From: Zhao Liu <zhao1.liu@intel.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Peter Xu" <peterx@redhat.com>,
"David Hildenbrand" <david@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Manos Pitsidianakis" <manos.pitsidianakis@linaro.org>,
"Alex Bennée" <alex.bennee@linaro.org>,
"Thomas Huth" <thuth@redhat.com>,
"Junjie Mao" <junjie.mao@hotmail.com>,
qemu-devel@nongnu.org, qemu-rust@nongnu.org,
"Dapeng Mi" <dapeng1.mi@linux.intel.com>,
"Chuanxiao Dong" <chuanxiao.dong@intel.com>
Subject: Re: [RFC 16/26] memory: Make flatview_do_translate() return a pointer to MemoryRegionSection
Date: Tue, 12 Aug 2025 23:39:12 +0800 [thread overview]
Message-ID: <aJtgIBgl8JzDsJ1O@intel.com> (raw)
In-Reply-To: <beab841b-9c69-43d2-b996-879eee9e1120@redhat.com>
On Thu, Aug 07, 2025 at 03:57:17PM +0200, Paolo Bonzini wrote:
> Date: Thu, 7 Aug 2025 15:57:17 +0200
> From: Paolo Bonzini <pbonzini@redhat.com>
> Subject: Re: [RFC 16/26] memory: Make flatview_do_translate() return a
> pointer to MemoryRegionSection
>
> On 8/7/25 14:30, Zhao Liu wrote:
> > Rust side will use cell::Opaque<> to hide details of C structure, and
> > this could help avoid the direct operation on C memory from Rust side.
> >
> > Therefore, it's necessary to wrap a translation binding and make it only
> > return the pointer to MemoryRegionSection, instead of the copy.
> >
> > As the first step, make flatview_do_translate return a pointer to
> > MemoryRegionSection, so that we can build a wrapper based on it.
>
> Independent of Rust, doing the copy as late as possible is good, but make it
> return a "const MemoryRegionSection*" so that there's no risk of overwriting
> data.
Yes, const MemoryRegionSection* is helpful...
> Hopefully this does not show a bigger problem!
...then we will get `*const bindings::MemoryRegionSection` from
flatview_translate_section().
This is mainly about how to construct Opaque<T> from `*cont T`:
impl FlatView {
fn translate(
&self,
addr: GuestAddress,
len: GuestUsize,
is_write: bool,
) -> Option<(&MemoryRegionSection, MemoryRegionAddress, GuestUsize)> {
...
let ptr = unsafe {
flatview_translate_section(
self.as_mut_ptr(),
addr.raw_value(),
&mut raw_addr,
&mut remain,
is_write,
MEMTXATTRS_UNSPECIFIED,
)
};
...
------> // Note here, Opaque<>::from_raw() requires *mut T.
// And we can definitely convert *cont T to *mut T!
let s = unsafe { <FlatView as GuestMemory>::R::from_raw(ptr as *mut _) };
...
}
But look closer to Opaque<>, it has 2 safe methods: as_mut_ptr() &
raw_get().
These 2 methods indicate that the T pointed by Qpaque<T> is mutable,
which has the conflict with the original `*const bindings::MemoryRegionSection`.
So from this point, it seems unsafe to use Qpaque<> on this case.
To address this, I think we need:
- rich comments about this MemoryRegionSection is actually immuatble.
- modify other C functions to accept `const *MemoryRegionSection` as
argument.
What do you think?
Thanks,
Zhao
next prev parent reply other threads:[~2025-08-12 15:19 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-07 12:30 [RFC 00/26] rust/memory: Integrate the vm-memory API from rust-vmm Zhao Liu
2025-08-07 12:30 ` [RFC 01/26] rust/hpet: Fix the error caused by vm-memory Zhao Liu
2025-08-07 13:52 ` Paolo Bonzini
2025-08-08 7:27 ` Zhao Liu
2025-08-07 12:30 ` [RFC 02/26] rust/cargo: Add the support for vm-memory Zhao Liu
2025-08-07 12:30 ` [RFC 03/26] subprojects: Add thiserror-impl crate Zhao Liu
2025-08-07 12:30 ` [RFC 04/26] subprojects: Add thiserror crate Zhao Liu
2025-08-07 12:30 ` [RFC 05/26] subprojects: Add winapi-i686-pc-windows-gnu crate Zhao Liu
2025-08-07 12:30 ` [RFC 06/26] subprojects: Add winapi-x86_64-pc-windows-gnu crate Zhao Liu
2025-08-07 12:30 ` [RFC 07/26] subprojects: Add winapi crate Zhao Liu
2025-08-07 13:17 ` Paolo Bonzini
2025-08-08 7:33 ` Zhao Liu
2025-08-07 12:30 ` [RFC 08/26] subprojects: Add vm-memory crate Zhao Liu
2025-08-07 12:30 ` [RFC 09/26] rust: Add vm-memory in meson Zhao Liu
2025-08-07 12:30 ` [RFC 10/26] subprojects/vm-memory: Patch vm-memory for QEMU memory backend Zhao Liu
2025-08-07 13:59 ` Paolo Bonzini
2025-08-08 8:17 ` Zhao Liu
2025-08-08 8:17 ` Paolo Bonzini
2025-08-08 8:51 ` Zhao Liu
2025-08-07 12:30 ` [RFC 11/26] rust/cargo: Specify the patched vm-memory crate Zhao Liu
2025-08-07 12:30 ` [RFC 12/26] rcu: Make rcu_read_lock & rcu_read_unlock not inline Zhao Liu
2025-08-07 13:54 ` Paolo Bonzini
2025-08-08 8:19 ` Zhao Liu
2025-08-07 12:30 ` [RFC 13/26] rust: Add RCU bindings Zhao Liu
2025-08-07 12:29 ` Manos Pitsidianakis
2025-08-07 13:38 ` Paolo Bonzini
2025-08-09 7:21 ` Zhao Liu
2025-08-09 9:13 ` Paolo Bonzini
2025-08-09 9:26 ` Manos Pitsidianakis
2025-08-12 10:43 ` Zhao Liu
2025-08-12 10:31 ` Zhao Liu
2025-08-07 12:30 ` [RFC 14/26] memory: Expose interfaces about Flatview reference count to Rust side Zhao Liu
2025-08-07 12:30 ` [RFC 15/26] memory: Rename address_space_lookup_region and expose it " Zhao Liu
2025-08-07 12:30 ` [RFC 16/26] memory: Make flatview_do_translate() return a pointer to MemoryRegionSection Zhao Liu
2025-08-07 13:57 ` Paolo Bonzini
2025-08-12 15:39 ` Zhao Liu [this message]
2025-08-12 15:42 ` Manos Pitsidianakis
2025-08-13 15:12 ` Zhao Liu
2025-08-12 19:23 ` Paolo Bonzini
2025-08-13 15:10 ` Zhao Liu
2025-08-07 12:30 ` [RFC 17/26] memory: Add a translation helper to return MemoryRegionSection Zhao Liu
2025-08-07 12:30 ` [RFC 18/26] memory: Rename flatview_access_allowed() to memory_region_access_allowed() Zhao Liu
2025-08-07 12:41 ` Manos Pitsidianakis
2025-08-07 12:30 ` [RFC 19/26] memory: Add MemoryRegionSection based misc helpers Zhao Liu
2025-08-07 12:30 ` [RFC 20/26] memory: Add wrappers of intermediate steps for read/write Zhao Liu
2025-08-07 12:30 ` [RFC 21/26] memory: Add store/load interfaces for Rust side Zhao Liu
2025-08-07 12:30 ` [RFC 22/26] rust/memory: Implement vm_memory::GuestMemoryRegion for MemoryRegionSection Zhao Liu
2025-08-07 12:30 ` [RFC 23/26] rust/memory: Implement vm_memory::GuestMemory for FlatView Zhao Liu
2025-08-07 12:30 ` [RFC 24/26] rust/memory: Provide AddressSpace bindings Zhao Liu
2025-08-07 13:50 ` Paolo Bonzini
2025-08-13 14:47 ` Zhao Liu
2025-08-07 12:30 ` [RFC 25/26] rust/memory: Add binding to check target endian Zhao Liu
2025-08-07 12:44 ` Manos Pitsidianakis
2025-08-13 14:48 ` Zhao Liu
2025-08-07 12:30 ` [RFC 26/26] rust/hpet: Use safe binding to access address space Zhao Liu
2025-08-07 12:42 ` [RFC 00/26] rust/memory: Integrate the vm-memory API from rust-vmm Zhao Liu
2025-08-07 14:13 ` Paolo Bonzini
2025-08-13 14:56 ` Zhao Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aJtgIBgl8JzDsJ1O@intel.com \
--to=zhao1.liu@intel.com \
--cc=alex.bennee@linaro.org \
--cc=chuanxiao.dong@intel.com \
--cc=dapeng1.mi@linux.intel.com \
--cc=david@redhat.com \
--cc=junjie.mao@hotmail.com \
--cc=manos.pitsidianakis@linaro.org \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-rust@nongnu.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).