| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <09296628-B3CB-42EE-9FF3-D18FCCE41335@collabora.com>
Date: Fri, 19 Dec 2025 08:50:06 -0300
From: Daniel Almeida <daniel.almeida@...labora.com>
To: Alice Ryhl <aliceryhl@...gle.com>
Cc: Miguel Ojeda <ojeda@...nel.org>,
Will Deacon <will@...nel.org>,
Boris Brezillon <boris.brezillon@...labora.com>,
Robin Murphy <robin.murphy@....com>,
Jason Gunthorpe <jgg@...pe.ca>,
Boqun Feng <boqun.feng@...il.com>,
Gary Guo <gary@...yguo.net>,
Björn Roy Baron <bjorn3_gh@...tonmail.com>,
Benno Lossin <lossin@...nel.org>,
Andreas Hindborg <a.hindborg@...nel.org>,
Trevor Gross <tmgross@...ch.edu>,
Danilo Krummrich <dakr@...nel.org>,
Joerg Roedel <joro@...tes.org>,
Lorenzo Stoakes <lorenzo.stoakes@...cle.com>,
"Liam R. Howlett" <Liam.Howlett@...cle.com>,
Asahi Lina <lina+kernel@...hilina.net>,
linux-kernel@...r.kernel.org,
rust-for-linux@...r.kernel.org,
iommu@...ts.linux.dev,
linux-mm@...ck.org
Subject: Re: [PATCH v4] io: add io_pgtable abstraction
> On 19 Dec 2025, at 08:43, Alice Ryhl <aliceryhl@...gle.com> wrote:
>
> On Fri, Dec 19, 2025 at 08:04:17AM -0300, Daniel Almeida wrote:
>> Hi Alice,
>>
>>> On 19 Dec 2025, at 07:50, Alice Ryhl <aliceryhl@...gle.com> wrote:
>>>
>>> From: Asahi Lina <lina+kernel@...hilina.net>
>>>
>>> This will be used by the Tyr driver to create and modify the page table
>>> of each address space on the GPU. Each time a mapping gets created or
>>> removed by userspace, Tyr will call into GPUVM, which will figure out
>>> which calls to map_pages and unmap_pages are required to map the data in
>>> question in the page table so that the GPU may access those pages when
>>> using that address space.
>>>
>>> The Rust type wraps the struct using a raw pointer rather than the usual
>>> Opaque+ARef approach because Opaque+ARef requires the target type to be
>>> refcounted.
>>>
>>> Signed-off-by: Asahi Lina <lina+kernel@...hilina.net>
>>> Acked-by: Boris Brezillon <boris.brezillon@...labora.com>
>>> Co-developed-by: Alice Ryhl <aliceryhl@...gle.com>
>>> Signed-off-by: Alice Ryhl <aliceryhl@...gle.com>
>
>>> +/// An io page table using a specific format.
>>> +///
>>> +/// # Invariants
>>> +///
>>> +/// The pointer references a valid io page table.
>>> +pub struct IoPageTable<F: IoPageTableFmt> {
>>> + ptr: NonNull<bindings::io_pgtable_ops>,
>>> + _marker: PhantomData<F>,
>>> +}
>>> +
>>> +// SAFETY: `struct io_pgtable_ops` is not restricted to a single thread.
>>> +unsafe impl<F: IoPageTableFmt> Send for IoPageTable<F> {}
>>> +// SAFETY: `struct io_pgtable_ops` may be accessed concurrently.
>>> +unsafe impl<F: IoPageTableFmt> Sync for IoPageTable<F> {}
>>> +
>>> +/// The format used by this page table.
>>> +pub trait IoPageTableFmt: 'static {
>>> + /// The value representing this format.
>>> + const FORMAT: io_pgtable_fmt;
>>> +}
>>> +
>>> +impl<F: IoPageTableFmt> IoPageTable<F> {
>>
>> I don’t see a reason to keep struct Foo and impl Foo separate.
>>
>> IMHO, these should always be together, as the first thing one wants
>> to read after a type declaration is its implementation.
>
> I thought it was pretty natural like this. First we describe the page
> table, then we say it's thread safe, then we describe that a page table
> must specify a FORMAT, then we describe that it has a constructor,
> then we say you can map pages, etc. etc.
Right, this is more a personal preference thing anyways. Fine with me if you
want to keep it like this.
>
>>> + /// Create a new `IoPageTable` as a device resource.
>>> + #[inline]
>>> + pub fn new(
>>> + dev: &Device<Bound>,
>>> + config: Config,
>>> + ) -> impl PinInit<Devres<IoPageTable<F>>, Error> + '_ {
>>> + // SAFETY: Devres ensures that the value is dropped during device unbind.
>>> + Devres::new(dev, unsafe { Self::new_raw(dev, config) })
>>> + }
>>> +
>>> + /// Create a new `IoPageTable`.
>>> + ///
>>> + /// # Safety
>>> + ///
>>> + /// If successful, then the returned value must be dropped before the device is unbound.
>>> + #[inline]
>>> + pub unsafe fn new_raw(dev: &Device<Bound>, config: Config) -> Result<IoPageTable<F>> {
>>> + let mut raw_cfg = bindings::io_pgtable_cfg {
>>> + quirks: config.quirks,
>>> + pgsize_bitmap: config.pgsize_bitmap,
>>> + ias: config.ias,
>>> + oas: config.oas,
>>> + coherent_walk: config.coherent_walk,
>>> + tlb: &raw const NOOP_FLUSH_OPS,
>>> + iommu_dev: dev.as_raw(),
>>> + // SAFETY: All zeroes is a valid value for `struct io_pgtable_cfg`.
>>> + ..unsafe { core::mem::zeroed() }
>>> + };
>>> +
>>> + // SAFETY:
>>> + // * The raw_cfg pointer is valid for the duration of this call.
>>> + // * The provided `FLUSH_OPS` contains valid function pointers that accept a null pointer
>>> + // as cookie.
>>> + // * The caller ensures that the io pgtable does not outlive the device.
>>
>> We should probably tailor the sentence above for Devres?
>
> Maybe "does not outlive device unbind" is better worded, but not sure
> what you're looking for with Devres tailoring.
What about “Devres ensures that the io potable does not outlive device
unbind by revoking access”, or something along these lines?
>
>>> + let ops = unsafe {
>>> + bindings::alloc_io_pgtable_ops(F::FORMAT, &mut raw_cfg, core::ptr::null_mut())
>>> + };
>>
>> I’d add a blank here.
>>
>>> +impl<F: IoPageTableFmt> Drop for IoPageTable<F> {
>>> + fn drop(&mut self) {
>>> + // SAFETY: The caller of `ttbr` promised that the page table is not live when this
>>> + // destructor runs.
>>
>>
>> Not sure I understand this sentence. Perhaps we should remove the word “ttbr” from here? ttbr is a register.
>
> ttbr is a method defined below with a safety requirement.
Can't we link to that then? i.e.: [`ttbr`]: Self::ttbr, or whatever the right
syntax is. Because it’s more natural to think about ttbr the register vs
ttbr the method.
>
> Alice
Powered by blists - more mailing lists