On Fri, Feb 28, 2025 at 12:27:36PM +1000, Alistair Francis wrote: > On Fri, Feb 28, 2025 at 5:33 AM Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > > On Thu, Feb 27, 2025 at 05:45:02PM +0100, Miguel Ojeda wrote: > > > On Thu, Feb 27, 2025 at 1:01 PM Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > > > > > > Sorry, you are right, it does, and of course it happens (otherwise how > > > > would bindings work), but for small functions like this, how is the C > > > > code kept in sync with the rust side? Where is the .h file that C > > > > should include? > > This I can address with something like Alice mentioned earlier to > ensure the C and Rust functions stay in sync. Yes, that looks to be fixed up now and should not be an issue. > > > What you were probably remembering is that it still needs to be > > > justified, i.e. we don't want to generally/freely start replacing > > > "individual functions" and doing FFI both ways everywhere, i.e. the > > > goal is to build safe abstractions wherever possible. > > > > Ah, ok, that's what I was remembering. > > > > Anyway, the "pass a void blob from C into rust" that this patch is doing > > feels really odd to me, and hard to verify it is "safe" at a simple > > glance. > > I agree, it's a bit odd. Ideally I would like to use a sysfs binding, > but there isn't one today. > > I had a quick look and a Rust sysfs binding implementation seems like > a lot of work, which I wasn't convinced I wanted to invest in for this > series. This is only a single sysfs attribute and I didn't want to > slow down this series on a whole sysfs Rust implementation. > > If this approach isn't ok for now, I will just drop the sysfs changes > from the series so the SPDM implementation doesn't stall on sysfs > changes. Then come back to the sysfs attributes in the future. Please do that, we can revisit the sysfs stuff later. > So the high level question, is "pass[ing] a void blob from C into > rust" ok or should I defer for a future safer implementation? I don't think we want random void * blobs being passed between C and Rust like that as ensuring that both sides really know what is happening and keep that in sync is going to be impossible over time. Type safety is our friend :) thanks, greg k-h
