From: Danilo Krummrich <dakr@kernel.org>
To: Viresh Kumar <viresh.kumar@linaro.org>
Cc: "Rafael J. Wysocki" <rafael@kernel.org>,
"Miguel Ojeda" <miguel.ojeda.sandonis@gmail.com>,
"Danilo Krummrich" <dakr@redhat.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <benno.lossin@proton.me>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
linux-pm@vger.kernel.org,
"Vincent Guittot" <vincent.guittot@linaro.org>,
"Stephen Boyd" <sboyd@kernel.org>, "Nishanth Menon" <nm@ti.com>,
rust-for-linux@vger.kernel.org,
"Manos Pitsidianakis" <manos.pitsidianakis@linaro.org>,
"Alex Bennée" <alex.bennee@linaro.org>,
"Joakim Bech" <joakim.bech@linaro.org>,
"Rob Herring" <robh@kernel.org>,
"Yury Norov" <yury.norov@gmail.com>,
"Burak Emir" <bqe@google.com>,
"Rasmus Villemoes" <linux@rasmusvillemoes.dk>,
"Russell King" <linux@armlinux.org.uk>,
linux-clk@vger.kernel.org,
"Michael Turquette" <mturquette@baylibre.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH V10 11/15] rust: cpufreq: Add initial abstractions for cpufreq framework
Date: Wed, 16 Apr 2025 11:14:08 +0200 [thread overview]
Message-ID: <Z_904KuBhKbO738_@pollux> (raw)
In-Reply-To: <ac6854885277b23f100c6033fab51a080cdb70eb.1744783509.git.viresh.kumar@linaro.org>
On Wed, Apr 16, 2025 at 12:09:28PM +0530, Viresh Kumar wrote:
> +/// CPU frequency table.
> +///
> +/// Rust abstraction for the C `struct cpufreq_frequency_table`.
> +///
> +/// # Invariants
> +///
> +/// A [`Table`] instance always corresponds to a valid C `struct cpufreq_frequency_table`.
> +///
> +/// The callers must ensure that the `struct cpufreq_frequency_table` is valid for access and
> +/// remains valid for the lifetime of the returned reference.
> +///
> +/// ## Examples
> +///
> +/// The following example demonstrates how to read a frequency value from [`Table`].
> +///
> +/// ```
> +/// use kernel::cpufreq::Policy;
> +///
> +/// fn show_freq(policy: &Policy) {
> +/// let table = policy.freq_table().unwrap();
> +///
> +/// // SAFETY: The index values passed are correct.
> +/// unsafe {
> +/// pr_info!("The frequency at index 0 is: {:?}\n", table.freq(0).unwrap());
> +/// pr_info!("The flags at index 0 is: {}\n", table.flags(0));
> +/// pr_info!("The data at index 0 is: {}\n", table.data(0));
> +/// }
> +/// }
> +/// ```
> +#[allow(dead_code)]
Why is this needed?
> +#[repr(transparent)]
> +pub struct Table(Opaque<bindings::cpufreq_frequency_table>);
> +
> +impl Table {
> + /// Creates a reference to an existing C `struct cpufreq_frequency_table` pointer.
> + ///
> + /// # Safety
> + ///
> + /// The caller must ensure that `ptr` is valid for reading and remains valid for the lifetime
> + /// of the returned reference.
> + #[inline]
> + pub unsafe fn from_raw<'a>(ptr: *const bindings::cpufreq_frequency_table) -> &'a Self {
> + // SAFETY: Guaranteed by the safety requirements of the function.
> + //
> + // INVARIANT: The caller ensures that `ptr` is valid for reading and remains valid for the
> + // lifetime of the returned reference.
> + unsafe { &*ptr.cast() }
> + }
> +
> + /// Returns the raw mutable pointer to the C `struct cpufreq_frequency_table`.
> + #[inline]
> + pub fn as_raw(&self) -> *mut bindings::cpufreq_frequency_table {
> + let this: *const Self = self;
> + this.cast_mut().cast()
> + }
> +
> + /// Returns frequency at `index` in the [`Table`].
> + ///
> + /// # Safety
> + ///
> + /// The caller must ensure that `index` corresponds to a valid table entry.
> + #[inline]
> + pub unsafe fn freq(&self, index: usize) -> Result<Hertz> {
> + // SAFETY: By the type invariant, the pointer stored in `self` is valid and `index` is
> + // guaranteed to be valid by the safety requirements of the function.
> + Ok(Hertz::from_khz(unsafe {
> + (*self.as_raw().add(index)).frequency.try_into()?
> + }))
> + }
> +
> + /// Returns flags at `index` in the [`Table`].
> + ///
> + /// # Safety
> + ///
> + /// The caller must ensure that `index` corresponds to a valid table entry.
> + #[inline]
> + pub unsafe fn flags(&self, index: usize) -> u32 {
> + // SAFETY: By the type invariant, the pointer stored in `self` is valid and `index` is
> + // guaranteed to be valid by the safety requirements of the function.
> + unsafe { (*self.as_raw().add(index)).flags }
> + }
> +
> + /// Returns data at `index` in the [`Table`].
> + ///
> + /// # Safety
> + ///
> + /// The caller must ensure that `index` corresponds to a valid table entry.
> + #[inline]
> + pub unsafe fn data(&self, index: usize) -> u32 {
> + // SAFETY: By the type invariant, the pointer stored in `self` is valid and `index` is
> + // guaranteed to be valid by the safety requirements of the function.
> + unsafe { (*self.as_raw().add(index)).driver_data }
> + }
Those three functions above look like they're supposed to be used directly by
drivers, but are unsafe. :(
It looks like the reason for them being unsafe is that with only the pointer to
the struct cpufreq_frequency_table array we don't know the length of the array.
However, a Table instance seems to come from TableBox, which *does* know the
length of the KVec<bindings::cpufreq_frequency_table>. Why can't we just preserve the
length and provide a safe API?
> +}
> +
> +/// CPU frequency table owned and pinned in memory, created from a [`TableBuilder`].
> +pub struct TableBox {
> + #[allow(dead_code)]
Why?
next prev parent reply other threads:[~2025-04-16 9:14 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-16 6:39 [PATCH V10 00/15] Rust abstractions for clk, cpumask, cpufreq, OPP Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 01/15] rust: cpumask: Add few more helpers Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 02/15] rust: cpumask: Add initial abstractions Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 03/15] MAINTAINERS: Add entry for Rust cpumask API Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 04/15] rust: clk: Add helpers for Rust code Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 05/15] rust: clk: Add initial abstractions Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 06/15] rust: macros: enable use of hyphens in module names Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 07/15] rust: cpu: Add from_cpu() Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 08/15] rust: opp: Add initial abstractions for OPP framework Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 09/15] rust: opp: Add abstractions for the OPP table Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 10/15] rust: opp: Add abstractions for the configuration options Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 11/15] rust: cpufreq: Add initial abstractions for cpufreq framework Viresh Kumar
2025-04-16 9:14 ` Danilo Krummrich [this message]
2025-04-16 9:37 ` Viresh Kumar
2025-04-16 12:25 ` Danilo Krummrich
2025-04-17 8:34 ` Viresh Kumar
2025-04-17 8:00 ` Benno Lossin
2025-04-17 8:08 ` Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 12/15] rust: cpufreq: Extend abstractions for policy and driver ops Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 13/15] rust: cpufreq: Extend abstractions for driver registration Viresh Kumar
2025-04-16 9:04 ` Danilo Krummrich
2025-04-16 10:17 ` Viresh Kumar
2025-04-16 10:59 ` Danilo Krummrich
2025-04-17 8:29 ` Viresh Kumar
2025-04-16 6:39 ` [PATCH V10 14/15] rust: opp: Extend OPP abstractions with cpufreq support Viresh Kumar
2025-04-16 8:52 ` Danilo Krummrich
2025-04-16 9:59 ` Viresh Kumar
2025-04-16 10:31 ` Miguel Ojeda
2025-04-16 10:40 ` Viresh Kumar
2025-04-16 10:47 ` Miguel Ojeda
2025-04-16 12:46 ` Danilo Krummrich
2025-04-16 6:39 ` [PATCH V10 15/15] cpufreq: Add Rust-based cpufreq-dt driver Viresh Kumar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z_904KuBhKbO738_@pollux \
--to=dakr@kernel.org \
--cc=a.hindborg@kernel.org \
--cc=alex.bennee@linaro.org \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=bqe@google.com \
--cc=dakr@redhat.com \
--cc=gary@garyguo.net \
--cc=joakim.bech@linaro.org \
--cc=linux-clk@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=linux@rasmusvillemoes.dk \
--cc=manos.pitsidianakis@linaro.org \
--cc=miguel.ojeda.sandonis@gmail.com \
--cc=mturquette@baylibre.com \
--cc=nm@ti.com \
--cc=ojeda@kernel.org \
--cc=rafael@kernel.org \
--cc=robh@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=sboyd@kernel.org \
--cc=tmgross@umich.edu \
--cc=vincent.guittot@linaro.org \
--cc=viresh.kumar@linaro.org \
--cc=yury.norov@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).