rust-for-linux.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Danilo Krummrich <dakr@kernel.org>
To: Viresh Kumar <viresh.kumar@linaro.org>
Cc: "Rafael J. Wysocki" <rafael@kernel.org>,
	"Miguel Ojeda" <miguel.ojeda.sandonis@gmail.com>,
	"Danilo Krummrich" <dakr@redhat.com>,
	"Miguel Ojeda" <ojeda@kernel.org>,
	"Alex Gaynor" <alex.gaynor@gmail.com>,
	"Boqun Feng" <boqun.feng@gmail.com>,
	"Gary Guo" <gary@garyguo.net>,
	"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
	"Benno Lossin" <benno.lossin@proton.me>,
	"Andreas Hindborg" <a.hindborg@kernel.org>,
	"Alice Ryhl" <aliceryhl@google.com>,
	"Trevor Gross" <tmgross@umich.edu>,
	linux-pm@vger.kernel.org,
	"Vincent Guittot" <vincent.guittot@linaro.org>,
	"Stephen Boyd" <sboyd@kernel.org>, "Nishanth Menon" <nm@ti.com>,
	rust-for-linux@vger.kernel.org,
	"Manos Pitsidianakis" <manos.pitsidianakis@linaro.org>,
	"Alex Bennée" <alex.bennee@linaro.org>,
	"Joakim Bech" <joakim.bech@linaro.org>,
	"Rob Herring" <robh@kernel.org>,
	"Yury Norov" <yury.norov@gmail.com>,
	"Burak Emir" <bqe@google.com>,
	"Rasmus Villemoes" <linux@rasmusvillemoes.dk>,
	"Russell King" <linux@armlinux.org.uk>,
	linux-clk@vger.kernel.org,
	"Michael Turquette" <mturquette@baylibre.com>,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH V10 11/15] rust: cpufreq: Add initial abstractions for cpufreq framework
Date: Wed, 16 Apr 2025 14:25:22 +0200	[thread overview]
Message-ID: <Z_-hskVtNFPxUmlC@pollux> (raw)
In-Reply-To: <20250416093720.5nigxsirbvyiumcv@vireshk-i7>

On Wed, Apr 16, 2025 at 03:07:20PM +0530, Viresh Kumar wrote:
> On 16-04-25, 11:14, Danilo Krummrich wrote:
> > On Wed, Apr 16, 2025 at 12:09:28PM +0530, Viresh Kumar wrote:
> 
> > > +    pub unsafe fn data(&self, index: usize) -> u32 {
> > > +        // SAFETY: By the type invariant, the pointer stored in `self` is valid and `index` is
> > > +        // guaranteed to be valid by the safety requirements of the function.
> > > +        unsafe { (*self.as_raw().add(index)).driver_data }
> > > +    }
> > 
> > Those three functions above look like they're supposed to be used directly by
> > drivers, but are unsafe. :(
> > 
> > It looks like the reason for them being unsafe is that with only the pointer to
> > the struct cpufreq_frequency_table array we don't know the length of the array.
> 
> Yes.
> 
> > However, a Table instance seems to come from TableBox, which *does* know the
> > length of the KVec<bindings::cpufreq_frequency_table>. Why can't we just preserve the
> > length and provide a safe API?
> 
> The Table is also created from a raw pointer, when it is received from
> the C callbacks. Also the Table can be created from the OPP table,
> where again we receive a raw pointer from the C code.
> 
> I tried to do this differently earlier and finalized on current
> version after some discussions on the list:
> 
> https://lore.kernel.org/all/2025011327-cubbyhole-idealness-d4cc@gregkh/

I skimmed over your explanation from the link and got stuck at:

> - The cpufreq core then calls cpufreq driver's callbacks and passes an
>   index to the freq-table, which the drivers don't need to verify
>   against table length, since the index came from the core itself.

This sounds like you could just abstract the index passed through the callback
in some trusted type (e.g. cpufreq::TableIndex) and let the cpufreq::Table
methods take this trusted index type, rather than a raw usize, which would also
make the methods safe.

- Danilo

  reply	other threads:[~2025-04-16 12:25 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-04-16  6:39 [PATCH V10 00/15] Rust abstractions for clk, cpumask, cpufreq, OPP Viresh Kumar
2025-04-16  6:39 ` [PATCH V10 01/15] rust: cpumask: Add few more helpers Viresh Kumar
2025-04-16  6:39 ` [PATCH V10 02/15] rust: cpumask: Add initial abstractions Viresh Kumar
2025-04-16  6:39 ` [PATCH V10 03/15] MAINTAINERS: Add entry for Rust cpumask API Viresh Kumar
2025-04-16  6:39 ` [PATCH V10 04/15] rust: clk: Add helpers for Rust code Viresh Kumar
2025-04-16  6:39 ` [PATCH V10 05/15] rust: clk: Add initial abstractions Viresh Kumar
2025-04-16  6:39 ` [PATCH V10 06/15] rust: macros: enable use of hyphens in module names Viresh Kumar
2025-04-16  6:39 ` [PATCH V10 07/15] rust: cpu: Add from_cpu() Viresh Kumar
2025-04-16  6:39 ` [PATCH V10 08/15] rust: opp: Add initial abstractions for OPP framework Viresh Kumar
2025-04-16  6:39 ` [PATCH V10 09/15] rust: opp: Add abstractions for the OPP table Viresh Kumar
2025-04-16  6:39 ` [PATCH V10 10/15] rust: opp: Add abstractions for the configuration options Viresh Kumar
2025-04-16  6:39 ` [PATCH V10 11/15] rust: cpufreq: Add initial abstractions for cpufreq framework Viresh Kumar
2025-04-16  9:14   ` Danilo Krummrich
2025-04-16  9:37     ` Viresh Kumar
2025-04-16 12:25       ` Danilo Krummrich [this message]
2025-04-17  8:34         ` Viresh Kumar
2025-04-17  8:00       ` Benno Lossin
2025-04-17  8:08         ` Viresh Kumar
2025-04-16  6:39 ` [PATCH V10 12/15] rust: cpufreq: Extend abstractions for policy and driver ops Viresh Kumar
2025-04-16  6:39 ` [PATCH V10 13/15] rust: cpufreq: Extend abstractions for driver registration Viresh Kumar
2025-04-16  9:04   ` Danilo Krummrich
2025-04-16 10:17     ` Viresh Kumar
2025-04-16 10:59       ` Danilo Krummrich
2025-04-17  8:29         ` Viresh Kumar
2025-04-16  6:39 ` [PATCH V10 14/15] rust: opp: Extend OPP abstractions with cpufreq support Viresh Kumar
2025-04-16  8:52   ` Danilo Krummrich
2025-04-16  9:59     ` Viresh Kumar
2025-04-16 10:31       ` Miguel Ojeda
2025-04-16 10:40         ` Viresh Kumar
2025-04-16 10:47           ` Miguel Ojeda
2025-04-16 12:46       ` Danilo Krummrich
2025-04-16  6:39 ` [PATCH V10 15/15] cpufreq: Add Rust-based cpufreq-dt driver Viresh Kumar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Z_-hskVtNFPxUmlC@pollux \
    --to=dakr@kernel.org \
    --cc=a.hindborg@kernel.org \
    --cc=alex.bennee@linaro.org \
    --cc=alex.gaynor@gmail.com \
    --cc=aliceryhl@google.com \
    --cc=benno.lossin@proton.me \
    --cc=bjorn3_gh@protonmail.com \
    --cc=boqun.feng@gmail.com \
    --cc=bqe@google.com \
    --cc=dakr@redhat.com \
    --cc=gary@garyguo.net \
    --cc=joakim.bech@linaro.org \
    --cc=linux-clk@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-pm@vger.kernel.org \
    --cc=linux@armlinux.org.uk \
    --cc=linux@rasmusvillemoes.dk \
    --cc=manos.pitsidianakis@linaro.org \
    --cc=miguel.ojeda.sandonis@gmail.com \
    --cc=mturquette@baylibre.com \
    --cc=nm@ti.com \
    --cc=ojeda@kernel.org \
    --cc=rafael@kernel.org \
    --cc=robh@kernel.org \
    --cc=rust-for-linux@vger.kernel.org \
    --cc=sboyd@kernel.org \
    --cc=tmgross@umich.edu \
    --cc=vincent.guittot@linaro.org \
    --cc=viresh.kumar@linaro.org \
    --cc=yury.norov@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).