From: Alyssa Rosenzweig <alyssa@rosenzweig.io>
To: Danilo Krummrich <dakr@kernel.org>
Cc: airlied@gmail.com, simona@ffwll.ch,
maarten.lankhorst@linux.intel.com, mripard@kernel.org,
tzimmermann@suse.de, lyude@redhat.com, lina@asahilina.net,
daniel.almeida@collabora.com, j@jannau.net, ojeda@kernel.org,
alex.gaynor@gmail.com, boqun.feng@gmail.com, gary@garyguo.net,
bjorn3_gh@protonmail.com, benno.lossin@proton.me,
a.hindborg@kernel.org, aliceryhl@google.com, tmgross@umich.edu,
dri-devel@lists.freedesktop.org, rust-for-linux@vger.kernel.org
Subject: Re: [PATCH v2 2/8] rust: drm: ioctl: Add DRM ioctl abstraction
Date: Mon, 14 Apr 2025 09:54:59 -0400 [thread overview]
Message-ID: <Z_0Ts6Tj6NeaDBo0@blossom> (raw)
In-Reply-To: <20250410235546.43736-3-dakr@kernel.org>
+/// `user_callback` should have the following prototype:
+///
+/// ```ignore
+/// fn foo(device: &kernel::drm::Device<Self>,
+/// data: &mut bindings::argument_type,
+/// file: &kernel::drm::File<Self::File>,
+/// )
Needs to be `-> Result<u32>`, please update
> + // SAFETY: This is just the ioctl argument, which hopefully has the
> + // right type (we've done our best checking the size).
"hopefully" in a SAFETY comment raises eyebrows!
The argument has the right type /by definition/ once we know the ioctl
name and the size. If userspace passes the wrong type, that's not our
problem - we're still doing the right cast from the perspective of the
kernel. It's up to the driver to reject bogus values.
Maybe something like
SAFETY: The ioctl argument has size _IOC_SIZE(cmd), which we
asserted above matches the size of this type, and all bit patterns of
UAPI structs must be valid.
This also documents the actual safety invariant we're relying on (that
all bit patterns must be valid... which is "obvious" for correct uapis
but not true for eg repr(Rust)!)
> + Ok(i) => i.try_into()
> + .unwrap_or($crate::error::code::ERANGE.to_errno()),
It would be great if we could statically guarantee that the types will
fit to avoid this error path (i.e. static assert that the handler
returns Result<u32> and sizeof(u32) <= sizeof(ffi:c_int)). But I don't
know how to do that in Rust so no action required unless you have a
better idea ;)
---
Anyway, with those two comments updated, this patch is
Reviewed-by: Alyssa Rosenzweig <alyssa@rosenzweig.io>
Thanks!
next prev parent reply other threads:[~2025-04-14 13:55 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-10 23:55 [PATCH v2 0/8] DRM Rust abstractions Danilo Krummrich
2025-04-10 23:55 ` [PATCH v2 1/8] drm: drv: implement __drm_dev_alloc() Danilo Krummrich
2025-04-14 13:27 ` Alyssa Rosenzweig
2025-04-18 21:00 ` Lyude Paul
2025-04-10 23:55 ` [PATCH v2 2/8] rust: drm: ioctl: Add DRM ioctl abstraction Danilo Krummrich
2025-04-14 13:54 ` Alyssa Rosenzweig [this message]
2025-04-18 21:03 ` Lyude Paul
2025-04-10 23:55 ` [PATCH v2 3/8] rust: drm: add driver abstractions Danilo Krummrich
2025-04-14 14:00 ` Alyssa Rosenzweig
2025-04-18 21:06 ` Lyude Paul
2025-04-10 23:55 ` [PATCH v2 4/8] rust: drm: add device abstraction Danilo Krummrich
2025-04-14 14:07 ` Alyssa Rosenzweig
2025-04-17 18:53 ` Lyude Paul
2025-04-17 20:20 ` Danilo Krummrich
2025-04-10 23:55 ` [PATCH v2 5/8] rust: drm: add DRM driver registration Danilo Krummrich
2025-04-14 14:11 ` Alyssa Rosenzweig
2025-04-18 21:12 ` Lyude Paul
2025-04-10 23:55 ` [PATCH v2 6/8] rust: drm: file: Add File abstraction Danilo Krummrich
2025-04-14 14:28 ` Alyssa Rosenzweig
2025-04-18 21:15 ` Lyude Paul
2025-04-10 23:55 ` [PATCH v2 7/8] rust: drm: gem: Add GEM object abstraction Danilo Krummrich
2025-04-14 15:07 ` Alyssa Rosenzweig
2025-04-17 18:42 ` Lyude Paul
2025-04-17 20:31 ` Danilo Krummrich
2025-04-17 22:33 ` Lyude Paul
2025-04-18 5:31 ` Danilo Krummrich
2025-05-12 11:41 ` Miguel Ojeda
2025-05-12 11:48 ` Miguel Ojeda
2025-05-12 12:09 ` Danilo Krummrich
2025-05-12 12:38 ` Miguel Ojeda
2025-04-10 23:55 ` [PATCH v2 8/8] MAINTAINERS: add DRM Rust source files to DRM DRIVERS Danilo Krummrich
2025-04-14 15:08 ` Alyssa Rosenzweig
2025-04-18 21:16 ` [PATCH v2 0/8] DRM Rust abstractions Lyude Paul
2025-04-24 13:59 ` Danilo Krummrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z_0Ts6Tj6NeaDBo0@blossom \
--to=alyssa@rosenzweig.io \
--cc=a.hindborg@kernel.org \
--cc=airlied@gmail.com \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=daniel.almeida@collabora.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=gary@garyguo.net \
--cc=j@jannau.net \
--cc=lina@asahilina.net \
--cc=lyude@redhat.com \
--cc=maarten.lankhorst@linux.intel.com \
--cc=mripard@kernel.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=simona@ffwll.ch \
--cc=tmgross@umich.edu \
--cc=tzimmermann@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).