From: "Danilo Krummrich" <dakr@kernel.org>
To: "Gary Guo" <gary@garyguo.net>
Cc: <aliceryhl@google.com>, <daniel.almeida@collabora.com>,
<acourbot@nvidia.com>, <ecourtney@nvidia.com>, <ojeda@kernel.org>,
<boqun@kernel.org>, <bjorn3_gh@protonmail.com>,
<lossin@kernel.org>, <a.hindborg@kernel.org>, <tmgross@umich.edu>,
<deborah.brouwer@collabora.com>, <boris.brezillon@collabora.com>,
<driver-core@lists.linux.dev>, <linux-kernel@vger.kernel.org>,
<nova-gpu@lists.linux.dev>, <dri-devel@lists.freedesktop.org>,
<rust-for-linux@vger.kernel.org>
Subject: Re: [PATCH v2 3/7] rust: drm: Add RegistrationData to drm::Driver
Date: Thu, 04 Jun 2026 00:24:24 +0200 [thread overview]
Message-ID: <DIZRLM5N81KS.DIRUHYO435XR@kernel.org> (raw)
In-Reply-To: <DIZE54GCJ9MS.DW75EP5OM604@garyguo.net>
On Wed Jun 3, 2026 at 1:51 PM CEST, Gary Guo wrote:
>> + /// Safe variant of [`Registration::new_with_lt()`] for registration data that does not contain
>> + /// borrowed references.
>> + pub fn new<E>(
>
> This is currently unsound, as leaking the unbind guard also gives out
> `&Device<Bound>` in addition to the registration data.
For this to be unsound someone would need to be able to move the
drm::Registration into a context where its Drop runs independently of the driver
unbind, because otherwise leaking the UnbindGuard would also block driver unbind
forever and the now unconstraint &Device<Bound> remains valid.
So, I assume you refer to the case where someone calls forget() on the
drm::Registration that was created without the promise not to do so, i.e. new().
> I think we should just remove the not pass `&Device<Bound>` to ioctl callbacks.
> Giving back registration data is sufficient; if a device driver needs
> `&Device<Bound>` it can just store a reference in its registration data; more
> commonly I suspect it will just store whatever device resource is needed and
> doesn't need `&Device<Bound>` (with the introduction of lifetime, we have much
> fewer cases that we actually need `&Device<Bound>` and cannot be replaced with a
> direct reference to the device resource).
>
> Not passing this bound device allows us to make this safe, and also remove the
> need of patch 1 and patch 5.
I follow your reasoning, but not passing T::ParentDevice<Bound> in the ioctl
makes Registration::new() rather pointless on its own; given that it takes
T: 'static you can't store &'a T::ParentDevice<Bound> in the first place.
next prev parent reply other threads:[~2026-06-03 22:24 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-03 1:15 [PATCH v2 0/7] rust: drm: Higher-Ranked Lifetime private data Danilo Krummrich
2026-06-03 1:15 ` [PATCH v2 1/7] rust: drm: Add Driver::ParentDevice associated type Danilo Krummrich
2026-06-03 1:15 ` [PATCH v2 2/7] rust: drm: Add UnbindGuard for drm_dev_enter/exit critical sections Danilo Krummrich
2026-06-03 11:47 ` Gary Guo
2026-06-03 1:15 ` [PATCH v2 3/7] rust: drm: Add RegistrationData to drm::Driver Danilo Krummrich
2026-06-03 11:51 ` Gary Guo
2026-06-03 22:24 ` Danilo Krummrich [this message]
2026-06-03 22:36 ` Gary Guo
2026-06-03 23:29 ` Deborah Brouwer
2026-06-04 13:53 ` Danilo Krummrich
2026-06-04 23:43 ` Deborah Brouwer
2026-06-03 1:15 ` [PATCH v2 4/7] rust: drm: Wrap ioctl dispatch in UnbindGuard Danilo Krummrich
2026-06-03 1:15 ` [PATCH v2 5/7] rust: drm: Pass bound parent device to ioctl handlers Danilo Krummrich
2026-06-03 1:15 ` [PATCH v2 6/7] rust: drm: Pass registration data " Danilo Krummrich
2026-06-03 1:15 ` [PATCH v2 7/7] drm: nova: convert to use DRM registration data Danilo Krummrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DIZRLM5N81KS.DIRUHYO435XR@kernel.org \
--to=dakr@kernel.org \
--cc=a.hindborg@kernel.org \
--cc=acourbot@nvidia.com \
--cc=aliceryhl@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun@kernel.org \
--cc=boris.brezillon@collabora.com \
--cc=daniel.almeida@collabora.com \
--cc=deborah.brouwer@collabora.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=driver-core@lists.linux.dev \
--cc=ecourtney@nvidia.com \
--cc=gary@garyguo.net \
--cc=linux-kernel@vger.kernel.org \
--cc=lossin@kernel.org \
--cc=nova-gpu@lists.linux.dev \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.