Nouveau - Sep 2025 - [PATCH v5 02/12] gpu: nova-core: move GSP boot code to a dedicated method

On Sat, Sep 13, 2025 at 03:30:31PM +0200, Danilo Krummrich
wrote:
> On Sat Sep 13, 2025 at 3:02 AM CEST, Joel Fernandes wrote:
> > Any chance we can initialize the locks later? We don't need
locking until
> > after the boot process is completed, and if there's a way we can
dynamically
> > "pin", where we hypothetically pin after the boot process
completed, that
> > might also work. Though I am not sure if that's something possible
in
> > Rust/rust4linux or if it makes sense.
> 
> We can't partially initialize structures and then rely on accessing
initialized
> data only.
Yet, that is exactly what the pin initialization sequence block does? The
whole structure is not initialized yet you need access to already initialized
fields.
> This is one of the sources for memory bugs that Rust tries to solve.
> You can wrap fields into Option types and initialize them later, which
would
> defer pin-init calls for the price of having Option fields around.
I am not denying the need for pinning. Also regarding Option, just thinking
out loud but if something is optional temporary, maybe needing a new type
like TempOption, and promote it to a non-option type later, I am not seeing
that as completely outside the world, if there is a legitimate usecase that
needs to be Option temporarily, but not later, what's wrong with that? It is
"Optional" for the timebeing, but not later.
> However, we should never do such things. If there's the necessity to do
> something like that, it indicates a design issue.
> 
> In this case, there's no problem, we can use pin-init without any
issues right
> away, and should do so.
> 
> pin-init is going to be an essential part of *every* Rust driver given that
a
> lot of the C infrastruture that we abstract requires pinned initialization,
such
> as locks and other synchronization primitives.
To be honest, the pinning concept seems like an after thought for such a
fundamental thing that we need, requiring additional macros, and bandaids on
top of the language itself, to make it work for the kernel. I am not alone in
that opinion. This should be first-class in a (systems) language, built into
the language itself? I am talking about the whole pin initialization,
accessing fields dances, etc.

Also I am concerned that overusage of pinning defeats a lot of optimizations
that Rust may be able to perform, especially forcefully pinning stuff that
does not need all to be pinned (except to satisfy paranoia), thus generating
suboptimal code gen. Not only does it require redesign and concerns over
accesses to un-initialized fields, like we saw in the last 2-3 weeks, it also
forces people into that when maybe there is a chance that underlying
structures do not need to be pinned at all (for some usecases).

These are just my opinions.

thanks,

 - Joel

On Sat, Sep 13, 2025 at 7:14?PM Joel Fernandes <joelagnelf at nvidia.com>
wrote:
>
> I am not alone in that opinion.
Hmm... I am not sure how to read this.
> This should be first-class in a (systems) language, built into
> the language itself?
I would suggest taking a look at our website and the links there (like
issue #2) -- what we are doing upstream Rust is documented.

(Danilo gave you a direct link, but I mention it this way because
there are a lot of things going on, and it is worth a look and perhaps
you may find something interesting you could help with).
> except to satisfy paranoia
Using unsafe code everywhere (or introducing unsoundness or UB for
convenience) would defeat much of the Rust for Linux exercise.

Cheers,
Miguel

Hi Miguel,

On Sat, Sep 13, 2025 at 10:37:34PM +0200, Miguel Ojeda
wrote:
> On Sat, Sep 13, 2025 at 7:14?PM Joel Fernandes <joelagnelf at
nvidia.com> wrote:
> >
> > I am not alone in that opinion.
> 
> Hmm... I am not sure how to read this.
I don't follow? I am just saying that pinning seems to be a rather odd thing
to do explictly that we don't in other languages. I know why Rust needs it,
but it is even more strange that Rust requires additional macros in the
kernel to further implement features required for it, when it probably should
been a part of the language design from the beginning (and not require
changes to macros to support usecases, like we saw for Nova).

It is possible that I don't fully understand pinning - but what I do
understand (and please correct me if I'm wrong), pinning is required mainly
because Rust default-moves data which wreaks havoc for stuff that unsafe code
(C code) exposes (spinlocks for example) or data hardware expects to be at
fixed locations. This also arises because of mixing unsafe code, with safe
code.  So it is required mainly because Unsafe code (and hardware) does not
break, due to "safe" Rust's default movement. Is my understanding
wrong?
> > This should be first-class in a (systems) language, built into
> > the language itself?
> 
> I would suggest taking a look at our website and the links there (like
> issue #2) -- what we are doing upstream Rust is documented.
Sure, thanks for the pointers, I will study them further.
> (Danilo gave you a direct link, but I mention it this way because
> there are a lot of things going on, and it is worth a look and perhaps
> you may find something interesting you could help with).
Sure, thanks.
> > except to satisfy paranoia
> 
> Using unsafe code everywhere (or introducing unsoundness or UB for
> convenience) would defeat much of the Rust for Linux exercise.
Where in the thread did I suggest that, though? (using unsafe everywhere).

Also note, I'm pretty much a Rust (and Rust 4 linux) newbie and don't
claim
to be any kind of expert in these. But I have studied Rust for about a year
now and pinning for a few months :). I don't mean to make noise, just
discussing so I can learn more and help in some way :) Please don't be too
offended by my ramblings.

thanks,

 - Joel

On 9/13/25 1:37 PM, Miguel Ojeda wrote:
> On Sat, Sep 13, 2025 at 7:14?PM Joel Fernandes <joelagnelf at
nvidia.com> wrote:
>>
>> I am not alone in that opinion.
> 
> Hmm... I am not sure how to read this.
> 
>> This should be first-class in a (systems) language, built into
>> the language itself?
On this particular point, and *only* this point: some time around
mid-2025, I started wondering out loud, "shouldn't Rust have some
built-in understanding, in the language/compiler itself, of the
concept of pinned memory?"

Because, after doing a modest bit of Rust for Linux coding, I was
struck by "Rust is a systems programming langauge", vs. "systems
programming often involves DMA (which generally pins memory)".
And the other observation is that pin-init discussions are some
of the most advanced and exotic in Rust for Linux. These things
don't go together.

So it seemed like this is a lesson that Rust for Linux has learned,
that can be taken back to Rust itself. I recommended this as a
non-urgent Kangrejos topic.
> 
> I would suggest taking a look at our website and the links there (like
> issue #2) -- what we are doing upstream Rust is documented.
...and my question was asked before reading through issue #2. So your
and Danilo's responses seem to be saying that there is already some
understanding that this is an area that could be improved.

Good!

I believe "issue #2" refers to this, right?

    https://github.com/Rust-for-Linux/linux/issues/2

That's going to take some time to figure out if it interects
what I was requesting, but I'll have a go at it.
> 
> (Danilo gave you a direct link, but I mention it this way because
> there are a lot of things going on, and it is worth a look and perhaps
> you may find something interesting you could help with).
> 
>> except to satisfy paranoia
> 
> Using unsafe code everywhere (or introducing unsoundness or UB for
> convenience) would defeat much of the Rust for Linux exercise.
> 
Yes. It's only "paranoia" if the code is bug-free. So Rust itself
naturally will look "a little" paranoid, that's core to its
mission. :)


thanks,
-- 
John Hubbard