From: "Danilo Krummrich" <dakr@kernel.org>
To: "Gary Guo" <gary@garyguo.net>
Cc: "Alexandre Courbot" <acourbot@nvidia.com>,
"Alice Ryhl" <aliceryhl@google.com>,
"Daniel Almeida" <daniel.almeida@collabora.com>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Rafael J. Wysocki" <rafael@kernel.org>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Boqun Feng" <boqun@kernel.org>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <lossin@kernel.org>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Trevor Gross" <tmgross@umich.edu>,
"Bjorn Helgaas" <bhelgaas@google.com>,
"Krzysztof Wilczyński" <kwilczynski@kernel.org>,
"Abdiel Janulgue" <abdiel.janulgue@gmail.com>,
"Robin Murphy" <robin.murphy@arm.com>,
"David Airlie" <airlied@gmail.com>,
"Simona Vetter" <simona@ffwll.ch>,
driver-core@lists.linux.dev, rust-for-linux@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org,
nova-gpu@lists.linux.dev, dri-devel@lists.freedesktop.org
Subject: Re: [PATCH v4 09/20] rust: io: use view types instead of addresses for `Io`
Date: Sun, 21 Jun 2026 18:15:45 +0200 [thread overview]
Message-ID: <DJEV166T78O2.22Q1ANXGBZNU7@kernel.org> (raw)
In-Reply-To: <DJEUAKFVCM0M.3VV7G8AQRXAGU@garyguo.net>
On Sun Jun 21, 2026 at 5:41 PM CEST, Gary Guo wrote:
> On Sun Jun 21, 2026 at 10:17 AM BST, Alexandre Courbot wrote:
>> As you can see, this lets a 32-bit access be done on the upper half of a
>> 64-bit register, which sounds like it should not be allowed? Similarly one
>> could change register types, and so on. This might not be "unsafe" in the
>> sense that it is still aligned and in bounds, but it lets the structure set
>> by the type system be bypassed. It could also potentially be a violation of
>> the hardware contract if the access width is relevant for this particular
>> address.
>
> I see no reason to prevent any of the case, this can be done by `try_cast()`
> API as well. If we need to take access width restriction and other
> restrictions into consideration, then a lot of API cannot be exposed at all.
> E.g. it is not okay to add `copy_read`/`copy_write` like the patch 19, because
> it uses memcpy_from/toio which is possibility doing byte-width access.
>
> in my opinion think people should be able to type casting without reaching out
> to `unsafe` if it's not UB. Similar to the logic on why we have `zerocopy`
> that allows casting between to types, these are "bypassing the typesystem" as
> well!
I think this is fine as-is. The natural, ergonomic path through the API
(io_read!/io_write!/io_project! macros, IoLoc-based accessors, etc.) leads users
toward correct access widths.
Whether through io_addr() or a custom IoLoc implementation, reinterpreting the
access type requires explicit, deliberate choices: picking a different type and
computing a byte offset. This is not something anyone would do by accident.
So, as long as the API doesn't provide a subtle way to do the wrong thing by
accident, I don't think we need to add restrictions here.
next prev parent reply other threads:[~2026-06-21 16:15 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-11 16:28 [PATCH v4 00/20] rust: I/O type generalization and projection Gary Guo
2026-06-11 16:28 ` [PATCH v4 01/20] rust: io: add dynamically-sized `Region` type Gary Guo
2026-06-13 10:05 ` Miguel Ojeda
2026-06-15 4:03 ` Alexandre Courbot
2026-06-15 10:05 ` Gary Guo
2026-06-15 11:47 ` Miguel Ojeda
2026-06-11 16:28 ` [PATCH v4 02/20] rust: io: add missing safety requirement in `IoCapable` methods Gary Guo
2026-06-15 4:28 ` Alexandre Courbot
2026-06-15 10:13 ` Gary Guo
2026-06-15 14:10 ` Alexandre Courbot
2026-06-11 16:28 ` [PATCH v4 03/20] rust: io: restrict untyped IO access and `register!` to `Region` Gary Guo
2026-06-15 5:17 ` Alexandre Courbot
2026-06-15 10:22 ` Gary Guo
2026-06-11 16:28 ` [PATCH v4 04/20] rust: io: implement `Io` on reference types instead Gary Guo
2026-06-15 5:29 ` Alexandre Courbot
2026-06-11 16:28 ` [PATCH v4 05/20] rust: io: generalize `MmioRaw` to pointer to arbitrary type Gary Guo
2026-06-15 8:04 ` Alexandre Courbot
2026-06-11 16:28 ` [PATCH v4 06/20] rust: io: rename `Mmio` to `MmioOwned` Gary Guo
2026-06-15 8:09 ` Alexandre Courbot
2026-06-11 16:28 ` [PATCH v4 07/20] rust: io: implement `Mmio` as view type Gary Guo
2026-06-15 14:52 ` Alexandre Courbot
2026-06-15 15:13 ` Gary Guo
2026-06-16 0:18 ` Alexandre Courbot
2026-06-16 11:12 ` Gary Guo
2026-06-16 14:22 ` Alexandre Courbot
2026-06-11 16:28 ` [PATCH v4 08/20] rust: pci: io: make `ConfigSpace` a view Gary Guo
2026-06-16 6:34 ` Alexandre Courbot
2026-06-16 10:58 ` Gary Guo
2026-06-16 14:28 ` Alexandre Courbot
2026-06-11 16:28 ` [PATCH v4 09/20] rust: io: use view types instead of addresses for `Io` Gary Guo
2026-06-16 14:05 ` Alexandre Courbot
2026-06-16 14:50 ` Gary Guo
2026-06-21 9:17 ` Alexandre Courbot
2026-06-21 15:41 ` Gary Guo
2026-06-21 16:15 ` Danilo Krummrich [this message]
2026-06-21 16:28 ` Gary Guo
2026-06-11 16:28 ` [PATCH v4 10/20] rust: io: remove `MmioOwned` Gary Guo
2026-06-11 16:28 ` [PATCH v4 11/20] rust: io: move `Io` methods to extension trait Gary Guo
2026-06-11 16:28 ` [PATCH v4 12/20] rust: prelude: add `zerocopy{,_derive}::IntoBytes` Gary Guo
2026-06-11 16:28 ` [PATCH v4 13/20] rust: io: add projection macro and methods Gary Guo
2026-06-11 16:28 ` [PATCH v4 14/20] rust: io: add I/O backend for system memory with volatile access Gary Guo
2026-06-11 16:28 ` [PATCH v4 15/20] rust: io: implement a view type for `Coherent` Gary Guo
2026-06-11 16:28 ` [PATCH v4 16/20] rust: io: add `read_val` and `write_val` functions on `Io` Gary Guo
2026-06-11 16:28 ` [PATCH v4 17/20] gpu: nova-core: use I/O projection for cleaner encapsulation Gary Guo
2026-06-11 16:28 ` [PATCH v4 18/20] rust: dma: drop `dma_read!` and `dma_write!` API Gary Guo
2026-06-11 16:28 ` [PATCH v4 19/20] rust: io: add copying methods Gary Guo
2026-06-11 19:36 ` Gary Guo
2026-06-11 16:28 ` [PATCH v4 20/20] rust: io: implement `IoSysMap` Gary Guo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DJEV166T78O2.22Q1ANXGBZNU7@kernel.org \
--to=dakr@kernel.org \
--cc=a.hindborg@kernel.org \
--cc=abdiel.janulgue@gmail.com \
--cc=acourbot@nvidia.com \
--cc=airlied@gmail.com \
--cc=aliceryhl@google.com \
--cc=bhelgaas@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun@kernel.org \
--cc=daniel.almeida@collabora.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=driver-core@lists.linux.dev \
--cc=gary@garyguo.net \
--cc=gregkh@linuxfoundation.org \
--cc=kwilczynski@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=lossin@kernel.org \
--cc=nova-gpu@lists.linux.dev \
--cc=ojeda@kernel.org \
--cc=rafael@kernel.org \
--cc=robin.murphy@arm.com \
--cc=rust-for-linux@vger.kernel.org \
--cc=simona@ffwll.ch \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox