Rust NetDevice and NetDeviceOperationsVtable struct

[kloenk]

add function for net_device functions

Contains #226 and #227

[kloenk]

I'm a bit struggling with the rtnl_link_ops struct. For the other *_ops table I use a const as the FileOperationsVtable. But rtnl_link_ops has to be writable, even if that is not often (__read_mostly). Any ideas on this?

Also I'm unsure on how to populate the kind field of that struct

[adamrk]

Maybe I'm misunderstanding your issue, but if you're thinking of doing something similar to the existing FileOperationsVtable then I'd think it's ok. The VTABLE there needs to be const so that it can be constructed at compile time - when the device is registered, a reference to the file_operations is passed to the C side and could be mutated.

For the kind field, I'd think you'd want to have the user implement a trait with const KIND: &str and convert that to the kind entry in rtnl_link_ops.

[kloenk]

@adamrk I think I understand how the FileOperationsVtable works. My problem with rtnl_link_ops is, that this has to be writable, as (as far as the folks from the kernel told me) there is a linked list inside which is used internally by the kernel. It's only written very rare, but it's written to (that's why it's in .data.read_mosty). My Idea is to try it with a macro which creates a static mut variable, which than can be assigned to that link. Did not get around yet to implement that, maybe only after the 4th of may as I have to write my finals :-)

[kloenk]

I created a proc macro, which creates a wrapped rtnl_link_ops (wrapped as we need Sync). This seems to work so far, I'm still trying to reimplement the drivers/net/dummy driver

[kloenk]

Rebased to have rust-analyzer, so now contains #226 and #227.

[kloenk]

I got my first 10 pings via the rust dummy_rs module implemented here. ip li add name test type dummy_rs still creates an oops though

[kloenk]

and ip li add name test type dummy_rs is working now 🎉🎉

Now I have to document everything. help is appreciated :-)

[ojeda]

This should likely go into a different commit -- or is GitHub confused due to having several commits in the PR? Please rebase to have 1 commit anyway.

[ojeda]

See my comment on #254 (comment).

I guess we can talk about this tomorrow in the call :)

[kloenk]

I think that was the wording of @joshtriplett, while talking about this at our last call.

[joshtriplett]

I'm not fixated on the exact wording, I just want to make sure that people don't see a Rust version of an existing C driver and assume we're trying to rewrite the world in Rust. In this context, we're providing samples of what drivers would look like; we're not writing replacements.

In the future, some driver maintainers may choose to use Rust in existing drivers, but that's up to those driver maintainers, not us.

[ojeda]

? Perhaps GitHub is confused -- please rebase.

[kloenk]

Tried that yesterday, but not even the rust branch builds on my system currently. Something with exports.o and symbols

[kloenk]

after a git clean -xfd (as make mrproper does not work #255 ) it builds the rebased version.
I pushed the rebased version, but I'm sot sure if/why it still makes this as a change.

[ojeda]

Ah, now it is clear -- somehow you ended up with the comment moved outside of the #ifdef.

[ojeda]

If it is not intended to be used by users, hide the docs.

[ojeda]

I guess this is copied from C docs, but do not put the name of the function etc.

[ojeda]

Suggested change

	/// caller must hold the RtnlLock and semaphore
	/// Caller must hold the [`RtnlLock`] and semaphore.

And similar everywhere else.

[ojeda]

I see a bunch of commented out code etc.

[ojeda]

Now I have to document everything. help is appreciated :-)

From the quick review I did above, I assume you are still working on this (i.e. there is a bunch of commented out code, SAFETY comments needed, etc.).

[kloenk]

Should we implement this Deref and DerefMut or should we consider this unsafe, as this exposes the direct bindings?

[kloenk]

To summarise what I understood in the meeting. I will remove the line saying it is just a test driver. I finish up the abstraction in the rust/ folder, than we will submit the rust folder, and if it is merged into upstream linux, I will submit the drivers/net/dummy_rs.rs file myself.
Or would you recommend another way?

[ojeda]

If you prefer, you can put it here if you want, too. Like with Binder, for the moment we have it in this tree to have everything in one place. While they will not be merged with the Rust support, I can submit it as an extra patch (with you as the author etc.) like I did with Binder from Wedson in the RFC.

@wedsonaf @TheSven73 since they have the other two potential drivers.

[kloenk]

If you prefer, you can put it here if you want, too. Like with Binder, for the moment we have it in this tree to have everything in one place. While they will not be merged with the Rust support, I can submit it as an extra patch (with you as the author etc.) like I did with Binder from Wedson in the RFC.

Sounds great. I will create a second commit like Wedson explained, so one with abstractions and one with the driver.
Author is not important for me, if it is easier with something else, that's also fine for me. I just looked at the C dummy driver and what is there as author.

[ojeda]

If you prefer, different PRs is also fine (and allows us to merge things bit by bit).

[kloenk]

I would prefer 2 commits. One pr is easier I guess, but two is also fine. Whatever you prefer.

[alex]

FYI: there's a merge conflict here.

[soruh]

There are quite a few places where I'd like more safety comments and the address functions in net/mod.rs could probably be safer (see my comment there).
(I didn't look at the changes to module.rs)

[soruh]

These comments should probably be updated to reflect that this struct describes which methods are implemented by an implementation of EthToolOps not which ones are defined by the trait itself.

[soruh]

s/ipmlemeted/implemeted/

[soruh]

This could use ptr::null_mut

[soruh]

the as *const _ seems redundant

[kloenk]

Yes, but I think rust wants them, as this is not directly the right type for the view of rust

[soruh]

I think in this case you don't need it is since you're turning a &rtnl_link_ops into a *const rtnl_link_ops. I agree that the other ones are necessary.

(I could of course be wrong about that and it's ultimately not that important)

[kloenk]

Could be that I missed .0 befor. And then you need this. Is it is valid, but rust doesn't know that.

[soruh]

That was probably the case, you can only do &T as *const T but not &U as *const T, even if U only contains a T.

[kloenk]

Yes, as U has repr Transparent. It would also be valid, but rust isn't able to check that. That's the reason to go over *const _

But yeah, will change it.

[soruh]

this could be self.get_pointer() as *mut bindings::rtnl_link_ops

[soruh]

Otherwise the packet could potentially already be freed.

This sounds like this function should potentially be unsafe.

[kloenk]

I think It couldn't, as then we don't have self anymore? But not completely sure right now

[soruh]

I don't follow completely, are you saying that this is indeed safe/you're not sure about it's safety or that this could't be an unsafe method?

If we're not certain about about the safety of a method, the default should really be making it unsafe.

[soruh]

unnecessary parenthesis

[soruh]

use fn start_xmit(mut skb: SkBuff, ... and remove the let mut skb = skb;.

[soruh]

Why does this return a Result if it can't fail?

[soruh]

I think you could use the cstr! macro here

[bjorn3]

I am pretty sure this will need to use ptr::read_unaligned. Even if the underlying cpu architecture allows efficient unaligned accesses using normal load instructions, LLVM can optimize based on the assumption that addr as usize % 4 == 0. For example it could vectorize in ways that would cause overlap if the address is not aligned to 4 bytes. Or it could optimize away manual alignment checks. By the way you can use addr.offset(4) instead of addr as usize + 4.

[bjorn3]

I was thinking that

Suggested change

	*(addr as *const u16)
	| *((addr as usize + 2) as *const u16)
	| *((addr as usize + 4) as *const u16)
	== 0
	*(addr as *const [u16; 3]) == [0; 3]

would be nicer to read. When I tested if LLVM would be able to optimize it I noticed the following: On x86_64 and aarch64 the current version uses 3 loads while the suggested version does 2 loads just like the CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS version. On armv7 this results in a branch + load from a constant pool for the suggested version while version uses 3 loads and no constant pool.

Because of this I think this suggestion should be used for CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS to avoid UB at no perf cost, but not(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) should remain the same.

[soruh]

Would it maybe make sense for all of these methods to take a &[u8; 6] and be completely safe to call or is there an inherent reason we need to treat these values as u16s?

[bjorn3]

For CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS there would be no change. for not(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) that would require 6 loads (one for each u8) instead of 3 (one for each u16).

[nbdd0121]

Note that Rust's polymorphize support is not yet mature, so one copy of each function might be monomorphized for each T. Not a big concern here though.

[nbdd0121]

Any particular reason to use SCREAMING_SNAKE_CASE here?

[nbdd0121]

This is likely to be very common in bindings. We may want a mini version of bitflags!.

[bjorn3]

Excluding tests and docs the bitflags crate is a little less than 600 lines big. bitflags is a slow moving crate and doesn't implement a huge set of features. I don't know what the policy on vendoring extern crates is, but I don't think there is much benefit of writing a mini version over just vendoring bitflags. At most it would save codegen of a couple of methods, though most methods are marked as #[inline] and thus only codegened when used.

[nbdd0121]

This also seems to be pretty common for bindings. Maybe we need to have a attribute macro. I'll think about a sensible design.

[nbdd0121]

s/refference/reference/g

[bjorn3]

Suggested change

	/// Represents which fields of [`struct ethtool_ops`] should pe populated with pointers for the trait [`EthToolOps`]
	/// Represents which fields of [`struct ethtool_ops`] should be populated with pointers for the trait [`EthToolOps`]

nit

[ksquirrel]

Review of 818532604b6d:

• ⚠️ This PR adds/deletes more than 500 lines.
• ❌ Commit 8185326: Private GitHub email address (@users.noreply.github.com) used for commit author.
• ⚠️ Commit 8185326: The commit committer does not match the commit author.
• ❌ Commit 8185326: The last line of the commit message must be a Signed-off-by and must match the submitter of the PR.
• ❌ Commit 8185326: Unknown tag. Known ones are: Acked-by, Cc, Co-developed-by, Fixes, Link, Reported-by, Reviewed-by, Signed-off-by, Suggested-by, Tested-by.

[kloenk]

Closing this, as it is quite outdated, and the commit history Is completely broken.