From: Boqun Feng <boqun.feng@gmail.com>
To: Alice Ryhl <aliceryhl@google.com>
Cc: "Danilo Krummrich" <dakr@kernel.org>,
"Abdiel Janulgue" <abdiel.janulgue@gmail.com>,
rust-for-linux@vger.kernel.org, daniel.almeida@collabora.com,
robin.murphy@arm.com, "Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <benno.lossin@proton.me>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Trevor Gross" <tmgross@umich.edu>,
"Valentin Obst" <kernel@valentinobst.de>,
"open list" <linux-kernel@vger.kernel.org>,
"Christoph Hellwig" <hch@lst.de>,
"Marek Szyprowski" <m.szyprowski@samsung.com>,
airlied@redhat.com,
"open list:DMA MAPPING HELPERS" <iommu@lists.linux.dev>
Subject: Re: [PATCH v11 2/3] rust: add dma coherent allocator abstraction.
Date: Mon, 27 Jan 2025 11:37:06 -0800 [thread overview]
Message-ID: <Z5fgYtIdOudE3ELF@tardis.local> (raw)
In-Reply-To: <Z5fc0EFCUdXlkpWB@tardis.local>
On Mon, Jan 27, 2025 at 11:21:52AM -0800, Boqun Feng wrote:
[...]
> > > Depending on the granularity that tearing can happen, if .foo is an enum
> > > (or any other type that not all bit combinations are valid) and tearing
> > > can happen at byte levels, then a racing dma_read() may read invalid
> > > data.
> >
> > T: FromBytes + ToBytes is already required for these types. You can't
> > use these operations with such an enum.
> >
>
> I was talking about a wider problem, but fine ;-) So the assumption is
> the read_volatile() or copy_nonoverlapping() provide byte-level
> atomicity? Although unlikely, but if tearing happens at sub-byte level,
> then even if `T: FromBytes + ToBytes` you can still get invalid data.
>
OK, `FromBytes + ToBytes` should tolerate sub-byte level tearing, so I
was wrong on this.
> > > I think it's fine to expect read_volatile() and write_volatile()
> > > themselves don't trigger UB, but we will need to be careful about the
> > > atomic granularity that we can expect on them. It would be more clear if
> > > we use the atomic API here (and implementation can be read_volatile()
> > > and write_volatile()), and it can avoid coding based on tribal knowledge
> > > such as "in kernel, read_volatile() and write_volatile() imply atomic".
> >
> > Why should we use atomics for operations that don't need to be atomic?
And yes, given the `FromBytes + ToBytes`, it looks like you don't need
any atomicity for the basic DMA read/write operation.
Regards,
Boqun
> > Most of the time, dma memory is not *actually* changed while you read
> > it.
> >
>
> Because the requirement here actually needs atomic at byte level, it's
> similar to:
>
> https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2022/p1478r8.html
>
> also, notice that for byte level atomic, it's actually free on most of
> the architectures (i.e. no extra cost). Again, it's more of a "how do we
> express our assumption" question. If indeed we expect byte-level
> atomicity, then I see no harm to use atomic API here.
>
> Regards,
> Boqun
>
> > Alice
next prev parent reply other threads:[~2025-01-27 19:37 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-23 10:42 [PATCH v11 0/3] Add dma coherent allocator abstraction Abdiel Janulgue
2025-01-23 10:42 ` [PATCH v11 1/3] rust: error: Add EOVERFLOW Abdiel Janulgue
2025-01-23 10:42 ` [PATCH v11 2/3] rust: add dma coherent allocator abstraction Abdiel Janulgue
2025-01-23 12:30 ` Petr Tesařík
2025-01-23 13:38 ` Abdiel Janulgue
2025-01-23 14:44 ` Miguel Ojeda
2025-01-23 22:54 ` Daniel Almeida
2025-01-24 7:27 ` Alice Ryhl
2025-01-27 6:16 ` Petr Tesařík
2025-01-27 9:45 ` Alice Ryhl
2025-01-27 10:37 ` Danilo Krummrich
2025-01-27 10:43 ` Alice Ryhl
2025-01-27 12:14 ` Danilo Krummrich
2025-01-27 13:25 ` Alice Ryhl
2025-01-27 13:34 ` Danilo Krummrich
2025-01-27 13:42 ` Alice Ryhl
2025-01-27 16:59 ` Boqun Feng
2025-01-27 18:32 ` Alice Ryhl
2025-01-27 18:38 ` Boqun Feng
2025-01-27 18:46 ` Alice Ryhl
2025-01-27 19:01 ` Boqun Feng
2025-01-27 19:05 ` Alice Ryhl
2025-01-27 19:21 ` Boqun Feng
2025-01-27 19:37 ` Boqun Feng [this message]
2025-01-27 10:52 ` Daniel Almeida
2025-01-27 10:59 ` Daniel Almeida
2025-01-27 11:34 ` Alice Ryhl
2025-01-28 10:22 ` Daniel Almeida
2025-01-28 10:25 ` Alice Ryhl
2025-01-28 10:36 ` Daniel Almeida
2025-01-28 11:28 ` Alice Ryhl
2025-02-15 21:40 ` Daniel Almeida
2025-02-17 13:52 ` Robin Murphy
2025-02-17 17:37 ` Abdiel Janulgue
2025-02-18 9:58 ` Abdiel Janulgue
2025-02-18 12:19 ` Daniel Almeida
2025-02-18 12:44 ` Robin Murphy
2025-01-23 10:42 ` [PATCH v11 3/3] MAINTAINERS: add entry for Rust dma mapping helpers device driver API Abdiel Janulgue
2025-01-30 11:49 ` Robin Murphy
2025-01-30 12:00 ` Danilo Krummrich
2025-02-03 8:37 ` Abdiel Janulgue
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z5fgYtIdOudE3ELF@tardis.local \
--to=boqun.feng@gmail.com \
--cc=a.hindborg@kernel.org \
--cc=abdiel.janulgue@gmail.com \
--cc=airlied@redhat.com \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=dakr@kernel.org \
--cc=daniel.almeida@collabora.com \
--cc=gary@garyguo.net \
--cc=hch@lst.de \
--cc=iommu@lists.linux.dev \
--cc=kernel@valentinobst.de \
--cc=linux-kernel@vger.kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=ojeda@kernel.org \
--cc=robin.murphy@arm.com \
--cc=rust-for-linux@vger.kernel.org \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.