lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Z8GL-plbtphS62hl@pollux>
Date: Fri, 28 Feb 2025 11:12:10 +0100
From: Danilo Krummrich <dakr@...nel.org>
To: Alistair Popple <apopple@...dia.com>
Cc: Miguel Ojeda <miguel.ojeda.sandonis@...il.com>,
	gregkh@...uxfoundation.org, rafael@...nel.org, bhelgaas@...gle.com,
	ojeda@...nel.org, alex.gaynor@...il.com, boqun.feng@...il.com,
	gary@...yguo.net, bjorn3_gh@...tonmail.com, benno.lossin@...ton.me,
	tmgross@...ch.edu, a.hindborg@...sung.com, aliceryhl@...gle.com,
	airlied@...il.com, fujita.tomonori@...il.com, lina@...hilina.net,
	pstanner@...hat.com, ajanulgu@...hat.com, lyude@...hat.com,
	robh@...nel.org, daniel.almeida@...labora.com, saravanak@...gle.com,
	dirk.behme@...bosch.com, j@...nau.net, fabien.parent@...aro.org,
	chrisi.schrefl@...il.com, paulmck@...nel.org,
	rust-for-linux@...r.kernel.org, linux-kernel@...r.kernel.org,
	linux-pci@...r.kernel.org, devicetree@...r.kernel.org,
	rcu@...r.kernel.org
Subject: Re: [PATCH v7 07/16] rust: add `io::{Io, IoRaw}` base types

On Fri, Feb 28, 2025 at 04:29:04PM +1100, Alistair Popple wrote:
> On Thu, Feb 27, 2025 at 11:01:55AM +0100, Danilo Krummrich wrote:
> > On Thu, Feb 27, 2025 at 11:25:55AM +1100, Alistair Popple wrote:
> 
> > > To be honest I don't really understand the utility here because the compile-time
> > > check can't be a definitive check. You're always going to have to fallback to
> > > a run-time check because at least for PCI (and likely others) you can't know
> > > for at compile time if the IO region is big enough or matches the compile-time
> > > constraint.
> > 
> > That's not true, let me explain.
> > 
> > When you write a driver, you absolutely have to know the register layout. This
> > means that you also know what the minimum PCI bar size has to be for your driver
> > to work. If it would be smaller than what your driver expects, it can't function
> > anyways. In Rust we make use of this fact.
> > 
> > When you map  a PCI bar through `pdev.iomap_region_sized` you pass in a const
> > generic (`SIZE`) representing the *expected* PCI bar size. This can indeed fail
> > on run-time, but that's fine, as mentioned, if the bar is smaller than what your
> > driver expect, it's useless anyways.
> > 
> > If the call succeeds, it means that the actual PCI bar size is greater or equal
> > to `SIZE`. Since `SIZE` is known at compile time all subsequent I/O operations
> > can be boundary checked against `SIZE` at compile time, which additionally makes
> > the call infallible. This works for most I/O operations drivers do.
> 
> Argh! That's the piece I was missing - that this makes the IO call infallible
> and thus removes the need to write run-time error handling code. Sadly of course
> that's not actually true, because I/O operations can always fail for reasons
> other than what can be checked at compile time (eg. in particular PCI devices
> can fall off the bus and return all 0xF's). But I guess existing drivers don't
> really handle those cases either.

We handle this case too by giving out a Devres<pci::Bar> rather than just a
pci::Bar. The former gets revoked when the device falls off the bus.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ