Re: [PATCH v2 1/6] rust: io: turn IoCapable into a functional trait

Next message: Krishna Chaitanya Chundru: "Re: [PATCH 1/2] PCI/pwrctrl: Ensure that the remote endpoint node parent has the supply requirement"
Previous message: Konrad Dybcio: "Re: [PATCH v1 2/2] arm64: dts: qcom: qcs6490-rb3gen2: Enable CAN bus controller"
In reply to: Alexandre Courbot: "Re: [PATCH v2 1/6] rust: io: turn IoCapable into a functional trait"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Danilo Krummrich

Date: Tue Feb 17 2026 - 06:17:27 EST

On Tue Feb 17, 2026 at 2:36 AM CET, Alexandre Courbot wrote:
> Ah, I think I finally get it now. `Io` and `IoKnownSize` can piggyback
> on the `IoCapable` safety requirement, because all the unsafe code
> requires an `IoCapable` implementation anyway. I guess that's sound
> indeed.
>
> I don't think the same can apply to `io_read` and `io_write` though -
> `IoCapable` is public, and so anyone could call them with an arbitrary
> argument, e.g.
>
> let mmio: &Mmio<0x100>;
> ...
> IoCapable::<u8>::io_read(mmio, usize::MAX);
>
> Here we have no way of making the callers enforce the internal safety
> requirement of these methods, thus we need to keep them unsafe.

Agreed.