[PATCH v17 02/10] rust: types: Add Ownable/Owned types

Andreas Hindborg a.hindborg at kernel.org
Tue Jun 23 13:09:04 UTC 2026 

Alice Ryhl <aliceryhl at google.com> writes:

> On Thu, Jun 04, 2026 at 10:11:14PM +0200, Andreas Hindborg wrote:
>> From: Asahi Lina <lina+kernel at asahilina.net>
>> 
>> By analogy to `AlwaysRefCounted` and `ARef`, an `Ownable` type is a
>> (typically C FFI) type that *may* be owned by Rust, but need not be. Unlike
>> `AlwaysRefCounted`, this mechanism expects the reference to be unique
>> within Rust, and does not allow cloning.
>> 
>> Conceptually, this is similar to a `KBox<T>`, except that it delegates
>> resource management to the `T` instead of using a generic allocator.
>> 
>> [ om:
>>   - Split code into separate file and `pub use` it from types.rs.
>>   - Make from_raw() and into_raw() public.
>>   - Remove OwnableMut, and make DerefMut dependent on Unpin instead.
>>   - Usage example/doctest for Ownable/Owned.
>>   - Fixes to documentation and commit message.
>> ]
>> 
>> Link: https://lore.kernel.org/all/20250202-rust-page-v1-1-e3170d7fe55e@asahilina.net/
>> Signed-off-by: Asahi Lina <lina+kernel at asahilina.net>
>> Co-developed-by: Oliver Mangold <oliver.mangold at pm.me>
>> Signed-off-by: Oliver Mangold <oliver.mangold at pm.me>
>> Reviewed-by: Boqun Feng <boqun.feng at gmail.com>
>> Reviewed-by: Daniel Almeida <daniel.almeida at collabora.com>
>> [ Andreas: Updated documentation, examples, and formatting. Change safety
>>   requirements, safety comments. Use a reference for `release`. ]
>> Reviewed-by: Gary Guo <gary at garyguo.net>
>> Co-developed-by: Andreas Hindborg <a.hindborg at kernel.org>
>> Signed-off-by: Andreas Hindborg <a.hindborg at kernel.org>
>
> Overall looks good to me, but two nits below. With them fixed:
>
> Reviewed-by: Alice Ryhl <aliceryhl at google.com>
>
>> +pub trait Ownable {
>> +    /// Tear down this `Ownable`.
>> +    ///
>> +    /// Implementers of `Ownable` can use this function to clean up the use of `Self`. This can
>> +    /// include freeing the underlying object.
>> +    ///
>> +    /// # Safety
>> +    ///
>> +    /// Callers must ensure that the caller has exclusive ownership of `T`, and this ownership can
>> +    /// be transferred to the `release` method.
>> +    unsafe fn release(&mut self);
>
> I'd make this take a raw pointer because the pointer can be freed during
> the execution of release(), which references don't allow.

Ok.

>
>> diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
>> index 4329d3c2c2e5..4aec7b699269 100644
>> --- a/rust/kernel/types.rs
>> +++ b/rust/kernel/types.rs
>> @@ -11,6 +11,17 @@
>>  };
>>  use pin_init::{PinInit, Wrapper, Zeroable};
>>  
>> +pub use crate::{
>> +    owned::{
>> +        Ownable,
>> +        Owned, //
>> +    },
>> +    sync::aref::{
>> +        ARef,
>> +        AlwaysRefCounted, //
>> +    }, //
>> +};
>
> We removed the types::ARef re-export, so you shouldn't add it back.

Looks like a rebase failure, I will remove it.


Best regards,
Andreas Hindborg

More information about the Linux-security-module-archive mailing list