From: "Alexandre Courbot" <acourbot@nvidia.com>
To: "Abdiel Janulgue" <abdiel.janulgue@gmail.com>, <dakr@kernel.org>,
<rust-for-linux@vger.kernel.org>
Cc: "Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <benno.lossin@proton.me>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Valentin Obst" <kernel@valentinobst.de>,
"open list" <linux-kernel@vger.kernel.org>,
"Marek Szyprowski" <m.szyprowski@samsung.com>,
"Robin Murphy" <robin.murphy@arm.com>,
airlied@redhat.com,
"open list:DMA MAPPING HELPERS" <iommu@lists.linux.dev>
Subject: Re: [PATCH v3 3/3] rust: dma: add as_slice/write functions for CoherentAllocation
Date: Fri, 25 Apr 2025 22:42:38 +0900 [thread overview]
Message-ID: <D9FRI153JFV3.2GQMZK8FCEV3C@nvidia.com> (raw)
In-Reply-To: <20250425073726.1027068-4-abdiel.janulgue@gmail.com>
Hi Abdiel,
On Fri Apr 25, 2025 at 4:35 PM JST, Abdiel Janulgue wrote:
> Add unsafe accessors for the region for reading or writing large
> blocks of data.
>
> Reviewed-by: Andreas Hindborg <a.hindborg@kernel.org>
> Signed-off-by: Abdiel Janulgue <abdiel.janulgue@gmail.com>
> ---
> rust/kernel/dma.rs | 85 ++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 85 insertions(+)
>
> diff --git a/rust/kernel/dma.rs b/rust/kernel/dma.rs
> index a61da5eeb017..e01bb7e7c440 100644
> --- a/rust/kernel/dma.rs
> +++ b/rust/kernel/dma.rs
> @@ -218,6 +218,91 @@ pub fn dma_handle(&self) -> bindings::dma_addr_t {
> self.dma_handle
> }
>
> + /// Returns the data from the region starting from `offset` as a slice.
> + /// `offset` and `count` are in units of `T`, not the number of bytes.
> + ///
> + /// For ringbuffer type of r/w access or use-cases where the pointer to the live data is needed,
> + /// [`CoherentAllocation::start_ptr`] or [`CoherentAllocation::start_ptr_mut`] could be used instead.
> + ///
> + /// # Safety
> + ///
> + /// * Callers must ensure that the device does not read/write to/from memory while the returned
> + /// slice is live.
> + /// * Callers must ensure that this call does not race with a write to the same region while
> + /// while the returned slice is live.
"while" is repeated twice in the second bullet point.
> + pub unsafe fn as_slice(&self, offset: usize, count: usize) -> Result<&[T]> {
> + let end = offset.checked_add(count).ok_or(EOVERFLOW)?;
> + if end > self.count {
> + return Err(EINVAL);
> + }
Since `end` is not subsequently used, how about reworking this to avoid
declaring it as a variable that is visible for the whole method:
offset.checked_add(count)
.ok_or(EOVERFLOW)
.and_then(|end| if end > self.count { Err(EINVAL) } else { Ok(()) })?;
Or maybe better, move this into a private helper method:
fn validate_range(&self, offset: usize, count: usize) -> Result<()>
that you can call from all three methods requiring it instead of
duplicating the same code snippet (in that case, you can declare `end`
if you prefer this style as it will be useful for the entirety of the
method).
> + // SAFETY:
> + // - The pointer is valid due to type invariant on `CoherentAllocation`,
> + // we've just checked that the range and index is within bounds. The immutability of the
> + // of data is also guaranteed by the safety requirements of the function.
"of the of data" sounds like a typo.
> + // - `offset` can't overflow since it is smaller than `self.count` and we've checked
> + // that `self.count` won't overflow early in the constructor.
IIUC you rather need to state that `offset + count` (not just `offset`)
is smaller than `self.count`?
Same comments apply to `as_slice_mut` and `write`.
Cheers,
Alex.
prev parent reply other threads:[~2025-04-25 13:42 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-25 7:35 [PATCH v3 0/3] Additional improvements for dma coherent allocator Abdiel Janulgue
2025-04-25 7:35 ` [PATCH v3 1/3] rust: dma: clarify wording and be consistent in `coherent` nomenclature Abdiel Janulgue
2025-04-25 7:35 ` [PATCH v3 2/3] rust: dma: convert the read/write macros to return Result Abdiel Janulgue
2025-04-25 7:35 ` [PATCH v3 3/3] rust: dma: add as_slice/write functions for CoherentAllocation Abdiel Janulgue
2025-04-25 13:42 ` Alexandre Courbot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D9FRI153JFV3.2GQMZK8FCEV3C@nvidia.com \
--to=acourbot@nvidia.com \
--cc=a.hindborg@kernel.org \
--cc=abdiel.janulgue@gmail.com \
--cc=airlied@redhat.com \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=gary@garyguo.net \
--cc=iommu@lists.linux.dev \
--cc=kernel@valentinobst.de \
--cc=linux-kernel@vger.kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=ojeda@kernel.org \
--cc=robin.murphy@arm.com \
--cc=rust-for-linux@vger.kernel.org \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.