lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250913171357.GA1551194@joelbox2>
Date: Sat, 13 Sep 2025 13:13:57 -0400
From: Joel Fernandes <joelagnelf@...dia.com>
To: Danilo Krummrich <dakr@...nel.org>
Cc: Alexandre Courbot <acourbot@...dia.com>,
	Miguel Ojeda <ojeda@...nel.org>,
	Alex Gaynor <alex.gaynor@...il.com>,
	Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>,
	Björn Roy Baron <bjorn3_gh@...tonmail.com>,
	Benno Lossin <lossin@...nel.org>,
	Andreas Hindborg <a.hindborg@...nel.org>,
	Alice Ryhl <aliceryhl@...gle.com>, Trevor Gross <tmgross@...ch.edu>,
	David Airlie <airlied@...il.com>, Simona Vetter <simona@...ll.ch>,
	Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
	Maxime Ripard <mripard@...nel.org>,
	Thomas Zimmermann <tzimmermann@...e.de>,
	John Hubbard <jhubbard@...dia.com>,
	Alistair Popple <apopple@...dia.com>, Timur Tabi <ttabi@...dia.com>,
	rust-for-linux@...r.kernel.org, linux-kernel@...r.kernel.org,
	nouveau@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org
Subject: Re: [PATCH v5 02/12] gpu: nova-core: move GSP boot code to a
 dedicated method

On Sat, Sep 13, 2025 at 03:30:31PM +0200, Danilo Krummrich wrote:
> On Sat Sep 13, 2025 at 3:02 AM CEST, Joel Fernandes wrote:
> > Any chance we can initialize the locks later? We don't need locking until
> > after the boot process is completed, and if there's a way we can dynamically
> > "pin", where we hypothetically pin after the boot process completed, that
> > might also work. Though I am not sure if that's something possible in
> > Rust/rust4linux or if it makes sense.
> 
> We can't partially initialize structures and then rely on accessing initialized
> data only.

Yet, that is exactly what the pin initialization sequence block does? The
whole structure is not initialized yet you need access to already initialized
fields.

> This is one of the sources for memory bugs that Rust tries to solve.
> You can wrap fields into Option types and initialize them later, which would
> defer pin-init calls for the price of having Option fields around.

I am not denying the need for pinning. Also regarding Option, just thinking
out loud but if something is optional temporary, maybe needing a new type
like TempOption, and promote it to a non-option type later, I am not seeing
that as completely outside the world, if there is a legitimate usecase that
needs to be Option temporarily, but not later, what's wrong with that? It is
"Optional" for the timebeing, but not later.

> However, we should never do such things. If there's the necessity to do
> something like that, it indicates a design issue.
> 
> In this case, there's no problem, we can use pin-init without any issues right
> away, and should do so.
> 
> pin-init is going to be an essential part of *every* Rust driver given that a
> lot of the C infrastruture that we abstract requires pinned initialization, such
> as locks and other synchronization primitives.

To be honest, the pinning concept seems like an after thought for such a
fundamental thing that we need, requiring additional macros, and bandaids on
top of the language itself, to make it work for the kernel. I am not alone in
that opinion. This should be first-class in a (systems) language, built into
the language itself? I am talking about the whole pin initialization,
accessing fields dances, etc.

Also I am concerned that overusage of pinning defeats a lot of optimizations
that Rust may be able to perform, especially forcefully pinning stuff that
does not need all to be pinned (except to satisfy paranoia), thus generating
suboptimal code gen. Not only does it require redesign and concerns over
accesses to un-initialized fields, like we saw in the last 2-3 weeks, it also
forces people into that when maybe there is a chance that underlying
structures do not need to be pinned at all (for some usecases).

These are just my opinions.

thanks,

 - Joel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ