From: Danilo Krummrich <dakr@kernel.org>
To: Jason Gunthorpe <jgg@ziepe.ca>
Cc: "Abdiel Janulgue" <abdiel.janulgue@gmail.com>,
rust-for-linux@vger.kernel.org, daniel.almeida@collabora.com,
robin.murphy@arm.com, aliceryhl@google.com,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <benno.lossin@proton.me>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Trevor Gross" <tmgross@umich.edu>,
"Valentin Obst" <kernel@valentinobst.de>,
"open list" <linux-kernel@vger.kernel.org>,
"Christoph Hellwig" <hch@lst.de>,
"Marek Szyprowski" <m.szyprowski@samsung.com>,
airlied@redhat.com,
"open list:DMA MAPPING HELPERS" <iommu@lists.linux.dev>
Subject: Re: [PATCH v13 2/7] rust: add dma coherent allocator abstraction.
Date: Fri, 21 Mar 2025 20:16:31 +0100 [thread overview]
Message-ID: <Z927D6V4SqAZ_Hcg@cassiopeiae> (raw)
In-Reply-To: <20250321182901.GQ126678@ziepe.ca>
On Fri, Mar 21, 2025 at 03:29:01PM -0300, Jason Gunthorpe wrote:
> On Fri, Mar 21, 2025 at 06:34:53PM +0100, Danilo Krummrich wrote:
> > On Fri, Mar 21, 2025 at 02:23:53PM -0300, Jason Gunthorpe wrote:
> > > On Fri, Mar 07, 2025 at 01:06:19PM +0200, Abdiel Janulgue wrote:
> > >
> > > > + // SAFETY: Device pointer is guaranteed as valid by the type invariant on `Device`.
> > > > + let ret = unsafe {
> > > > + bindings::dma_alloc_attrs(
> > > > + dev.as_raw(),
> > > > + size,
> > > > + &mut dma_handle,
> > > > + gfp_flags.as_raw(),
> > > > + dma_attrs.as_raw(),
> > > > + )
> > >
> > > This is not the correct safety statement, the device must have a driver
> > > bound to call this function, a struct device reference is not
> > > sufficient.
> > >
> > > I belive Danilo was suggesting to ignore this unsafety for now, but if
> > > so it should be documented correctly.
> >
> > If just landed patches [1], which are the foundation of addressing this issue.
>
> Those patches say:
>
> The context types can be extended as required, e.g. to limit availability of
> certain (bus) device functions to probe().
>
> Which is not an appropriate limitation for dma_alloc_coherent, we
> expect it to be called outside probe in real drivers. Is there more to
> that story?
Yeah, we can also use them to derive specifically typed Device instances from
other entry points of the driver where we know for sure that at this point the
device must (still) be bound to the driver.
For instance, bus callbacks, subsystem callbacks, certain (but not all) IOCTLs,
IRQ handlers, etc.
All those cases can be covered by only the type system, without additional
locks. We could even use this as an optimization to bypass Devres'
try_access() calls when holding a corresponding device instance in those places.
>
> Regardless, the safety comment should not be merged with incorrect
> information. :\
v15 did land in rust-next, so unfortunately this was overlooked. Since you
caught, mind sending a patch improving the comment?
next prev parent reply other threads:[~2025-03-21 19:16 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-07 11:06 [PATCH v13 0/7] rust: add dma coherent allocator abstraction Abdiel Janulgue
2025-03-07 11:06 ` [PATCH v13 1/7] rust: error: Add EOVERFLOW Abdiel Janulgue
2025-03-07 11:06 ` [PATCH v13 2/7] rust: add dma coherent allocator abstraction Abdiel Janulgue
2025-03-07 11:17 ` Alice Ryhl
2025-03-07 20:40 ` Andreas Hindborg
2025-03-21 17:23 ` Jason Gunthorpe
2025-03-21 17:34 ` Danilo Krummrich
2025-03-21 18:29 ` Jason Gunthorpe
2025-03-21 19:16 ` Danilo Krummrich [this message]
2025-03-07 11:06 ` [PATCH v13 3/7] rust: pci: impl AsMut<Device> for pci::Device Abdiel Janulgue
2025-03-07 11:18 ` Alice Ryhl
2025-03-07 11:45 ` Danilo Krummrich
2025-03-07 14:18 ` Greg KH
2025-03-07 17:53 ` Abdiel Janulgue
2025-03-07 11:06 ` [PATCH v13 4/7] rust: device: add dma addressing capabilities Abdiel Janulgue
2025-03-07 20:12 ` Andreas Hindborg
2025-03-11 17:45 ` Abdiel Janulgue
2025-03-11 18:35 ` Miguel Ojeda
2025-03-11 20:16 ` Andreas Hindborg
2025-03-07 11:06 ` [PATCH v13 5/7] samples: rust: add Rust dma test sample driver Abdiel Janulgue
2025-03-07 11:06 ` [PATCH v13 6/7] MAINTAINERS: add entry for Rust dma mapping helpers device driver API Abdiel Janulgue
2025-03-07 11:06 ` [PATCH v13 7/7] rust: dma: add as_slice/write functions for CoherentAllocation Abdiel Janulgue
2025-03-07 11:12 ` [PATCH v13 0/7] rust: add dma coherent allocator abstraction Danilo Krummrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z927D6V4SqAZ_Hcg@cassiopeiae \
--to=dakr@kernel.org \
--cc=a.hindborg@kernel.org \
--cc=abdiel.janulgue@gmail.com \
--cc=airlied@redhat.com \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=daniel.almeida@collabora.com \
--cc=gary@garyguo.net \
--cc=hch@lst.de \
--cc=iommu@lists.linux.dev \
--cc=jgg@ziepe.ca \
--cc=kernel@valentinobst.de \
--cc=linux-kernel@vger.kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=ojeda@kernel.org \
--cc=robin.murphy@arm.com \
--cc=rust-for-linux@vger.kernel.org \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox