From: "Danilo Krummrich" <dakr@kernel.org>
To: "Gary Guo" <gary@garyguo.net>
Cc: <acourbot@nvidia.com>, <aliceryhl@google.com>,
<nouveau@lists.freedesktop.org>,
<dri-devel@lists.freedesktop.org>,
<rust-for-linux@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] gpu: nova-core: gsp: fix UB in DmaGspMem pointer accessors
Date: Tue, 10 Mar 2026 11:58:53 +0100 [thread overview]
Message-ID: <DGZ1SFR07FY8.26IXX819VFGC5@kernel.org> (raw)
In-Reply-To: <DGYQCXD2VH23.3D54NHJH6I0VA@garyguo.net>
On Tue Mar 10, 2026 at 3:01 AM CET, Gary Guo wrote:
>> +// TODO: Revert to private once `IoView` projections replace the `gsp_mem` module.
>> +pub(in crate::gsp) struct Msgq {
>
> These could all be `(in super)`?
Yes, or just pub(super). However, that's not the case for the functions in the
gsp_mem module, they could be pub(in super::super) though. But I think I prefer
pub(in crate::gsp) for those.
>> + pub(in crate::gsp) fn gsp_write_ptr(qs: &CoherentAllocation<GspMem>) -> u32 {
>> + // PANIC: A `dma::CoherentAllocation` always contains at least one element.
>> + || -> Result<u32> { Ok(dma_read!(qs, [0]?.gspq.tx.0.writePtr) % MSGQ_NUM_PAGES) }().unwrap()
>
> I wonder if I should add a panicking variant of index projection for this case.
> Perhaps of syntax `[index]!`.
>
> We could also make the existing `[index]` becoming a panicking one instead of
> `build_error!` one. It is more consistent with Rust index operator that way.
I thought the same, as something like this `[n]?.ptes[i]` looks a bit odd.
However, I think we ideally want both variants (I like your `[i]!` proposal
above), since generally users should have the choice (as they also have with a
slice through get()). For instance, the index could come from userspace. Sure,
you can always validate the index in advance, but having a fallible variant is a
bit nicer.
next prev parent reply other threads:[~2026-03-10 10:58 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-09 22:53 [PATCH] gpu: nova-core: gsp: fix UB in DmaGspMem pointer accessors Danilo Krummrich
2026-03-10 2:01 ` Gary Guo
2026-03-10 3:56 ` Eliot Courtney
2026-03-10 11:02 ` Danilo Krummrich
2026-03-11 12:58 ` Gary Guo
2026-03-11 13:04 ` Danilo Krummrich
2026-03-10 10:58 ` Danilo Krummrich [this message]
2026-03-11 12:59 ` Gary Guo
2026-03-11 13:05 ` Danilo Krummrich
2026-03-11 8:01 ` Alexandre Courbot
2026-03-11 19:29 ` Danilo Krummrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DGZ1SFR07FY8.26IXX819VFGC5@kernel.org \
--to=dakr@kernel.org \
--cc=acourbot@nvidia.com \
--cc=aliceryhl@google.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=gary@garyguo.net \
--cc=linux-kernel@vger.kernel.org \
--cc=nouveau@lists.freedesktop.org \
--cc=rust-for-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox