From: "Danilo Krummrich" <dakr@kernel.org>
To: "Gary Guo" <gary@garyguo.net>
Cc: <acourbot@nvidia.com>, <aliceryhl@google.com>,
<nouveau@lists.freedesktop.org>,
<dri-devel@lists.freedesktop.org>,
<rust-for-linux@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] gpu: nova-core: gsp: fix UB in DmaGspMem pointer accessors
Date: Wed, 11 Mar 2026 14:05:52 +0100 [thread overview]
Message-ID: <DGZZ47IBKTHD.3BB0V807G3V37@kernel.org> (raw)
In-Reply-To: <DGZYZOXZE7XU.YV5O6SOIR6KS@garyguo.net>
On Wed Mar 11, 2026 at 1:59 PM CET, Gary Guo wrote:
> On Tue Mar 10, 2026 at 10:58 AM GMT, Danilo Krummrich wrote:
>> On Tue Mar 10, 2026 at 3:01 AM CET, Gary Guo wrote:
>>>> +// TODO: Revert to private once `IoView` projections replace the `gsp_mem` module.
>>>> +pub(in crate::gsp) struct Msgq {
>>>
>>> These could all be `(in super)`?
>>
>> Yes, or just pub(super). However, that's not the case for the functions in the
>> gsp_mem module, they could be pub(in super::super) though. But I think I prefer
>> pub(in crate::gsp) for those.
>>
>>>> + pub(in crate::gsp) fn gsp_write_ptr(qs: &CoherentAllocation<GspMem>) -> u32 {
>>>> + // PANIC: A `dma::CoherentAllocation` always contains at least one element.
>>>> + || -> Result<u32> { Ok(dma_read!(qs, [0]?.gspq.tx.0.writePtr) % MSGQ_NUM_PAGES) }().unwrap()
>>>
>>> I wonder if I should add a panicking variant of index projection for this case.
>>> Perhaps of syntax `[index]!`.
>>>
>>> We could also make the existing `[index]` becoming a panicking one instead of
>>> `build_error!` one. It is more consistent with Rust index operator that way.
>>
>> I thought the same, as something like this `[n]?.ptes[i]` looks a bit odd.
>>
>> However, I think we ideally want both variants (I like your `[i]!` proposal
>> above), since generally users should have the choice (as they also have with a
>> slice through get()). For instance, the index could come from userspace. Sure,
>> you can always validate the index in advance, but having a fallible variant is a
>> bit nicer.
>
> I'm not proposing removal of the fallible variant, just that we can make the
> infallible one use panicking instead of `build_error!`.
SGTM.
next prev parent reply other threads:[~2026-03-11 13:05 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-09 22:53 [PATCH] gpu: nova-core: gsp: fix UB in DmaGspMem pointer accessors Danilo Krummrich
2026-03-10 2:01 ` Gary Guo
2026-03-10 3:56 ` Eliot Courtney
2026-03-10 11:02 ` Danilo Krummrich
2026-03-11 12:58 ` Gary Guo
2026-03-11 13:04 ` Danilo Krummrich
2026-03-10 10:58 ` Danilo Krummrich
2026-03-11 12:59 ` Gary Guo
2026-03-11 13:05 ` Danilo Krummrich [this message]
2026-03-11 8:01 ` Alexandre Courbot
2026-03-11 19:29 ` Danilo Krummrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DGZZ47IBKTHD.3BB0V807G3V37@kernel.org \
--to=dakr@kernel.org \
--cc=acourbot@nvidia.com \
--cc=aliceryhl@google.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=gary@garyguo.net \
--cc=linux-kernel@vger.kernel.org \
--cc=nouveau@lists.freedesktop.org \
--cc=rust-for-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox