From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 366891E1DFE; Mon, 23 Jun 2025 19:25:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750706729; cv=none; b=ofqf9s6Lbeic53/ynnKIX7UzNRO4VRAOoo2+u+vuwI+0rJzCoNT8Fqq2cLdZRtEMnnnKQW+nU/FZsps+eZYAtiMM/DZj1Rey+HeftHUvycrR2UOhuy2iRzaEMvXGCtA7Ws+o2JLCewZuOqNWX94uC8ms07WtDB3dNYj+I0bVZ7E= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750706729; c=relaxed/simple; bh=JmZmp75kdGDdC1XA59SnUh+LpRTyEr40586zQDgBptY=; h=Mime-Version:Content-Type:Date:Message-Id:Cc:Subject:From:To: References:In-Reply-To; b=KJeJqsBOy5BXTL7auIjZ7fFEtDN9C24JCxoq45liPb5HXqWED3o9OewXTiPSp3QEq7lrbcpWBvuU8fIVUC1dzoSXnpgcPVx4BIwRrvwTiQ1O0E66RLbqo7cdDsjgCsSGwci1FxiLw0VRkI6GACIoODju8da0ILQRyeAInxpF5FA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=FeO73gcT; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="FeO73gcT" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 547A4C4CEEA; Mon, 23 Jun 2025 19:25:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1750706728; bh=JmZmp75kdGDdC1XA59SnUh+LpRTyEr40586zQDgBptY=; h=Date:Cc:Subject:From:To:References:In-Reply-To:From; b=FeO73gcTq8XH956Ae2nclMOw3mYyjz70fg7p0LF9aZlXd6kO/1HiJQSWiFn0uY7ki 7b4gx53xXqSJkFsDnTjij6+FDihLjATgdy/aF7lIhT7HiIY5nR5iE+G0jWt/HKc2Mm 8OWFhhrbaj6Cnho8Pf7RfnSINxMjlTm+qSjumWA3izVXPqS0N9fUh6xYeSR8rXg7US eOvC+cWVT268sAjaTzVJ5+dC2OMHmT2G+6VkZ5KfVHCAZXhE3A1+YLx7zvM+etA8Qo JMvHdnQ2Whjkoh+TetyiZbL6Zv7I80PBflBpPUePpXAR1ReB1RdyAP3v2GKF5JzK+7 K++7/nOKntrCw== Precedence: bulk X-Mailing-List: rust-for-linux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Mon, 23 Jun 2025 21:25:23 +0200 Message-Id: Cc: "Alice Ryhl" , "Danilo Krummrich" , "Daniel Almeida" , "Miguel Ojeda" , "Alex Gaynor" , "Gary Guo" , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , "Andreas Hindborg" , "Trevor Gross" , "Greg Kroah-Hartman" , "Rafael J. Wysocki" , "Thomas Gleixner" , "Bjorn Helgaas" , =?utf-8?q?Krzysztof_Wilczy=C2=B4nski?= , , , Subject: Re: [PATCH v4 3/6] rust: irq: add support for non-threaded IRQs and handlers From: "Benno Lossin" To: "Boqun Feng" X-Mailer: aerc 0.20.1 References: <20250608-topics-tyr-request_irq-v4-0-81cb81fb8073@collabora.com> <20250608-topics-tyr-request_irq-v4-3-81cb81fb8073@collabora.com> In-Reply-To: On Mon Jun 23, 2025 at 7:31 PM CEST, Boqun Feng wrote: > On Mon, Jun 23, 2025 at 05:26:14PM +0200, Benno Lossin wrote: >> On Mon Jun 23, 2025 at 5:10 PM CEST, Alice Ryhl wrote: >> > On Mon, Jun 9, 2025 at 12:47=E2=80=AFPM Danilo Krummrich wrote: >> >> On Sun, Jun 08, 2025 at 07:51:08PM -0300, Daniel Almeida wrote: >> >> > + dev: &'a Device, >> >> > + irq: u32, >> >> > + flags: Flags, >> >> > + name: &'static CStr, >> >> > + handler: T, >> >> > + ) -> impl PinInit + 'a { >> >> > + let closure =3D move |slot: *mut Self| { >> >> > + // SAFETY: The slot passed to pin initializer is valid= for writing. >> >> > + unsafe { >> >> > + slot.write(Self { >> >> > + inner: Devres::new( >> >> > + dev, >> >> > + RegistrationInner { >> >> > + irq, >> >> > + cookie: slot.cast(), >> >> > + }, >> >> > + GFP_KERNEL, >> >> > + )?, >> >> > + handler, >> >> > + _pin: PhantomPinned, >> >> > + }) >> >> > + }; >> >> > + >> >> > + // SAFETY: >> >> > + // - The callbacks are valid for use with request_irq. >> >> > + // - If this succeeds, the slot is guaranteed to be va= lid until the >> >> > + // destructor of Self runs, which will deregister the = callbacks >> >> > + // before the memory location becomes invalid. >> >> > + let res =3D to_result(unsafe { >> >> > + bindings::request_irq( >> >> > + irq, >> >> > + Some(handle_irq_callback::), >> >> > + flags.into_inner() as usize, >> >> > + name.as_char_ptr(), >> >> > + slot.cast(), >> >> > + ) >> >> > + }); >> >> > + >> >> > + if res.is_err() { >> >> > + // SAFETY: We are returning an error, so we can de= stroy the slot. >> >> > + unsafe { core::ptr::drop_in_place(&raw mut (*slot)= .handler) }; >> >> > + } >> >> > + >> >> > + res >> >> > + }; >> >> > + >> >> > + // SAFETY: >> >> > + // - if this returns Ok, then every field of `slot` is ful= ly >> >> > + // initialized. >> >> > + // - if this returns an error, then the slot does not need= to remain >> >> > + // valid. >> >> > + unsafe { pin_init_from_closure(closure) } >> >> >> >> Can't we use try_pin_init!() instead, move request_irq() into the ini= tializer of >> >> RegistrationInner and initialize inner last? >> > >> > We need a pointer to the entire struct when calling >> > bindings::request_irq. I'm not sure this allows you to easily get one? >> > I don't think using container_of! here is worth it. >>=20 >> There is the `&this in` syntax (`this` is of type `NonNull`): >>=20 >> try_pin_init!(&this in Self { >> inner: Devres::new( >> dev, >> RegistrationInner { >> irq, >> cookie: this.as_ptr().cast(), >> }, >> GFP_KERNEL, >> )?, >> handler, >> _pin: { >> to_result(unsafe { >> bindings::request_irq( >> irq, >> Some(handle_irq_callback::), >> flags.into_inner() as usize, >> name.as_char_ptr(), >> slot.as_ptr().cast(), > > this is "this" instead of "slot", right? > >> ) >> })?; >> PhantomPinned >> }, >> }) >>=20 >> Last time around, I also asked this question and you replied with that >> we need to abort the initializer when `request_irq` returns false and >> avoid running `Self::drop` (thus we can't do it using `pin_chain`). >>=20 >> I asked what we could do instead and you mentioned the `_: {}` >> initializers and those would indeed solve it, but we can abuse the >> `_pin` field for that :) >>=20 > > Hmm.. but if request_irq() fails, aren't we going to call `drop` on > `inner`, which drops the `Devres` which will eventually call > `RegistrationInner::drop()`? And that's a `free_irq()` without > `request_irq()` succeeded. That is indeed correct :( But hold on, we aren't allowed to forget the `Devres`, it's a pinned type and thus the pin guarantee is that it must be dropped before the underlying memory is freed. So the current version is unsound. --- Cheers, Benno