| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aD3jRbuxc0NQt6MC@pollux>
Date: Mon, 2 Jun 2025 19:45:41 +0200
From: Danilo Krummrich <dakr@...nel.org>
To: Daniel Almeida <daniel.almeida@...labora.com>
Cc: Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>,
Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>,
Björn Roy Baron <bjorn3_gh@...tonmail.com>,
Benno Lossin <benno.lossin@...ton.me>,
Andreas Hindborg <a.hindborg@...nel.org>,
Alice Ryhl <aliceryhl@...gle.com>, Trevor Gross <tmgross@...ch.edu>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"Rafael J. Wysocki" <rafael@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>, linux-kernel@...r.kernel.org,
rust-for-linux@...r.kernel.org
Subject: Re: [PATCH v3 2/2] rust: platform: add irq accessors
On Mon, Jun 02, 2025 at 11:56:28AM -0300, Daniel Almeida wrote:
> Hi Danilo,
>
> […]
>
> >> +
> >> + /// Same as [`Self::irq_by_name`] but does not print an error message if an IRQ
> >> + /// cannot be obtained.
> >> + pub fn optional_irq_by_name(&self, name: &CStr) -> Result<u32> {
> >> + // SAFETY: `self.as_raw` returns a valid pointer to a `struct platform_device`.
> >> + let res = unsafe {
> >> + bindings::platform_get_irq_byname_optional(self.as_raw(), name.as_char_ptr())
> >> + };
> >> +
> >> + if res < 0 {
> >> + return Err(Error::from_errno(res));
> >> + }
> >> +
> >> + Ok(res as u32)
> >> + }
> >
> > I don't like the indirection of claiming a u32 representing the IRQ number from
> > a bus device and stuffing it into an irq::Registration.
> >
> > It would be better we we'd make it impossible (or at least harder) for a driver
> > to pass the wrong number to irq::Registration.
> >
> > I see two options:
> >
> > 1) Make the platform::Device accessors themselves return an
> > irq::Registration.
> >
> > 2) Make the platform::Device accessors return some kind of transparent cookie,
> > that drivers can't create themselves that can be fed into the
> > irq::Registration.
> >
> > My preference would be 1) if there's no major ergonomic issue with that.
>
> Isn’t 1 way more cluttered?
I don't think so, your irq::Registration::register() function needs a reference
to the registering device anyways.
And given that, now that I think about it, it even has to be this way.
Otherwise, I could provide irq::Registration::register() an IRQ number that does
not belong to the bus device that is passed into irq::Registration::register().
So, irq::Registration::register() even needs to be unsafe, with the safety
requirement that the IRQ number must belong to the corresponding device and
should be wrapped by bus device abstractions providing the safe driver API.
> That's because the accessors would have to forward all of the arguments (i.e.:
> currently 4) to register().
It's only the additional arguments below, which you can also wrap in an
irq::Args structure to keep things cleaner. :)
+ flags: Flags,
+ name: &'static CStr,
+ handler: T,
Powered by blists - more mailing lists