From: Markus Probst <markus.probst@posteo.de>
To: Danilo Krummrich <dakr@kernel.org>,
Markus Probst via B4 Relay
<devnull+markus.probst.posteo.de@kernel.org>
Cc: Rob Herring <robh@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Jiri Slaby <jirislaby@kernel.org>,
Miguel Ojeda <ojeda@kernel.org>, Gary Guo <gary@garyguo.net>,
Björn Roy Baron <bjorn3_gh@protonmail.com>,
Benno Lossin <lossin@kernel.org>,
Andreas Hindborg <a.hindborg@kernel.org>,
Alice Ryhl <aliceryhl@google.com>,
Trevor Gross <tmgross@umich.edu>,
Kari Argillander <kari.argillander@gmail.com>,
"Rafael J. Wysocki" <rafael@kernel.org>,
Viresh Kumar <viresh.kumar@linaro.org>,
Boqun Feng <boqun@kernel.org>, David Airlie <airlied@gmail.com>,
Simona Vetter <simona@ffwll.ch>,
linux-serial@vger.kernel.org, linux-kernel@vger.kernel.org,
rust-for-linux@vger.kernel.org, linux-pm@vger.kernel.org,
driver-core@lists.linux.dev, dri-devel@lists.freedesktop.org
Subject: Re: [PATCH v8 3/5] rust: add basic serial device bus abstractions
Date: Sat, 30 May 2026 14:00:15 +0000 [thread overview]
Message-ID: <888dc39c52bb6ddac1a1eed7876c4573bdbef002.camel@posteo.de> (raw)
In-Reply-To: <ad98dfb1d8469022519d37364e8a068bed3b5687.camel@posteo.de>
[-- Attachment #1: Type: text/plain, Size: 7546 bytes --]
On Sat, 2026-05-30 at 15:53 +0200, Markus Probst wrote:
> On Sat, 2026-05-30 at 15:37 +0200, Markus Probst wrote:
> > On Sat, 2026-05-30 at 15:10 +0200, Danilo Krummrich wrote:
> > > On Sat May 30, 2026 at 3:13 AM CEST, Markus Probst via B4 Relay wrote:
> > > > + extern "C" fn probe_callback(sdev: *mut bindings::serdev_device) -> kernel::ffi::c_int {
> > > > + // SAFETY: The serial device bus only ever calls the probe callback with a valid pointer to
> > > > + // a `struct serdev_device`.
> > > > + //
> > > > + // INVARIANT: `sdev` is valid for the duration of `probe_callback()`.
> > > > + let sdev = unsafe { &*sdev.cast::<Device<device::CoreInternal<'_>>>() };
> > > > + let info = <Self as driver::Adapter>::id_info(sdev.as_ref());
> > > > +
> > > > + from_result(|| {
> > > > + let private_data = devres::register(
> > > > + sdev.as_ref(),
> > > > + try_pin_init!(PrivateData {
> > > > + probe_complete <- Completion::new(),
> > > > + error: false.into(),
> > > > + }),
> > > > + GFP_KERNEL,
> > > > + )?;
> > > > +
> > > > + // SAFETY: `sdev.as_raw()` is guaranteed to be a valid pointer to `serdev_device`.
> > > > + unsafe {
> > > > + (*sdev.as_raw()).rust_private_data =
> > > > + (&raw const *private_data).cast::<c_void>().cast_mut()
> > > > + };
> > > > +
> > > > + // SAFETY: `sdev.as_raw()` is guaranteed to be a valid pointer to `serdev_device`.
> > > > + unsafe { bindings::serdev_device_set_client_ops(sdev.as_raw(), Self::OPS) };
> > > > +
> > > > + // SAFETY: The serial device bus only ever calls the probe callback with a valid pointer
> > > > + // to a `serdev_device`.
> > > > + to_result(unsafe {
> > > > + bindings::devm_serdev_device_open(sdev.as_ref().as_raw(), sdev.as_raw())
> > > > + })?;
> > >
> > > The bus device private data drops before devres callbacks run, thus you can't
> > > use the devm helper here. I suggest to use serdev_device_open() and call
> > > serdev_device_close() from remove_callback() instead.
> > >
> > > You may also want to consider whether you potentially want T::unbind() to allow
> > > to have concurrent transmits in flight regardless. IOW, you may want to call
> > > serdev_device_close() before T::unbind() anyway.
> > `serdev::Device<Core>` will be passed as argument to unbind, i.e.
> > set_baudrate, set_flow_control etc. calls are possible. If we close the
> > serdev device before unbind, calling those would result in a null
> > pointer dereference. Maybe a driver even wants to send a message here,
> > so it should stay open.
> >
> > If I think about it, I can't even close it inside remove_callback after
> > `T::unbind`. With the driver lifetimes, the driver could store the
> > `serdev::Device<Bound>` pointer in its DriverData and could still make
> > calls to the device.
> >
> > Any suggestions?
> I could keep calling devm, but close it before unbind and reopen it
> without the receive ops. The devm will close it then again.
>
> This way it stays open until the last devres callback has run, but
> doesn't call the receive_buf_callback while the drvdata has been
> dropped.
>
> I will test it and see if it works.
Ok, forget it. Only works safely in theory. `serdev_device_open` could
fail and that would be unsound again.
Thanks
- Markus Probst
>
> Thanks
> - Markus Probst
>
> >
> > >
> > > > +
> > > > + let data = T::probe(sdev, info);
> > > > + let result = sdev.as_ref().set_drvdata(data);
> > > > +
> > > > + // SAFETY: We have exclusive access to `private_data.error`.
> > > > + unsafe { *private_data.error.get() = result.is_err() };
> > > > +
> > > > + private_data.probe_complete.complete_all();
> > > > +
> > > > + result.map(|()| 0)
> > > > + })
> > > > + }
> > > > +
> > > > + extern "C" fn remove_callback(sdev: *mut bindings::serdev_device) {
> > > > + // SAFETY: The serial device bus only ever calls the remove callback with a valid pointer
> > > > + // to a `struct serdev_device`.
> > > > + //
> > > > + // INVARIANT: `sdev` is valid for the duration of `remove_callback()`.
> > > > + let sdev = unsafe { &*sdev.cast::<Device<device::CoreInternal<'_>>>() };
> > > > +
> > > > + // SAFETY: `remove_callback` is only ever called after a successful call to
> > > > + // `probe_callback`, hence it's guaranteed that `Device::set_drvdata()` has been called
> > > > + // and stored a `Pin<KBox<T::Data<'_>>>`.
> > > > + let data = unsafe { sdev.as_ref().drvdata_borrow::<T::Data<'_>>() };
> > > > +
> > > > + T::unbind(sdev, data);
> > > > + }
> > > > +
> > > > + extern "C" fn receive_buf_callback(
> > > > + sdev: *mut bindings::serdev_device,
> > > > + buf: *const u8,
> > > > + length: usize,
> > > > + ) -> usize {
> > > > + // SAFETY: The serial device bus only ever calls the receive buf callback with a valid
> > > > + // pointer to a `struct serdev_device`.
> > > > + //
> > > > + // INVARIANT: `sdev` is valid for the duration of `receive_buf_callback()`.
> > > > + let sdev = unsafe { &*sdev.cast::<Device<device::CoreInternal<'_>>>() };
> > >
> > > CoreInternal dereferences to Core, which is technically unsound within this
> > > callback.
> > >
> > > I think you want CoreInternal for drvdata_borrow(), so we should add a
> > > BoundInternal type state for this; I will send a patch for this.
> > >
> > > With this and the above fixed,
> > >
> > > Reviewed-by: Danilo Krummrich <dakr@kernel.org>
> > >
> > > from the driver-core side of things.
> > >
> > > > + // SAFETY:
> > > > + // - The serial device bus only ever calls the receive buf callback with a valid pointer to
> > > > + // a `struct serdev_device`.
> > > > + // - `receive_buf_callback` is only ever called after a successful call to
> > > > + // `probe_callback`, hence it's guaranteed that `sdev.private_data` is a pointer
> > > > + // to a valid `PrivateData`.
> > > > + let private_data = unsafe { &*(*sdev.as_raw()).rust_private_data.cast::<PrivateData>() };
> > > > +
> > > > + private_data.probe_complete.wait_for_completion();
> > > > +
> > > > + // SAFETY: No one has exclusive access to `private_data.error`.
> > > > + if unsafe { *private_data.error.get() } {
> > > > + return length;
> > > > + }
> > > > +
> > > > + // SAFETY: `receive_buf_callback` is only ever called after a successful call to
> > > > + // `probe_callback`, hence it's guaranteed that `Device::set_drvdata()` has been called
> > > > + // and stored a `Pin<KBox<T::Data<'_>>>`.
> > > > + let data = unsafe { sdev.as_ref().drvdata_borrow::<T::Data<'_>>() };
> > > > +
> > > > + // SAFETY: `buf` is guaranteed to be non-null and has the size of `length`.
> > > > + let buf = unsafe { core::slice::from_raw_parts(buf, length) };
> > > > +
> > > > + T::receive(sdev, data, buf)
> > > > + }
> > > > +}
> >
> > Thanks
> > - Markus Probst
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 870 bytes --]
next prev parent reply other threads:[~2026-05-31 14:00 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-30 1:13 [PATCH v8 0/5] rust: add basic serial device bus abstractions Markus Probst via B4 Relay
2026-05-30 1:13 ` [PATCH v8 1/5] rust: devres: return reference in `devres::register` Markus Probst via B4 Relay
2026-05-30 11:54 ` Danilo Krummrich
2026-05-30 17:37 ` Markus Probst
2026-06-04 5:57 ` Claude review: " Claude Code Review Bot
2026-05-30 1:13 ` [PATCH v8 2/5] serdev: add rust private data to serdev_device Markus Probst via B4 Relay
2026-06-04 5:57 ` Claude review: " Claude Code Review Bot
2026-05-30 1:13 ` [PATCH v8 3/5] rust: add basic serial device bus abstractions Markus Probst via B4 Relay
2026-05-30 13:10 ` Danilo Krummrich
2026-05-30 13:37 ` Markus Probst
2026-05-30 13:53 ` Markus Probst
2026-05-30 14:00 ` Markus Probst [this message]
2026-05-30 14:08 ` Danilo Krummrich
2026-05-30 14:27 ` Markus Probst
2026-05-30 14:35 ` Danilo Krummrich
2026-05-30 14:51 ` Markus Probst
2026-05-30 16:14 ` Danilo Krummrich
2026-05-30 16:23 ` Markus Probst
2026-05-30 16:27 ` Danilo Krummrich
2026-05-30 16:30 ` Markus Probst
2026-05-30 18:55 ` Markus Probst
2026-05-30 19:45 ` Danilo Krummrich
2026-05-30 20:31 ` Markus Probst
2026-05-30 20:59 ` Danilo Krummrich
2026-06-04 5:57 ` Claude review: " Claude Code Review Bot
2026-05-30 1:13 ` [PATCH v8 4/5] samples: rust: add Rust serial device bus sample device driver Markus Probst via B4 Relay
2026-06-04 5:57 ` Claude review: " Claude Code Review Bot
2026-05-30 1:13 ` [PATCH v8 5/5] MAINTAINERS: serdev: Add self for serdev Markus Probst via B4 Relay
2026-06-04 5:57 ` Claude review: " Claude Code Review Bot
2026-06-04 5:57 ` Claude review: rust: add basic serial device bus abstractions Claude Code Review Bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=888dc39c52bb6ddac1a1eed7876c4573bdbef002.camel@posteo.de \
--to=markus.probst@posteo.de \
--cc=a.hindborg@kernel.org \
--cc=airlied@gmail.com \
--cc=aliceryhl@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun@kernel.org \
--cc=dakr@kernel.org \
--cc=devnull+markus.probst.posteo.de@kernel.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=driver-core@lists.linux.dev \
--cc=gary@garyguo.net \
--cc=gregkh@linuxfoundation.org \
--cc=jirislaby@kernel.org \
--cc=kari.argillander@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=linux-serial@vger.kernel.org \
--cc=lossin@kernel.org \
--cc=ojeda@kernel.org \
--cc=rafael@kernel.org \
--cc=robh@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=simona@ffwll.ch \
--cc=tmgross@umich.edu \
--cc=viresh.kumar@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox