[0/4] Improve soundness of bus device abstractions

Message ID	20250313021550.133041-1-dakr@kernel.org (mailing list archive)
Headers	show Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F02E82E339B; Thu, 13 Mar 2025 02:17:33 +0000 (UTC) From: Danilo Krummrich <dakr@kernel.org> To: gregkh@linuxfoundation.org, rafael@kernel.org, bhelgaas@google.com, ojeda@kernel.org, alex.gaynor@gmail.com, boqun.feng@gmail.com, gary@garyguo.net, bjorn3_gh@protonmail.com, benno.lossin@proton.me, a.hindborg@kernel.org, aliceryhl@google.com, tmgross@umich.edu Cc: linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, rust-for-linux@vger.kernel.org, Danilo Krummrich <dakr@kernel.org> Subject: [PATCH 0/4] Improve soundness of bus device abstractions Date: Thu, 13 Mar 2025 03:13:30 +0100 Message-ID: <20250313021550.133041-1-dakr@kernel.org> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Improve soundness of bus device abstractions \| expand [0/4] Improve soundness of bus device abstractions [1/4] rust: pci: use to_result() in enable_device_mem() [2/4] rust: device: implement device context marker [3/4] rust: pci: fix unrestricted &mut pci::Device [4/4] rust: platform: fix unrestricted &mut platform::Device

Message ID

20250313021550.133041-1-dakr@kernel.org (mailing list archive)

Headers

From: Danilo Krummrich <dakr@kernel.org>
To: gregkh@linuxfoundation.org,
	rafael@kernel.org,
	bhelgaas@google.com,
	ojeda@kernel.org,
	alex.gaynor@gmail.com,
	boqun.feng@gmail.com,
	gary@garyguo.net,
	bjorn3_gh@protonmail.com,
	benno.lossin@proton.me,
	a.hindborg@kernel.org,
	aliceryhl@google.com,
	tmgross@umich.edu
Cc: linux-kernel@vger.kernel.org,
	linux-pci@vger.kernel.org,
	rust-for-linux@vger.kernel.org,
	Danilo Krummrich <dakr@kernel.org>
Subject: [PATCH 0/4] Improve soundness of bus device abstractions
Date: Thu, 13 Mar 2025 03:13:30 +0100
Message-ID: <20250313021550.133041-1-dakr@kernel.org>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

Improve soundness of bus device abstractions | expand

Message

Danilo Krummrich March 13, 2025, 2:13 a.m. UTC

Currently, when sharing references of bus devices (e.g. ARef<pci::Device>), we
do not have a way to restrict which functions of a bus device can be called.

Consequently, it is possible to call all bus device functions concurrently from
any context. This includes functions, which access fields of the (bus) device,
which are not protected against concurrent access.

This is improved by applying an execution context to the bus device in form of a
generic type.

For instance, the PCI device reference that is passed to probe() has the type
pci::Device<Core>, which implements all functions that are only allowed to be
called from bus callbacks.

The implementation for the default context (pci::Device) contains all functions
that are safe to call from any context concurrently.

The context types can be extended as required, e.g. to limit availability  of
certain (bus) device functions to probe().

A branch containing the patches can be found in [1].

[1] https://web.git.kernel.org/pub/scm/linux/kernel/git/dakr/linux.git/log/?h=rust/device

Danilo Krummrich (4):
  rust: pci: use to_result() in enable_device_mem()
  rust: device: implement device context marker
  rust: pci: fix unrestricted &mut pci::Device
  rust: platform: fix unrestricted &mut platform::Device

 drivers/gpu/nova-core/driver.rs      |   4 +-
 rust/kernel/device.rs                |  18 ++++
 rust/kernel/pci.rs                   | 131 ++++++++++++++++-----------
 rust/kernel/platform.rs              |  93 ++++++++++++-------
 samples/rust/rust_driver_pci.rs      |   8 +-
 samples/rust/rust_driver_platform.rs |  16 +++-
 6 files changed, 177 insertions(+), 93 deletions(-)


base-commit: b28786b190d1ae2df5e6a5181ad78c6f226ea3e1

Comments

Boqun Feng March 13, 2025, 6:08 a.m. UTC | #1

On Thu, Mar 13, 2025 at 03:13:30AM +0100, Danilo Krummrich wrote:
> Currently, when sharing references of bus devices (e.g. ARef<pci::Device>), we
> do not have a way to restrict which functions of a bus device can be called.
> 
> Consequently, it is possible to call all bus device functions concurrently from
> any context. This includes functions, which access fields of the (bus) device,
> which are not protected against concurrent access.
> 
> This is improved by applying an execution context to the bus device in form of a
> generic type.
> 
> For instance, the PCI device reference that is passed to probe() has the type
> pci::Device<Core>, which implements all functions that are only allowed to be
> called from bus callbacks.
> 
> The implementation for the default context (pci::Device) contains all functions
> that are safe to call from any context concurrently.
> 
> The context types can be extended as required, e.g. to limit availability  of
> certain (bus) device functions to probe().
> 

For the whole series:

Acked-by: Boqun Feng <boqun.feng@gmail.com>

Regards,
Boqun

> A branch containing the patches can be found in [1].
> 
> [1] https://web.git.kernel.org/pub/scm/linux/kernel/git/dakr/linux.git/log/?h=rust/device
> 
> Danilo Krummrich (4):
>   rust: pci: use to_result() in enable_device_mem()
>   rust: device: implement device context marker
>   rust: pci: fix unrestricted &mut pci::Device
>   rust: platform: fix unrestricted &mut platform::Device
> 
>  drivers/gpu/nova-core/driver.rs      |   4 +-
>  rust/kernel/device.rs                |  18 ++++
>  rust/kernel/pci.rs                   | 131 ++++++++++++++++-----------
>  rust/kernel/platform.rs              |  93 ++++++++++++-------
>  samples/rust/rust_driver_pci.rs      |   8 +-
>  samples/rust/rust_driver_platform.rs |  16 +++-
>  6 files changed, 177 insertions(+), 93 deletions(-)
> 
> 
> base-commit: b28786b190d1ae2df5e6a5181ad78c6f226ea3e1
> -- 
> 2.48.1
>