From: Timur Tabi <ttabi@nvidia.com>
To: Gary Guo <gary@garyguo.net>, Alice Ryhl <aliceryhl@google.com>,
<mmaurer@google.com>, Danilo Krummrich <dakr@kernel.org>,
Alexandre Courbot <acourbot@nvidia.com>,
John Hubbard <jhubbard@nvidia.com>,
Joel Fernandes <joelagnelf@nvidia.com>,
<nouveau@lists.freedesktop.org>, <rust-for-linux@vger.kernel.org>
Subject: [PATCH v7 2/7] rust: uaccess: add write_dma() for copying from DMA buffers to userspace
Date: Tue, 3 Feb 2026 16:47:52 -0600 [thread overview]
Message-ID: <20260203224757.871729-3-ttabi@nvidia.com> (raw)
In-Reply-To: <20260203224757.871729-1-ttabi@nvidia.com>
Add UserSliceWriter::write_dma() to copy data from a CoherentAllocation<u8>
to userspace. This provides a safe interface for copying DMA buffer
contents to userspace without requiring callers to work with raw pointers.
Because write_dma() and write_slice() have common code, factor that code
out into a helper function, write_raw().
The method handles bounds checking and offset calculation internally,
wrapping the unsafe copy_to_user() call.
Signed-off-by: Timur Tabi <ttabi@nvidia.com>
---
rust/kernel/uaccess.rs | 74 +++++++++++++++++++++++++++++++++++-------
1 file changed, 63 insertions(+), 11 deletions(-)
diff --git a/rust/kernel/uaccess.rs b/rust/kernel/uaccess.rs
index f989539a31b4..d29a52f2a878 100644
--- a/rust/kernel/uaccess.rs
+++ b/rust/kernel/uaccess.rs
@@ -7,6 +7,7 @@
use crate::{
alloc::{Allocator, Flags},
bindings,
+ dma::CoherentAllocation,
error::Result,
ffi::{c_char, c_void},
fs::file,
@@ -459,20 +460,20 @@ pub fn is_empty(&self) -> bool {
self.length == 0
}
- /// Writes raw data to this user pointer from a kernel buffer.
- ///
- /// Fails with [`EFAULT`] if the write happens on a bad address, or if the write goes out of
- /// bounds of this [`UserSliceWriter`]. This call may modify the associated userspace slice even
- /// if it returns an error.
- pub fn write_slice(&mut self, data: &[u8]) -> Result {
- let len = data.len();
- let data_ptr = data.as_ptr().cast::<c_void>();
+ /// Low-level write from a raw pointer. Caller must ensure ptr is valid for `len` bytes.
+ fn write_raw(&mut self, ptr: *const u8, len: usize) -> Result {
if len > self.length {
return Err(EFAULT);
}
- // SAFETY: `data_ptr` points into an immutable slice of length `len`, so we may read
- // that many bytes from it.
- let res = unsafe { bindings::copy_to_user(self.ptr.as_mut_ptr(), data_ptr, len) };
+ // SAFETY:
+ // - `self.ptr` is a userspace pointer, and `len <= self.length` is checked above to
+ // ensure we don't exceed the caller-specified bounds.
+ // - `ptr` is valid for reading `len` bytes as required by this function's safety contract.
+ // - `copy_to_user` validates the userspace address at runtime and returns non-zero on
+ // failure (e.g., bad address or unmapped memory).
+ let res = unsafe {
+ bindings::copy_to_user(self.ptr.as_mut_ptr(), ptr.cast::<c_void>(), len)
+ };
if res != 0 {
return Err(EFAULT);
}
@@ -481,6 +482,57 @@ pub fn write_slice(&mut self, data: &[u8]) -> Result {
Ok(())
}
+ /// Writes raw data to this user pointer from a kernel buffer.
+ ///
+ /// Fails with [`EFAULT`] if the write happens on a bad address, or if the write goes out of
+ /// bounds of this [`UserSliceWriter`]. This call may modify the associated userspace slice even
+ /// if it returns an error.
+ pub fn write_slice(&mut self, data: &[u8]) -> Result {
+ self.write_raw(data.as_ptr(), data.len())
+ }
+
+ /// Writes raw data to this user pointer from a DMA coherent allocation.
+ ///
+ /// # Arguments
+ ///
+ /// * `data` - The DMA coherent allocation to copy from.
+ /// * `offset` - The byte offset into `data` to start copying from.
+ /// * `count` - The number of bytes to copy.
+ ///
+ /// # Errors
+ /// Returns [`EOVERFLOW`] if `offset + count` overflows.
+ /// Returns [`ERANGE`] if `offset + count` exceeds the size of `data`, or `count` exceeds
+ /// the size of the user-space buffer.
+ /// Returns [`EFAULT`] if the write happens on a bad address, or if the write goes out of
+ /// bounds of this [`UserSliceWriter`].
+ ///
+ /// This call may modify the associated userspace slice even if it returns an error.
+ ///
+ /// Note: The memory may be concurrently modified by hardware (e.g., DMA). In such cases,
+ /// the copied data may be inconsistent, but this does not cause undefined behavior.
+ pub fn write_dma(
+ &mut self,
+ alloc: &CoherentAllocation<u8>,
+ offset: usize,
+ count: usize,
+ ) -> Result {
+ let len = alloc.size();
+ if offset.checked_add(count).ok_or(EOVERFLOW)? > len {
+ return Err(ERANGE);
+ }
+
+ if count > self.len() {
+ return Err(ERANGE);
+ }
+
+ // SAFETY: `start_ptr()` returns a valid pointer to a memory region of `count()` bytes,
+ // as guaranteed by the `CoherentAllocation` invariants. The check above ensures
+ // `offset + count <= len`.
+ let src_ptr = unsafe { alloc.start_ptr().add(offset) };
+
+ self.write_raw(src_ptr, count)
+ }
+
/// Writes raw data to this user pointer from a kernel buffer partially.
///
/// This is the same as [`Self::write_slice`] but considers the given `offset` into `data` and
--
2.52.0
next prev parent reply other threads:[~2026-02-03 22:48 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-03 22:47 [PATCH v7 0/7] gpu: nova-core: expose the logging buffers via debugfs Timur Tabi
2026-02-03 22:47 ` [PATCH v7 1/7] rust: device: add device name method Timur Tabi
2026-02-03 22:47 ` Timur Tabi [this message]
2026-02-04 2:06 ` [PATCH v7 2/7] rust: uaccess: add write_dma() for copying from DMA buffers to userspace kernel test robot
2026-02-04 20:01 ` Timur Tabi
2026-03-09 19:59 ` Danilo Krummrich
2026-03-10 19:52 ` Timur Tabi
2026-03-10 19:56 ` Danilo Krummrich
2026-03-10 20:11 ` Timur Tabi
2026-03-10 20:01 ` Alice Ryhl
2026-02-03 22:47 ` [PATCH v7 3/7] rust: dma: implement BinaryWriter for CoherentAllocation<u8> Timur Tabi
2026-02-03 22:47 ` [PATCH v7 4/7] gpu: nova-core: Replace module_pci_driver! with explicit module init Timur Tabi
2026-02-03 22:47 ` [PATCH v7 5/7] gpu: nova-core: use pin projection in method boot() Timur Tabi
2026-02-03 22:47 ` [PATCH v7 6/7] gpu: nova-core: create debugfs root in module init Timur Tabi
2026-02-03 22:47 ` [PATCH v7 7/7] gpu: nova-core: create GSP-RM logging buffers debugfs entries Timur Tabi
2026-02-10 3:28 ` [PATCH v7 0/7] gpu: nova-core: expose the logging buffers via debugfs John Hubbard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260203224757.871729-3-ttabi@nvidia.com \
--to=ttabi@nvidia.com \
--cc=acourbot@nvidia.com \
--cc=aliceryhl@google.com \
--cc=dakr@kernel.org \
--cc=gary@garyguo.net \
--cc=jhubbard@nvidia.com \
--cc=joelagnelf@nvidia.com \
--cc=mmaurer@google.com \
--cc=nouveau@lists.freedesktop.org \
--cc=rust-for-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox