From: Danilo Krummrich <dakr@kernel.org>
To: Viresh Kumar <viresh.kumar@linaro.org>
Cc: "Rafael J. Wysocki" <rafael@kernel.org>,
"Miguel Ojeda" <miguel.ojeda.sandonis@gmail.com>,
"Danilo Krummrich" <dakr@redhat.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <benno.lossin@proton.me>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
linux-pm@vger.kernel.org,
"Vincent Guittot" <vincent.guittot@linaro.org>,
"Stephen Boyd" <sboyd@kernel.org>, "Nishanth Menon" <nm@ti.com>,
rust-for-linux@vger.kernel.org,
"Manos Pitsidianakis" <manos.pitsidianakis@linaro.org>,
"Alex Bennée" <alex.bennee@linaro.org>,
"Joakim Bech" <joakim.bech@linaro.org>,
"Rob Herring" <robh@kernel.org>,
"Yury Norov" <yury.norov@gmail.com>,
"Burak Emir" <bqe@google.com>,
"Rasmus Villemoes" <linux@rasmusvillemoes.dk>,
"Russell King" <linux@armlinux.org.uk>,
linux-clk@vger.kernel.org,
"Michael Turquette" <mturquette@baylibre.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH V10 11/15] rust: cpufreq: Add initial abstractions for cpufreq framework
Date: Wed, 16 Apr 2025 14:25:22 +0200 [thread overview]
Message-ID: <Z_-hskVtNFPxUmlC@pollux> (raw)
In-Reply-To: <20250416093720.5nigxsirbvyiumcv@vireshk-i7>
On Wed, Apr 16, 2025 at 03:07:20PM +0530, Viresh Kumar wrote:
> On 16-04-25, 11:14, Danilo Krummrich wrote:
> > On Wed, Apr 16, 2025 at 12:09:28PM +0530, Viresh Kumar wrote:
>
> > > + pub unsafe fn data(&self, index: usize) -> u32 {
> > > + // SAFETY: By the type invariant, the pointer stored in `self` is valid and `index` is
> > > + // guaranteed to be valid by the safety requirements of the function.
> > > + unsafe { (*self.as_raw().add(index)).driver_data }
> > > + }
> >
> > Those three functions above look like they're supposed to be used directly by
> > drivers, but are unsafe. :(
> >
> > It looks like the reason for them being unsafe is that with only the pointer to
> > the struct cpufreq_frequency_table array we don't know the length of the array.
>
> Yes.
>
> > However, a Table instance seems to come from TableBox, which *does* know the
> > length of the KVec<bindings::cpufreq_frequency_table>. Why can't we just preserve the
> > length and provide a safe API?
>
> The Table is also created from a raw pointer, when it is received from
> the C callbacks. Also the Table can be created from the OPP table,
> where again we receive a raw pointer from the C code.
>
> I tried to do this differently earlier and finalized on current
> version after some discussions on the list:
>
> https://lore.kernel.org/all/2025011327-cubbyhole-idealness-d4cc@gregkh/
I skimmed over your explanation from the link and got stuck at:
> - The cpufreq core then calls cpufreq driver's callbacks and passes an
> index to the freq-table, which the drivers don't need to verify
> against table length, since the index came from the core itself.
This sounds like you could just abstract the index passed through the callback
in some trusted type (e.g. cpufreq::TableIndex) and let the cpufreq::Table
methods take this trusted index type, rather than a raw usize, which would also
make the methods safe.
- Danilo
next prev parent reply other threads:[~2025-04-16 12:25 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-16 6:39 [PATCH V10 00/15] Rust abstractions for clk, cpumask, cpufreq, OPP Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 01/15] rust: cpumask: Add few more helpers Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 02/15] rust: cpumask: Add initial abstractions Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 03/15] MAINTAINERS: Add entry for Rust cpumask API Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 04/15] rust: clk: Add helpers for Rust code Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 05/15] rust: clk: Add initial abstractions Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 06/15] rust: macros: enable use of hyphens in module names Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 07/15] rust: cpu: Add from_cpu() Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 08/15] rust: opp: Add initial abstractions for OPP framework Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 09/15] rust: opp: Add abstractions for the OPP table Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 10/15] rust: opp: Add abstractions for the configuration options Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 11/15] rust: cpufreq: Add initial abstractions for cpufreq framework Viresh Kumar
2025-04-16 9:14 ` Danilo Krummrich
2025-04-16 9:37 ` Viresh Kumar
2025-04-16 12:25 ` Danilo Krummrich [this message]
2025-04-17 8:34 ` Viresh Kumar
2025-04-17 8:00 ` Benno Lossin
2025-04-17 8:08 ` Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 12/15] rust: cpufreq: Extend abstractions for policy and driver ops Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 13/15] rust: cpufreq: Extend abstractions for driver registration Viresh Kumar
2025-04-16 9:04 ` Danilo Krummrich
2025-04-16 10:17 ` Viresh Kumar
2025-04-16 10:59 ` Danilo Krummrich
2025-04-17 8:29 ` Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 14/15] rust: opp: Extend OPP abstractions with cpufreq support Viresh Kumar
2025-04-16 8:52 ` Danilo Krummrich
2025-04-16 9:59 ` Viresh Kumar
2025-04-16 10:31 ` Miguel Ojeda
2025-04-16 10:40 ` Viresh Kumar
2025-04-16 10:47 ` Miguel Ojeda
2025-04-16 12:46 ` Danilo Krummrich
2025-04-16 6:39 ` [PATCH V10 15/15] cpufreq: Add Rust-based cpufreq-dt driver Viresh Kumar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z_-hskVtNFPxUmlC@pollux \
--to=dakr@kernel.org \
--cc=a.hindborg@kernel.org \
--cc=alex.bennee@linaro.org \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=bqe@google.com \
--cc=dakr@redhat.com \
--cc=gary@garyguo.net \
--cc=joakim.bech@linaro.org \
--cc=linux-clk@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=linux@rasmusvillemoes.dk \
--cc=manos.pitsidianakis@linaro.org \
--cc=miguel.ojeda.sandonis@gmail.com \
--cc=mturquette@baylibre.com \
--cc=nm@ti.com \
--cc=ojeda@kernel.org \
--cc=rafael@kernel.org \
--cc=robh@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=sboyd@kernel.org \
--cc=tmgross@umich.edu \
--cc=vincent.guittot@linaro.org \
--cc=viresh.kumar@linaro.org \
--cc=yury.norov@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.