On Fri, Feb 28, 2025 at 04:29:04PM +1100, Alistair Popple wrote: > On Thu, Feb 27, 2025 at 11:01:55AM +0100, Danilo Krummrich wrote: > > On Thu, Feb 27, 2025 at 11:25:55AM +1100, Alistair Popple wrote: > > > > To be honest I don't really understand the utility here because the > > > compile-time > > > check can't be a definitive check. You're always going to have to > > > fallback to > > > a run-time check because at least for PCI (and likely others) you can't > > > know > > > for at compile time if the IO region is big enough or matches the > > > compile-time > > > constraint. > > > > That's not true, let me explain. > > > > When you write a driver, you absolutely have to know the register layout. > > This > > means that you also know what the minimum PCI bar size has to be for your > > driver > > to work. If it would be smaller than what your driver expects, it can't > > function > > anyways. In Rust we make use of this fact. > > > > When you map a PCI bar through `pdev.iomap_region_sized` you pass in a > > const > > generic (`SIZE`) representing the *expected* PCI bar size. This can indeed > > fail > > on run-time, but that's fine, as mentioned, if the bar is smaller than what > > your > > driver expect, it's useless anyways. > > > > If the call succeeds, it means that the actual PCI bar size is greater or > > equal > > to `SIZE`. Since `SIZE` is known at compile time all subsequent I/O > > operations > > can be boundary checked against `SIZE` at compile time, which additionally > > makes > > the call infallible. This works for most I/O operations drivers do. > > Argh! That's the piece I was missing - that this makes the IO call infallible > and thus removes the need to write run-time error handling code. Sadly of > course > that's not actually true, because I/O operations can always fail for reasons > other than what can be checked at compile time (eg. in particular PCI devices > can fall off the bus and return all 0xF's). But I guess existing drivers don't > really handle those cases either.
We handle this case too by giving out a Devres<pci::Bar> rather than just a pci::Bar. The former gets revoked when the device falls off the bus.
