On Fri, Feb 24, 2023 at 02:32:47PM +0000, Robin Murphy wrote:
On 2023-02-24 14:11, Greg Kroah-Hartman wrote:
Thanks for the detailed rust explainations, I'd like to just highlight
one thing:
On Fri, Feb 24, 2023 at 10:15:12PM +0900, Asahi Lina wrote:
On 24/02/2023 20.23, Greg Kroah-Hartman wrote:
And again, why are bindings needed for a "raw" struct device at all?
Shouldn't the bus-specific wrappings work better?
Because lots of kernel subsystems need to be able to accept "any" device
and don't care about the bus! That's what this is for.
That's great, but:
All the bus
wrappers would implement this so they can be used as an argument for all
those subsystems (plus a generic one when you just need to pass around
an actual owned generic reference and no longer need bus-specific
operations - you can materialize that out of a RawDevice impl, which is
when get_device() would be called). That's why I'm introducing this now,
because both io_pgtable and rtkit need to take `struct device` pointers
on the C side so we need some "generic struct device" view on the Rust side.
In looking at both ftkit and io_pgtable, those seem to be good examples
of how "not to use a struct device", so trying to make safe bindings
from Rust to these frameworks is very ironic :)
rtkit takes a struct device pointer and then never increments it,
despite saving it off, which is unsafe. It then only uses it to print
out messages if things go wrong (or right in some cases), which is odd.
So it can get away from using a device pointer entirely, except for the
devm_apple_rtkit_init() call, which I doubt you want to call from rust
code, right?
for io_pgtable, that's a bit messier, you want to pass in a device that
io_pgtable treats as a "device" but again, it is NEVER properly
reference counted, AND, it is only needed to try to figure out the bus
operations that dma memory should be allocated from for this device. So
what would be better to save off there would be a pointer to the bus,
which is constant and soon will be read-only so there are no lifetime
rules needed at all (see the major struct bus_type changes going into
6.3-rc1 that will enable that to happen).
FWIW the DMA API *has* to know which specific device it's operating with,
since the relevant properties can and do vary even between different devices
within a single bus_type (e.g. DMA masks).
What bus_type has different DMA masks depending on the device on that
bus today?
And the iommu ops are on the bus, not the device, but there is a
iommu_group on the device, is that what you are referring to?
Am I getting iommu and dma stuff confused here? A bus also has dma
callbacks, but yet the device itself has dma_ops?
In the case of io-pgtable at least, there's no explicit refcounting since
the struct device must be the one representing the physical
platform/PCI/etc. device consuming the pagetable, so if that were to
disappear from underneath its driver while the pagetable is still in use,
things would already have gone very very wrong indeed :)
But that could happen at any point in time, the device can be removed
from the system with no warning, how do you guarantee that io-pgtable is
being initialized with a device that can NOT be removed?
Think of drawers containing CPUs and PCI devices and memory, Linux
has supported hot-removal of those for decades. (well, not for memory,
we could only hot-add that...)
Again, passing in a pointer to a struct device, and saving it off
WITHOUT incrementing the reference count is not ok, that's not how
reference counts work...
But again, let's see about disconnecting the iommu ops entirely from the
device and just relying on the bus, that should work better, rigth?