From: "Benno Lossin" <lossin@kernel.org>
To: "Alistair Popple" <apopple@nvidia.com>
Cc: "Danilo Krummrich" <dakr@kernel.org>,
rust-for-linux@vger.kernel.org,
"Bjorn Helgaas" <bhelgaas@google.com>,
"Krzysztof Wilczyński" <kwilczynski@kernel.org>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Rafael J. Wysocki" <rafael@kernel.org>,
"John Hubbard" <jhubbard@nvidia.com>,
"Alexandre Courbot" <acourbot@nvidia.com>,
linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 1/2] rust: Update PCI binding safety comments and add inline compiler hint
Date: Tue, 22 Jul 2025 12:49:24 +0200 [thread overview]
Message-ID: <DBIIXC694S6P.18BOBCI4LZ4HA@kernel.org> (raw)
In-Reply-To: <bwbern2t7k5fcj6zxze6bjpasu3t26n6dmfptlmhbhd7qmligs@3fgwifsw7qai>
On Tue Jul 22, 2025 at 7:17 AM CEST, Alistair Popple wrote:
> On Fri, Jul 11, 2025 at 10:46:13PM +0200, Benno Lossin wrote:
>> On Fri Jul 11, 2025 at 9:33 PM CEST, Danilo Krummrich wrote:
>> > On Fri Jul 11, 2025 at 8:30 PM CEST, Benno Lossin wrote:
>> >> On Fri Jul 11, 2025 at 5:02 PM CEST, Danilo Krummrich wrote:
>> >>> On Thu Jul 10, 2025 at 10:01 AM CEST, Benno Lossin wrote:
>> >>>> On Thu Jul 10, 2025 at 4:24 AM CEST, Alistair Popple wrote:
>> >>>>> diff --git a/rust/kernel/pci.rs b/rust/kernel/pci.rs
>> >>>>> index 8435f8132e38..5c35a66a5251 100644
>> >>>>> --- a/rust/kernel/pci.rs
>> >>>>> +++ b/rust/kernel/pci.rs
>> >>>>> @@ -371,14 +371,18 @@ fn as_raw(&self) -> *mut bindings::pci_dev {
>> >>>>>
>> >>>>> impl Device {
>> >>>>> /// Returns the PCI vendor ID.
>> >>>>> + #[inline]
>> >>>>> pub fn vendor_id(&self) -> u16 {
>> >>>>> - // SAFETY: `self.as_raw` is a valid pointer to a `struct pci_dev`.
>> >>>>> + // SAFETY: by its type invariant `self.as_raw` is always a valid pointer to a
>> >>>>
>> >>>> s/by its type invariant/by the type invariants of `Self`,/
>> >>>> s/always//
>> >>>>
>> >>>> Also, which invariant does this refer to? The only one that I can see
>> >>>> is:
>> >>>>
>> >>>> /// A [`Device`] instance represents a valid `struct device` created by the C portion of the kernel.
>> >>>>
>> >>>> And this doesn't say anything about the validity of `self.as_raw()`...
>> >>>
>> >>> Hm...why not? If an instance of Self always represents a valid struct pci_dev,
>> >>> then consequently self.as_raw() can only be a valid pointer to a struct pci_dev,
>> >>> no?
>> >>
>> >> While it's true, you need to look into the implementation of `as_raw`.
>> >> It could very well return a null pointer...
>> >>
>> >> This is where we can use a `Guarantee` on that function. But since it's
>> >> not shorter than `.0.get()`, I would just remove it.
>> >
>> > We have 15 to 20 as_raw() methods of this kind in the tree. If this really needs
>> > a `Guarantee` to be clean, we should probably fix it up in a treewide change.
>> >
>> > as_raw() is a common pattern and everyone knows what it does, `.0.get()` seems
>> > much less obvious.
>
> Coming from a C kernel programming background I agree `.as_raw()` is more
> obvious than `.0.get()`.
Makes sense, then I wouldn't recommend changing it.
> However now I'm confused ... what if anything needs changing to get
> these two small patches merged?
I'd like to see `as_raw` get a `Guarantee` section, but that is
independent from this patch series.
---
Cheers,
Benno
prev parent reply other threads:[~2025-07-22 10:49 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-10 2:24 [PATCH v2 1/2] rust: Update PCI binding safety comments and add inline compiler hint Alistair Popple
2025-07-10 2:24 ` [PATCH v2 2/2] rust: Add several miscellaneous PCI helpers Alistair Popple
2025-07-10 8:01 ` [PATCH v2 1/2] rust: Update PCI binding safety comments and add inline compiler hint Benno Lossin
2025-07-10 23:22 ` Alistair Popple
2025-07-11 8:11 ` Benno Lossin
2025-07-11 15:03 ` Danilo Krummrich
2025-07-11 15:02 ` Danilo Krummrich
2025-07-11 18:30 ` Benno Lossin
2025-07-11 19:33 ` Danilo Krummrich
2025-07-11 20:46 ` Benno Lossin
2025-07-22 5:17 ` Alistair Popple
2025-07-22 9:51 ` Danilo Krummrich
2025-07-22 10:57 ` Benno Lossin
2025-07-22 11:02 ` Danilo Krummrich
2025-07-22 11:21 ` Benno Lossin
2025-07-22 11:36 ` Danilo Krummrich
2025-07-22 11:35 ` Alice Ryhl
2025-07-22 12:08 ` Benno Lossin
2025-07-22 12:49 ` Danilo Krummrich
2025-07-23 14:25 ` Benno Lossin
2025-07-28 0:09 ` Alistair Popple
2025-07-22 10:49 ` Benno Lossin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DBIIXC694S6P.18BOBCI4LZ4HA@kernel.org \
--to=lossin@kernel.org \
--cc=a.hindborg@kernel.org \
--cc=acourbot@nvidia.com \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=apopple@nvidia.com \
--cc=bhelgaas@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=gary@garyguo.net \
--cc=gregkh@linuxfoundation.org \
--cc=jhubbard@nvidia.com \
--cc=kwilczynski@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=ojeda@kernel.org \
--cc=rafael@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.