Re: [PATCH v9 2/3] rust: add dma coherent allocator abstraction.

[Abdiel Janulgue]

On 21/01/2025 21:56, Boqun Feng wrote:
> On Tue, Jan 21, 2025 at 10:47:46AM +0200, Abdiel Janulgue wrote:
> [...]
> > +
> > +    /// Reads data from the region starting from `offset` as a slice.
> > +    /// `offset` and `count` are in units of `T`, not the number of bytes.
> > +    ///
> > +    /// Due to the safety requirements of slice, the data returned should be regarded by the
> > +    /// caller as a snapshot of the region when this function is called, as the region could
> > +    /// be modified by the device at anytime. For ringbuffer type of r/w access or use-cases
> > +    /// where the pointer to the live data is needed, `start_ptr()` or `start_ptr_mut()`
> > +    /// could be used instead.
> > +    ///
> > +    /// # Safety
> > +    ///
> > +    /// Callers must ensure that no hardware operations that involve the buffer are currently
> > +    /// taking place while the returned slice is live.
> > +    pub unsafe fn read(&self, offset: usize, count: usize) -> Result<&[T]> {
>
> I don't think `read()` is a proper name here since this function only
> provides a slice for the caller to read. How about `as_slice()`? Or you
> can change the function signature to:
>
> 	read(&self, offset, usize, count: usize, dst: &mut [T]) -> Result

Thanks for the feedback! I've now changed this in v10 onwards.

/Abdiel


> Regards,
> Boqun
>
> > +        if offset + count >= self.count {
> > +            return Err(EINVAL);
> > +        }
> > +        // SAFETY: The pointer is valid due to type invariant on `CoherentAllocation`,
> > +        // we've just checked that the range and index is within bounds. The immutability of the
> > +        // of data is also guaranteed by the safety requirements of the function.
> > +        Ok(unsafe { core::slice::from_raw_parts(self.cpu_addr.wrapping_add(offset), count) })
> > +    }
> > +
> [...]