[PATCH v2 0/4] Improve soundness of bus device abstractions
From: Danilo Krummrich
Date: Fri Mar 14 2025 - 12:13:24 EST
Currently, when sharing references of bus devices (e.g. ARef<pci::Device>), we
do not have a way to restrict which functions of a bus device can be called.
Consequently, it is possible to call all bus device functions concurrently from
any context. This includes functions, which access fields of the (bus) device,
which are not protected against concurrent access.
This is improved by applying an execution context to the bus device in form of a
generic type.
For instance, the PCI device reference that is passed to probe() has the type
pci::Device<Core>, which implements all functions that are only allowed to be
called from bus callbacks.
The implementation for the default context (pci::Device) contains all functions
that are safe to call from any context concurrently.
The context types can be extended as required, e.g. to limit availability of
certain (bus) device functions to probe().
A branch containing the patches can be found in [1].
[1] https://web.git.kernel.org/pub/scm/linux/kernel/git/dakr/linux.git/log/?h=rust/device
Changes in v2:
- make `DeviceContext` trait sealed
- impl From<&pci::Device<device::Core>> for ARef<pci::Device>
- impl From<&platform::Device<device::Core>> for ARef<platform::Device>
- rebase onto v6.14-rc6
- apply RBs
Danilo Krummrich (4):
rust: pci: use to_result() in enable_device_mem()
rust: device: implement device context marker
rust: pci: fix unrestricted &mut pci::Device
rust: platform: fix unrestricted &mut platform::Device
rust/kernel/device.rs | 26 +++++
rust/kernel/pci.rs | 137 +++++++++++++++++----------
rust/kernel/platform.rs | 95 +++++++++++++------
samples/rust/rust_driver_pci.rs | 8 +-
samples/rust/rust_driver_platform.rs | 11 ++-
5 files changed, 187 insertions(+), 90 deletions(-)
base-commit: 80e54e84911a923c40d7bee33a34c1b4be148d7a
--
2.48.1