lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <53D76D55-81EA-46F5-B125-B85BB9AFE269@collabora.com>
Date: Fri, 9 May 2025 18:47:46 -0300
From: Daniel Almeida <daniel.almeida@...labora.com>
To: Lyude Paul <lyude@...hat.com>
Cc: dri-devel@...ts.freedesktop.org,
 linux-kernel@...r.kernel.org,
 rust-for-linux@...r.kernel.org,
 Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
 Maxime Ripard <mripard@...nel.org>,
 Thomas Zimmermann <tzimmermann@...e.de>,
 David Airlie <airlied@...il.com>,
 Simona Vetter <simona@...ll.ch>,
 Miguel Ojeda <ojeda@...nel.org>,
 Alex Gaynor <alex.gaynor@...il.com>,
 Boqun Feng <boqun.feng@...il.com>,
 Gary Guo <gary@...yguo.net>,
 Björn Roy Baron <bjorn3_gh@...tonmail.com>,
 Benno Lossin <benno.lossin@...ton.me>,
 Andreas Hindborg <a.hindborg@...nel.org>,
 Alice Ryhl <aliceryhl@...gle.com>,
 Trevor Gross <tmgross@...ch.edu>,
 Danilo Krummrich <dakr@...nel.org>,
 Alyssa Rosenzweig <alyssa@...enzweig.io>,
 Asahi Lina <lina@...hilina.net>
Subject: Re: [PATCH 4/4] rust: drm: gem: Implement AlwaysRefCounted for all
 gem objects automatically

Hi Lyude,

> On 1 May 2025, at 15:33, Lyude Paul <lyude@...hat.com> wrote:
> 
> Currently we are requiring AlwaysRefCounted in most trait bounds for gem
> objects, and implementing it by hand for our only current type of gem
> object. However, all gem objects use the same functions for reference
> counting - and all gem objects support reference counting.
> 
> We're planning on adding support for shmem gem objects, let's move this
> around a bit by instead making IntoGEMObject require AlwaysRefCounted as a
> trait bound, and then provide a blanket AlwaysRefCounted implementation for
> any object that implements IntoGEMObject so all gem object types can use
> the same AlwaysRefCounted implementation. This also makes things less
> verbose by making the AlwaysRefCounted trait bound implicit for any
> IntoGEMObject bound.
> 
> Signed-off-by: Lyude Paul <lyude@...hat.com>
> ---
> rust/kernel/drm/gem/mod.rs | 47 +++++++++++++++++++-------------------
> 1 file changed, 24 insertions(+), 23 deletions(-)
> 
> diff --git a/rust/kernel/drm/gem/mod.rs b/rust/kernel/drm/gem/mod.rs
> index 55b2f1d056c39..929f6c9718362 100644
> --- a/rust/kernel/drm/gem/mod.rs
> +++ b/rust/kernel/drm/gem/mod.rs
> @@ -10,7 +10,7 @@
>     drm::driver::{AllocImpl, AllocOps},
>     error::{to_result, Result},
>     prelude::*,
> -    types::{ARef, Opaque},
> +    types::{ARef, AlwaysRefCounted, Opaque},
> };
> use core::{mem, ops::Deref, ptr, ptr::NonNull};
> 
> @@ -36,7 +36,7 @@ fn close(
> }
> 
> /// Trait that represents a GEM object subtype
> -pub trait IntoGEMObject: Sized + super::private::Sealed {
> +pub trait IntoGEMObject: Sized + super::private::Sealed + AlwaysRefCounted {
>     /// Owning driver for this type
>     type Driver: drm::Driver;
> 
> @@ -52,6 +52,26 @@ pub trait IntoGEMObject: Sized + super::private::Sealed {
>     unsafe fn as_ref<'a>(self_ptr: *mut bindings::drm_gem_object) -> &'a Self;
> }
> 
> +// SAFETY: All gem objects are refcounted.
> +unsafe impl<T: IntoGEMObject> AlwaysRefCounted for T {
> +    fn inc_ref(&self) {
> +        // SAFETY: The existence of a shared reference guarantees that the refcount is non-zero.
> +        unsafe { bindings::drm_gem_object_get(self.as_gem_obj()) };
> +    }
> +
> +    unsafe fn dec_ref(obj: NonNull<Self>) {
> +        // SAFETY: We either hold the only refcount on `obj`, or one of many - meaning that no one
> +        // else could possibly hold a mutable reference to `obj` and thus this immutable reference
> +        // is safe.
> +        let obj = unsafe { obj.as_ref() }.as_gem_obj();
> +
> +        // SAFETY:
> +        // - The safety requirements guarantee that the refcount is non-zero.
> +        // - We hold no references to `obj` now, making it safe for us to potentially deallocate it.
> +        unsafe { bindings::drm_gem_object_put(obj) };
> +    }
> +}
> +
> /// Trait which must be implemented by drivers using base GEM objects.
> pub trait DriverObject: BaseDriverObject<Object<Self>> {
>     /// Parent `Driver` for this object.
> @@ -110,10 +130,7 @@ unsafe fn as_ref<'a>(self_ptr: *mut bindings::drm_gem_object) -> &'a Self {
> }
> 
> /// Base operations shared by all GEM object classes
> -pub trait BaseObject
> -where
> -    Self: crate::types::AlwaysRefCounted + IntoGEMObject,
> -{
> +pub trait BaseObject: IntoGEMObject {
>     /// Returns the size of the object in bytes.
>     fn size(&self) -> usize {
>         // SAFETY: `self.into_gem_obj()` is guaranteed to be a pointer to a valid `struct
> @@ -175,7 +192,7 @@ fn create_mmap_offset(&self) -> Result<u64> {
>     }
> }
> 
> -impl<T> BaseObject for T where Self: crate::types::AlwaysRefCounted + IntoGEMObject {}
> +impl<T: IntoGEMObject> BaseObject for T {}
> 
> /// A base GEM object.
> ///
> @@ -269,22 +286,6 @@ extern "C" fn free_callback(obj: *mut bindings::drm_gem_object) {
>     }
> }
> 
> -// SAFETY: Instances of `Object<T>` are always reference-counted.
> -unsafe impl<T: DriverObject> crate::types::AlwaysRefCounted for Object<T> {
> -    fn inc_ref(&self) {
> -        // SAFETY: The existence of a shared reference guarantees that the refcount is non-zero.
> -        unsafe { bindings::drm_gem_object_get(self.as_raw()) };
> -    }
> -
> -    unsafe fn dec_ref(obj: NonNull<Self>) {
> -        // SAFETY: `obj` is a valid pointer to an `Object<T>`.
> -        let obj = unsafe { obj.as_ref() };
> -
> -        // SAFETY: The safety requirements guarantee that the refcount is non-zero.
> -        unsafe { bindings::drm_gem_object_put(obj.as_raw()) }
> -    }
> -}
> -
> impl<T: DriverObject> super::private::Sealed for Object<T> {}
> 
> impl<T: DriverObject> Deref for Object<T> {
> -- 
> 2.48.1
> 
> 

Reviewed-by: Daniel Almeida <daniel.almeida@...labora.com>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ