lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <08b44fb5-1dad-4cc8-a843-85ac2fa6b7e9@samsung.com>
Date: Sat, 28 Jun 2025 16:59:57 +0200
From: Michal Wilczynski <m.wilczynski@...sung.com>
To: Danilo Krummrich <dakr@...nel.org>
Cc: Uwe Kleine-König <ukleinek@...nel.org>, Miguel Ojeda
	<ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, Boqun Feng
	<boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>,
	Björn Roy Baron <bjorn3_gh@...tonmail.com>, Andreas
	Hindborg <a.hindborg@...nel.org>, Alice Ryhl <aliceryhl@...gle.com>, Trevor
	Gross <tmgross@...ch.edu>, Drew Fustini <drew@...7.com>, Guo Ren
	<guoren@...nel.org>, Fu Wei <wefu@...hat.com>, Rob Herring
	<robh@...nel.org>, Krzysztof Kozlowski <krzk+dt@...nel.org>, Conor Dooley
	<conor+dt@...nel.org>, Paul Walmsley <paul.walmsley@...ive.com>, Palmer
	Dabbelt <palmer@...belt.com>, Albert Ou <aou@...s.berkeley.edu>, Alexandre
	Ghiti <alex@...ti.fr>, Marek Szyprowski <m.szyprowski@...sung.com>, Benno
	Lossin <lossin@...nel.org>, Michael Turquette <mturquette@...libre.com>,
	Stephen Boyd <sboyd@...nel.org>, linux-kernel@...r.kernel.org,
	linux-pwm@...r.kernel.org, rust-for-linux@...r.kernel.org,
	linux-riscv@...ts.infradead.org, devicetree@...r.kernel.org,
	linux-clk@...r.kernel.org
Subject: Re: [PATCH v5 2/9] rust: pwm: Add core 'Device' and 'Chip' object
 wrappers



On 6/27/25 14:12, Danilo Krummrich wrote:
> On Mon, Jun 23, 2025 at 08:08:50PM +0200, Michal Wilczynski wrote:
>> +    /// Gets the *typed* driver-specific data associated with this chip's embedded device.
>> +    pub fn drvdata<T: 'static>(&self) -> &T {
>> +        // SAFETY: `self.as_raw()` gives a valid pwm_chip pointer.
>> +        // `bindings::pwmchip_get_drvdata` is the C function to retrieve driver data.
>> +        let ptr = unsafe { bindings::pwmchip_get_drvdata(self.as_raw()) };
>> +
>> +        // SAFETY: The only way to create a chip is through Chip::new, which initializes
>> +        // this pointer.
>> +        unsafe { &*ptr.cast::<T>() }
>> +    }
>> +
>> +    /// Sets the *typed* driver-specific data associated with this chip's embedded device.
>> +    pub fn set_drvdata<T: 'static + ForeignOwnable>(&self, data: T) {
>> +        // SAFETY: `self.as_raw()` gives a valid pwm_chip pointer.
>> +        // `bindings::pwmchip_set_drvdata` is the C function to set driver data.
>> +        // `data.into_foreign()` provides a valid `*mut c_void`.
>> +        unsafe { bindings::pwmchip_set_drvdata(self.as_raw(), data.into_foreign().cast()) }
>> +    }
> 
> I think this is unsound, e.g. what happens if someone calls set_drvdata() twice?
> Then you leak the ForeignOwnable from the first call.
> 
> Anyways, this does not need to be public, you should just call
> bindings::pwmchip_set_drvdata() once in Self::new().
> 
> Please also see [1], where I introduce generic accessors for drvdata for Device.

Thanks, it would be a great idea to update the code after below patchset
is merged.

> 
> [1] https://lore.kernel.org/lkml/20250621195118.124245-3-dakr@kernel.org/
> 
>> +    /// Allocates and wraps a PWM chip using `bindings::pwmchip_alloc`.
>> +    ///
>> +    /// Returns an [`ARef<Chip>`] managing the chip's lifetime via refcounting
>> +    /// on its embedded `struct device`.
>> +    pub fn new<T: 'static + ForeignOwnable>(
>> +        parent_dev: &device::Device,
>> +        npwm: u32,
>> +        sizeof_priv: usize,
>> +	drvdata: T,
>> +    ) -> Result<ARef<Self>> {
>> +        // SAFETY: `parent_device_for_dev_field.as_raw()` is valid.
>> +        // `bindings::pwmchip_alloc` returns a valid `*mut bindings::pwm_chip` (refcount 1)
>> +        // or an ERR_PTR.
>> +        let c_chip_ptr_raw =
>> +            unsafe { bindings::pwmchip_alloc(parent_dev.as_raw(), npwm, sizeof_priv) };
>> +
>> +        let c_chip_ptr: *mut bindings::pwm_chip = error::from_err_ptr(c_chip_ptr_raw)?;
>> +
>> +        // Cast the `*mut bindings::pwm_chip` to `*mut Chip`. This is valid because
>> +        // `Chip` is `repr(transparent)` over `Opaque<bindings::pwm_chip>`, and
>> +        // `Opaque<T>` is `repr(transparent)` over `T`.
>> +        let chip_ptr_as_self = c_chip_ptr.cast::<Self>();
>> +
>> +	// SAFETY: The pointer is valid, so we can create a temporary ref to set data.
>> +        let chip_ref = unsafe { &*chip_ptr_as_self };
>> +        chip_ref.set_drvdata(drvdata);
>> +
>> +        // SAFETY: `chip_ptr_as_self` points to a valid `Chip` (layout-compatible with
>> +        // `bindings::pwm_chip`) whose embedded device has refcount 1.
>> +        // `ARef::from_raw` takes this pointer and manages it via `AlwaysRefCounted`.
>> +        Ok(unsafe { ARef::from_raw(NonNull::new_unchecked(chip_ptr_as_self)) })
>> +    }
>> +}
> 

Best regards,
-- 
Michal Wilczynski <m.wilczynski@...sung.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ