| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <DG0CABK2DQE8.1TDN35GOJ0DYI@kernel.org>
Date: Wed, 28 Jan 2026 16:49:07 +0100
From: "Danilo Krummrich" <dakr@...nel.org>
To: "Jason Gunthorpe" <jgg@...dia.com>
Cc: "Zhi Wang" <zhiw@...dia.com>, <rust-for-linux@...r.kernel.org>,
<linux-pci@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
<aliceryhl@...gle.com>, <bhelgaas@...gle.com>, <kwilczynski@...nel.org>,
<ojeda@...nel.org>, <alex.gaynor@...il.com>, <boqun.feng@...il.com>,
<gary@...yguo.net>, <bjorn3_gh@...tonmail.com>, <lossin@...nel.org>,
<a.hindborg@...nel.org>, <tmgross@...ch.edu>, <markus.probst@...teo.de>,
<helgaas@...nel.org>, <cjia@...dia.com>, <smitra@...dia.com>,
<ankita@...dia.com>, <aniketa@...dia.com>, <kwankhede@...dia.com>,
<targupta@...dia.com>, <acourbot@...dia.com>, <joelagnelf@...dia.com>,
<jhubbard@...dia.com>, <zhiwang@...nel.org>, <daniel.almeida@...labora.com>
Subject: Re: [PATCH v2 1/2] rust: introduce abstractions for fwctlg
On Wed Jan 28, 2026 at 3:59 PM CET, Jason Gunthorpe wrote:
> On Wed, Jan 28, 2026 at 03:01:25PM +0100, Danilo Krummrich wrote:
>> There is no second memory allocation. In the implementation of
>> fwctl::Device::new() above we call _fwctl_alloc_device() with a size (and
>> layout) such that this allocation is suitable to initialize the second argument
>> (i.e. data: impl PinInit<T, Error>) within this allocation.
>
> You are talking about your suggestions now right?
Correct, I'm talking about my proposal.
> Because what I see in Zi's patch doesn't match any of this?
>
> + bindings::_fwctl_alloc_device(
> + parent.as_raw(),
> + ops,
> + core::mem::size_of::<bindings::fwctl_device>(),
> + )
>
> That is not allocating any memory for driver use ...
Yes, the patch doesn't do any of that.
> What you are explaining sounds good to me, though I don't quite get
> the PinInit<> flow but I trust you on that. :)
So, it would basically look like this:
pub struct Device<T> {
dev: Opaque<bindings::fwctl_device>,
data: T,
}
Where T is the type of the driver specific fwctl device data.
impl<T> Device<T> {
pub fn new(
parent: &device::Device,
data: impl PinInit<T::Data, Error>
) -> Result<ARef<Self>> {
let layout = Kmalloc::aligned_layout(Layout::new::<Self>());
// SAFETY: ...
let raw_fwctl: *mut Self = unsafe {
bindings::_fwctl_alloc_device(
parent.as_raw(),
&Self::VTABLE,
layout.size(),
)
}
.cast();
let raw_fwctl = NonNull::new(from_err_ptr(raw_fwctl)?).ok_or(ENOMEM)?;
// Get the pointer to `Self::data`.
let raw_data = unsafe { &raw mut (*raw_fwctl.as_ptr().data) };
// Initialize the `data` initializer within the memory pointed
// to by `raw_data`.
unsafe { data.__pinned_init(raw_data) }.inspect_err(|_| {
// Find the `struct fwctl_device` pointer from the `Self`
// pointer.
let fwctl_dev = unsafe { Self::into_fwcl_device(raw_fwctl) };
// Since we failed to execute the initializer of `data`,
// unwind, i.e. drop our reference to `fwctl_dev`.
unsafe { bindings::fwctl_put(fwctl_dev) };
})?;
// The initializer was successful, hence return `Self` as
// `ARef<Self>`.
Ok(unsafe { ARef::from_raw(raw_fwctl) })
}
}
So, essentially the driver passes an initializer of its private data and we
"write" this initializer into the extra memory allocated with
_fwctl_alloc_device().
Powered by blists - more mailing lists