Michael S. Tsirkin
2021-Aug-29 22:26 UTC
[PATCH v4 11/15] pci: Add pci_iomap_shared{,_range}
On Sun, Aug 29, 2021 at 09:17:53AM -0700, Andi Kleen wrote:> Also I changing this single call really that bad? It's not that we changing > anything drastic here, just give the low level subsystem a better hint about > the intention. If you don't like the function name, could make it an > argument instead?My point however is that the API should say that the driver has been audited, not that the mapping has been done in some special way. For example the mapping can be in some kind of wrapper, not directly in the driver. However you want the driver validated, not the wrapper. Here's an idea: diff --git a/include/linux/audited.h b/include/linux/audited.h new file mode 100644 index 000000000000..e23fd6ad50db --- /dev/null +++ b/include/linux/audited.h @@ -0,0 +1,3 @@ +#ifndef AUDITED_MODULE +#define AUDITED_MODULE +#endif Now any audited driver must do #include <linux/audited.h> first of all. Implementation-wise it can do any number of things, e.g. if you like then sure you can do: #ifdef AUDITED_MODULE #define pci_ioremap pci_ioremap_shared #else #define pci_ioremap pci_ioremap #endif but you can also thinkably do something like (won't work, but just to give you the idea): #ifdef AUDITED_MODULE #define __init __init #else #define __init #endif or any number of hacks like this. -- MST
On 8/29/2021 3:26 PM, Michael S. Tsirkin wrote:> On Sun, Aug 29, 2021 at 09:17:53AM -0700, Andi Kleen wrote: >> Also I changing this single call really that bad? It's not that we changing >> anything drastic here, just give the low level subsystem a better hint about >> the intention. If you don't like the function name, could make it an >> argument instead? > My point however is that the API should say that the > driver has been audited,We have that status in the struct device. If you want to tie the ioremap to that we could define a ioremap_device() with a device argument and decide based on that. Or we can add _audited to the name. ioremap_shared_audited?> not that the mapping has been > done in some special way. For example the mapping can be > in some kind of wrapper, not directly in the driver. > However you want the driver validated, not the wrapper. > > Here's an idea:I don't think magic differences of API behavior based on some define are a good idea.? That's easy to miss. That's a "COME FROM" in API design. Also it wouldn't handle the case that a driver has both private and shared ioremaps, e.g. for BIOS structures. And we've been avoiding that drivers can self declare auditing, we've been trying to have a separate centralized list so that it's easier to enforce and avoids any cut'n'paste mistakes. -Andi