On Fri, Feb 28, 2025 at 04:29:04PM +1100, Alistair Popple wrote: > On Thu, Feb 27, 2025 at 11:01:55AM +0100, Danilo Krummrich wrote: > > On Thu, Feb 27, 2025 at 11:25:55AM +1100, Alistair Popple wrote: > > > > To be honest I don't really understand the utility here because the compile-time > > > check can't be a definitive check. You're always going to have to fallback to > > > a run-time check because at least for PCI (and likely others) you can't know > > > for at compile time if the IO region is big enough or matches the compile-time > > > constraint. > > > > That's not true, let me explain. > > > > When you write a driver, you absolutely have to know the register layout. This > > means that you also know what the minimum PCI bar size has to be for your driver > > to work. If it would be smaller than what your driver expects, it can't function > > anyways. In Rust we make use of this fact. > > > > When you map a PCI bar through `pdev.iomap_region_sized` you pass in a const > > generic (`SIZE`) representing the *expected* PCI bar size. This can indeed fail > > on run-time, but that's fine, as mentioned, if the bar is smaller than what your > > driver expect, it's useless anyways. > > > > If the call succeeds, it means that the actual PCI bar size is greater or equal > > to `SIZE`. Since `SIZE` is known at compile time all subsequent I/O operations > > can be boundary checked against `SIZE` at compile time, which additionally makes > > the call infallible. This works for most I/O operations drivers do. > > Argh! That's the piece I was missing - that this makes the IO call infallible > and thus removes the need to write run-time error handling code. Sadly of course > that's not actually true, because I/O operations can always fail for reasons > other than what can be checked at compile time (eg. in particular PCI devices > can fall off the bus and return all 0xF's). But I guess existing drivers don't > really handle those cases either. We handle this case too by giving out a Devres<pci::Bar> rather than just a pci::Bar. The former gets revoked when the device falls off the bus.
