From patchwork Thu Mar 20 13:32:45 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 874971 Delivered-To: patch@linaro.org Received: by 2002:a5d:5f4c:0:b0:38f:210b:807b with SMTP id cm12csp322684wrb; Thu, 20 Mar 2025 06:33:52 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCW+AG21wkr/+VRNVY7bePUYNR7x5V5b9JBB3EgoeRpCyvIIXP8QMIgRu5RgTK4U63KLdKXM5A==@linaro.org X-Google-Smtp-Source: AGHT+IH/nVDAuZPxTojAx17kwj+wHv44xzz/vPz9/VD97aFCAbylMa1zf5u8BhsRuDQYj4rlZMgs X-Received: by 2002:a05:622a:1b05:b0:476:6189:4f2b with SMTP id d75a77b69052e-47710dc4b60mr40717151cf.46.1742477632676; Thu, 20 Mar 2025 06:33:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1742477632; cv=none; d=google.com; s=arc-20240605; b=PLVIlR3ADCJNRnKnbDs+9ANFWKlR+bFO8waoDFO5yOR+MTIU06sKQbL4156SSdIDKw zzGP8EFfveMSIqN0jXyKiHTC/cpGmFzb0tt08HPPtha1HSkVMNzdTlejm+rNEV0baW+r 1uIm/vTr34hQ4nH2cT/C4SZJd0ZXrgUK4tbUvePR2kYFz/HL4kkrVxtaFgw0/cnt4Coh 4yddHJB8AfEYnf/doTZWpeO8PHlNhB/6KW4w47dGPbkT+NNgkGjbTxo5tdcCfwS82HxN oPSU1OaXIwn5pSzTecexNw9exqT4q3cbELJZWqNW/vc+cL5qQ8lOkwKx2COwNMz1r3eZ TKZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=7YBryV/uJw5jCFJ3bAoM5/4/QhhkndLN0POBwK58ocE=; fh=6bdqwZDZFFNV/tyciEi0bG1kG49q0j5K+77AgdeGVnw=; b=JaqdNLRn+niqa0Kp7Ml9YJxblNNJlzM5wvj6ssNrcOA1izIyp8xxf0nMMFHH/tS/8I 5i5O1Gbj37BOmOyd6FxFAK0hqsiRDolZY/FQ4sDgC5nrLlO5bM68N73H/TXTtDpPHBtj yxwl/Yw73FujAtfDBb2GUCgcsOuNEvrJETuORUZ76grOduU+Qua0M/RNGKYG+xAfIfPY ft964Dx6pVTFEbWkzie0frdzZoqQeWMBqWfXV7CSCa28gu046MMpHlGpTmc4wwWCQZRm 1m6AxBHnMNtjpBVYrtgDx4hHNTx3mQWmHDcthDMPCsxPIcHCCLzxo6/QkEWYdZDkn9Hi qyqQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=jWZmVwtP; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id d75a77b69052e-4771bae365dsi3590671cf.415.2025.03.20.06.33.52 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 20 Mar 2025 06:33:52 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=jWZmVwtP; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tvG1F-0001CE-Kx; Thu, 20 Mar 2025 09:33:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tvG12-0001AD-9s for qemu-devel@nongnu.org; Thu, 20 Mar 2025 09:32:56 -0400 Received: from mail-wm1-x32a.google.com ([2a00:1450:4864:20::32a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tvG10-0003Qe-0V for qemu-devel@nongnu.org; Thu, 20 Mar 2025 09:32:56 -0400 Received: by mail-wm1-x32a.google.com with SMTP id 5b1f17b1804b1-43d04dc73b7so8583565e9.3 for ; Thu, 20 Mar 2025 06:32:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1742477571; x=1743082371; darn=nongnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=7YBryV/uJw5jCFJ3bAoM5/4/QhhkndLN0POBwK58ocE=; b=jWZmVwtPQEJk4OKnFcy6LkT7Kh6JjMwJKMBTZ6PF3a8kmVTJv4+iqhMAGZtK08r746 Y0dwAHAYzo0ixDCXEPjtJs4TZN/VUGv7LfQlCly2lcXscqbbiQWWsb+ciXaMXTQZGNrn w/dKInnZhXVN89tzUhEam81uVKKqn/ghse+hfClHWvJhrtGsoW9QgE/xd9Gf4aC0cOEi LxOvaBGnCRgfDvTC81omwu9wV6Bbvqs64yCajbc/VqI24tsvk08XgE0nrAFmERKtDrHn c3lyDe1O1YWNQ1pfHp51QOeqfcH6QsMThdLHGylFch97Ye3G0XzR9fAFgiCP0dTL5tuJ 08HA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742477571; x=1743082371; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=7YBryV/uJw5jCFJ3bAoM5/4/QhhkndLN0POBwK58ocE=; b=lva3R7Fltw4gHWWetX0Zm+UAw5YXJPA4mbHqQlJNokfiPdPHUzVmcEuD088S5n0aca VorfM6U2BE6yvDssclJFO2Qu5EAjvEqvi5mizzmA+Oz6dvR/E3MyiJw49ozBdcUvotio GHOg5cSlSYUy18k/qcgmCJcvUWs3TqKQe30g1MI2lbtNXJim1aAzDKnoaTgSMPial7Jv 0fe2zas8t2sj6nOXfxX08+cFJBMv6IMwv563EBqOmksRbTvWBD9hCJK8Z9nRfCmKCwOo TE25Du/amq3EOfduledk8g7+S1G9ecWJFK/X9kdgDyYnz3ppUDfaddne97lEZV3FfZ0t j/Iw== X-Forwarded-Encrypted: i=1; AJvYcCWrd+GgXqhHS7HVNQRLTgDPGmkpvlLKL6eVPiK9zItCN7539M6dT50Xn/zYkXR/j6crzI/dQqUDw2as@nongnu.org X-Gm-Message-State: AOJu0YzuEhafz56MeYOO3rA+vUkxJayTNp4/vct/EYAN/sIlCiAJbe1m 3/eehl51cjRSCDzRC311+UK659B1CfdjQBcAcITg75wZoqYCqPf+k5IbgrfHmkI= X-Gm-Gg: ASbGncucWiceJ4UrZSkvzYvebz8uK0OTzBdGVmky9cztcQJHLBs+KNk0w/U8a+2JIBn sfcg2bvoterOHpmaWzw2VjqIwF4BKIrUYRAjZ4I/12pQ+sRS1eOBdwZaRnYKPT+CPXjU1gGJB7E 2VriAPHVxwylefVG9qxn9RgVJYrZDs3Kjv03FKQED2HXOGI4kn/z+sthRKW2ZAgKvLomRevLh5V bryAuvSr4xZHf8fRY5/PHa0nX4kgXfeReMROUU60xJ/ubbB965GtEz/YdEjuPritUgktaXY3Ipv K/1gNamUXa5/XyBBm6mXYWyyxy7wgqQk5Tgg76HbJNIno7tJpJg= X-Received: by 2002:a05:600c:1546:b0:43c:fb5b:84d8 with SMTP id 5b1f17b1804b1-43d49549405mr28340205e9.16.1742477571247; Thu, 20 Mar 2025 06:32:51 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-43d43fdeba1sm48804525e9.32.2025.03.20.06.32.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Mar 2025 06:32:50 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: qemu-rust@nongnu.org, Paolo Bonzini Subject: [PATCH 0/3] rust: Fix PL011State size mismatch assert Date: Thu, 20 Mar 2025 13:32:45 +0000 Message-ID: <20250320133248.1679485-1-peter.maydell@linaro.org> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::32a; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x32a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org We have some users of the PL011 struct which embed it directly into their own state structs. This means that the Rust version of the device must have a state struct that is the same size or smaller than the C struct. In commit 9b642097d6b7 ("rust: pl011: switch to safe chardev operation") the Rust PL011 state struct changed from having a bindings::CharBackend to a chardev::CharBackend, which made it grow larger than the C version. This results in an assertion at startup when QEMU was built with Rust enabled: $ qemu-system-arm -M raspi2b -display none ERROR:../../qom/object.c:562:object_initialize_with_type: assertion failed: (size >= type->instance_size) This series fixes that by the simple expedient of adding a padding field to the end of the C struct to ensure that it's big enough to also fit the Rust version of the device. It also moves the failure from runtime to compiletime, by adding a Rust compile-time assert that it hasn't made the state bigger than the C one, so if we do this again it should be caught before it gets into git. (We don't need to do the same thing for the HPET device, because there the HPETState is a private implementation detail of the C code, not exposed to its users.) NB: if the Rust version also needed stricter alignment than the C struct that would also be bad; I don't attempt to assert on that here, assuming that it's unlikely that we'll be trying for anything more aligned than the usual pointer-alignment. Patch 1 is Paolo's static_assert macro that he sent out earlier today. Having the C struct visible to its users like this is not ideal in the longer term; we have had discussions before about shifting back to a "users only get an opaque pointer" design style, for instance for the benefit of the "create custom machines on the commandline" effort. I think this Rust/C issue is further weight towards moving that way. But that would be quite a lot of reworking of existing C code. Exposing the C struct to users of the device also means that they have direct access to all its fields, which obviously will go badly wrong if they try to touch them when the Rust version of the device is being used. Those fields are supposed to be private, but this is based purely on the honour system, and we do actually have a few places in the code that take shortcuts and directly access a few fields (not for the PL011). I had a proposal a decade ago: https://lore.kernel.org/qemu-devel/1399650964-21067-1-git-send-email-peter.maydell@linaro.org/ for using macros and the compiler 'deprecated' attribute to generate compiler warnings/errors for accesses to struct fields outside the file implementing the device itself. We could perhaps resurrect that idea as a mechanism for detecting places we would need to clean up before conversions of future C devices to Rust. thanks -- PMM Paolo Bonzini (1): rust: assertions: add static_assert Peter Maydell (2): hw/char/pl011: Pad PL011State struct to same size as Rust impl rust: pl011: Check size of state struct at compile time include/hw/char/pl011.h | 5 +++++ rust/wrapper.h | 1 + rust/hw/char/pl011/src/device.rs | 10 +++++++++- rust/qemu-api/src/assertions.rs | 22 ++++++++++++++++++++++ 4 files changed, 37 insertions(+), 1 deletion(-)