Danilo Krummrich
2025-Oct-02 19:36 UTC
[PATCH v2 1/2] rust: pci: skip probing VFs if driver doesn't support VFs
On Thu Oct 2, 2025 at 8:56 PM CEST, Jason Gunthorpe wrote:> On Thu, Oct 02, 2025 at 08:42:58PM +0200, Danilo Krummrich wrote: >> On 10/2/25 8:31 PM, Jason Gunthorpe wrote: >> > This exactly how this function is used. >> > >> > The core PF driver provides an API: >> > >> > struct mlx5_core_dev *mlx5_vf_get_core_dev(struct pci_dev *pdev) >> > >> > Which takes in the VF as pdev and internally it invokes: >> > >> > mdev = pci_iov_get_pf_drvdata(pdev, &mlx5_core_driver); >> >> Oh, I see, that makes sense then. Thanks for clarifying. I think I already had >> in mind how this would look like in the Rust abstraction, and there we don't >> need pci_iov_get_pf_drvdata() to achieve the same thing. > > I'm skeptical, there is nothing about rust that should avoid having to > us pci_iov_get_pf_drvdata().. It does a number of safety checks > related to the linux driver model that are not optional.The checks will be the same, but using pci_iov_get_pf_drvdata() directly is not workable because of how the abstractions are layered. If we want to obtain the driver's private data from a device outside the scope of bus callbacks, we always need to ensure that the device is guaranteed to be bound and we also need to prove the type of the private data, since a device structure can't be generic over its bound driver. Usually that's not an issue because other entry points into the driver, e.g. subsystem callbacks have their own private data through the class device, IRQs have their own private data in the IRQ registration, etc.>> Yes, I already thought about this. In the context of adding support for SR-IOV >> in the Rust abstractions I'm planning on sending an RFC to let the subsystem >> provide this guarantee instead (at least under certain conditions). > > Certain conditions may be workable, some drivers seem to have > preferences not to call disable, though I think that is wrong :\I fully agree! I was told that this is because apparently some PF drivers are only loaded to enable SR-IOV and then removed to shrink the potential attack surface. Personally, I think that's slightly paranoid, if the driver would not do anything else than enable / disable SR-IOV, but I think we can work around this use-case if people really want it.
Jason Gunthorpe
2025-Oct-02 21:04 UTC
[PATCH v2 1/2] rust: pci: skip probing VFs if driver doesn't support VFs
On Thu, Oct 02, 2025 at 09:36:17PM +0200, Danilo Krummrich wrote:> If we want to obtain the driver's private data from a device outside the scope > of bus callbacks, we always need to ensure that the device is guaranteed to be > bound and we also need to prove the type of the private data, since a device > structure can't be generic over its bound driver.pci_iov_get_pf_drvdata() does both of these things - this is what it is for. Please don't open code it :(> > Certain conditions may be workable, some drivers seem to have > > preferences not to call disable, though I think that is wrong :\ > > I fully agree! I was told that this is because apparently some PF drivers are > only loaded to enable SR-IOV and then removed to shrink the potential attack > surface. Personally, I think that's slightly paranoid, if the driver would not > do anything else than enable / disable SR-IOV, but I think we can work around > this use-case if people really want it.I've heard worse reasons than that. If that is the interest I'd suggest they should just use VFIO and leave a userspace stub process.. Jason