+ <-+
+                                                                        |   |
+         drivers/              rust/kernel/              +----------+ <-+   |
+           fs/                                           | bindgen  |       |
+          .../            +-------------------+          +----------+ --+   |
+                          |    Abstractions   |                         |   |
+       +---------+        | +------+ +------+ |          +----------+   |   |
+       | my_foo  | -----> | | foo  | | bar  | | -------> | Bindings | <-+   |
+       | driver  |  Safe  | | sub- | | sub- | |  Unsafe  |          |       |
+       +---------+        | |system| |system| |          | bindings | <-----+
+            |             | +------+ +------+ |          |  crate   |       |
+            |             |   kernel crate    |          +----------+       |
+            |             +-------------------+                             |
+            |                                                               |
+            +------------------# FORBIDDEN #--------------------------------+
+
+The main idea is to encapsulate all unsafe handling in carefully reviewed
+and documented abstractions. These are then considered to be sound. With this model
+it is ensured that users of the abstractions ("my_foo driver") can't do anything
+unsound if
+
+#. the abstractions are sound
+#. they don't use ``unsafe()``
+
+Bindings
+~~~~~~~~
+
+By including a C header from ``include/`` into ``rust/bindings/bindings_helper.h``
+the ``bindgen`` tool will auto-generate the bindings for the included subsystem.
+See the ``*_generated.rs`` output files in the ``rust/bindings/`` directory.
+
+For parts of the C header ``bindgen`` doesn't auto generate, e.g. C ``inline``
+functions or macros, there is the option to add a small wrapper function
+to ``rust/helpers.c`` to make it available for the Rust side as well.
+
+Abstractions
+~~~~~~~~~~~~
+
+Abstractions are the layer between the bindings and the in-kernel users. For example
+the drivers or file systems written in Rust. They are located in ``rust/kernel/``
+and their role is to encapsulate the unsafe access to the bindings into a safe API
+that they expose to their users.
+
 
 Conditional compilation
 -----------------------
-- 
2.28.0

next             reply	other threads:[~2024-02-09  7:05 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-02-09  7:05 Dirk Behme [this message]
2024-02-10  7:37 ` [PATCH v2] docs: rust: extend abstraction and binding documentation Trevor Gross
2024-02-11  7:54 ` Valentin Obst

find likely ancestor, descendant, or conflicting patches for this message:
dfblob:081397827a7 dfblob:91a5a69c7c7
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240209070548.3693410-1-dirk.behme@de.bosch.com \
    --to=dirk.behme@de.bosch.com \
    --cc=kernel@valentinobst.de \
    --cc=ojeda@kernel.org \
    --cc=rust-for-linux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).