drm/asahi: Port to kernel::uaccess

jannau · jannau · commit 1e1c97ce14ea · 2025-04-11T13:40:47.000+02:00
Allows to drop kernel::io_buffer and kernel::user_ptr Rust-for-Linux
imports.

Signed-off-by: Janne Grunau &lt;j@jannau.net&gt;
diff --git a/drivers/gpu/drm/asahi/file.rs b/drivers/gpu/drm/asahi/file.rs
@@ -18,10 +18,9 @@ use core::ops::Range;
 use kernel::dma_fence::RawDmaFence;
 use kernel::drm::gem::BaseObject;
 use kernel::error::code::*;
-use kernel::io_buffer::{IoBufferReader, IoBufferWriter};
 use kernel::prelude::*;
 use kernel::sync::{Arc, Mutex};
-use kernel::user_ptr::UserSlicePtr;
+use kernel::uaccess::{UserPtr, UserSlice};
 use kernel::{dma_fence, drm, uapi, xarray};
 
 const DEBUG_CLASS: DebugFlags = DebugFlags::File;
@@ -142,13 +141,15 @@ impl SyncItem {
         let size = STRIDE * count as usize;
 
         // SAFETY: We only read this once, so there are no TOCTOU issues.
-        let mut reader = unsafe { UserSlicePtr::new(ptr as usize as *mut _, size).reader() };
+        let mut reader = UserSlice::new(ptr as UserPtr, size).reader();
 
         for _i in 0..count {
             let mut sync: MaybeUninit<uapi::drm_asahi_sync> = MaybeUninit::uninit();
 
             // SAFETY: The size of `sync` is STRIDE
-            unsafe { reader.read_raw(sync.as_mut_ptr() as *mut u8, STRIDE)? };
+            reader.read_raw(unsafe {
+                core::slice::from_raw_parts_mut(sync.as_mut_ptr() as *mut MaybeUninit<u8>, STRIDE)
+            })?;
 
             // SAFETY: All bit patterns in the struct are valid
             let sync = unsafe { sync.assume_init() };
@@ -307,11 +308,12 @@ impl File {
         let size = core::mem::size_of::<uapi::drm_asahi_params_global>().min(data.size.try_into()?);
 
         // SAFETY: We only write to this userptr once, so there are no TOCTOU issues.
-        let mut params_writer =
-            unsafe { UserSlicePtr::new(data.pointer as usize as *mut _, size).writer() };
+        let mut params_writer = UserSlice::new(data.pointer as UserPtr, size).writer();
 
         // SAFETY: `size` is at most the sizeof of `params`
-        unsafe { params_writer.write_raw(&params as *const _ as *const u8, size)? };
+        params_writer.write_slice(unsafe {
+            core::slice::from_raw_parts(&params as *const _ as *const u8, size)
+        })?;
 
         Ok(0)
     }
@@ -1061,14 +1063,15 @@ impl File {
         let size = STRIDE * data.command_count as usize;
 
         // SAFETY: We only read this once, so there are no TOCTOU issues.
-        let mut reader =
-            unsafe { UserSlicePtr::new(data.commands as usize as *mut _, size).reader() };
+        let mut reader = UserSlice::new(data.commands as UserPtr, size).reader();
 
         for _i in 0..data.command_count {
             let mut cmd: MaybeUninit<uapi::drm_asahi_command> = MaybeUninit::uninit();
 
-            // SAFETY: The size of `sync` is STRIDE
-            unsafe { reader.read_raw(cmd.as_mut_ptr() as *mut u8, STRIDE)? };
+            // SAFETY: The size of `cmd` is STRIDE
+            reader.read_raw(unsafe {
+                core::slice::from_raw_parts_mut(cmd.as_mut_ptr() as *mut MaybeUninit<u8>, STRIDE)
+            })?;
 
             // SAFETY: All bit patterns in the struct are valid
             commands.push(unsafe { cmd.assume_init() }, GFP_KERNEL)?;
diff --git a/drivers/gpu/drm/asahi/queue/common.rs b/drivers/gpu/drm/asahi/queue/common.rs
@@ -9,10 +9,9 @@ use crate::fw::job::UserTimestamp;
 use crate::fw::microseq;
 use crate::fw::types::*;
 
-use kernel::io_buffer::IoBufferReader;
 use kernel::prelude::*;
+use kernel::uaccess::{UserPtr, UserSlice};
 use kernel::uapi;
-use kernel::user_ptr::UserSlicePtr;
 use kernel::xarray;
 
 use core::mem::MaybeUninit;
@@ -26,15 +25,17 @@ pub(super) fn build_attachments(pointer: u64, count: u32) -> Result<microseq::At
     let size = STRIDE * count as usize;
 
     // SAFETY: We only read this once, so there are no TOCTOU issues.
-    let mut reader = unsafe { UserSlicePtr::new(pointer as usize as *mut _, size).reader() };
+    let mut reader = UserSlice::new(pointer as UserPtr, size).reader();
 
     let mut attachments: microseq::Attachments = Default::default();
 
     for i in 0..count {
         let mut att: MaybeUninit<uapi::drm_asahi_attachment> = MaybeUninit::uninit();
 
         // SAFETY: The size of `att` is STRIDE
-        unsafe { reader.read_raw(att.as_mut_ptr() as *mut u8, STRIDE)? };
+        reader.read_raw(unsafe {
+            core::slice::from_raw_parts_mut(att.as_mut_ptr() as *mut MaybeUninit<u8>, STRIDE)
+        })?;
 
         // SAFETY: All bit patterns in the struct are valid
         let att = unsafe { att.assume_init() };
diff --git a/drivers/gpu/drm/asahi/queue/compute.rs b/drivers/gpu/drm/asahi/queue/compute.rs
@@ -14,14 +14,14 @@ use crate::fw::types::*;
 use crate::gpu::GpuManager;
 use crate::{file, fw, gpu, microseq};
 use crate::{inner_ptr, inner_weak_ptr};
+use core::mem::MaybeUninit;
 use core::sync::atomic::Ordering;
 use kernel::dma_fence::RawDmaFence;
 use kernel::drm::sched::Job;
-use kernel::io_buffer::IoBufferReader;
 use kernel::prelude::*;
 use kernel::sync::Arc;
+use kernel::uaccess::{UserPtr, UserSlice};
 use kernel::uapi;
-use kernel::user_ptr::UserSlicePtr;
 use kernel::xarray;
 
 const DEBUG_CLASS: DebugFlags = DebugFlags::Compute;
@@ -58,21 +58,20 @@ impl super::QueueInner::ver {
 
         let cmdbuf_read_size =
             (cmd.cmd_buffer_size as usize).min(core::mem::size_of::<uapi::drm_asahi_cmd_compute>());
-        // SAFETY: This is the sole UserSlicePtr instance for this cmd_buffer.
-        let mut cmdbuf_reader = unsafe {
-            UserSlicePtr::new(
-                cmd.cmd_buffer as usize as *mut _,
-                cmd.cmd_buffer_size as usize,
-            )
-            .reader()
-        };
+        // SAFETY: This is the sole UserSlice instance for this cmd_buffer.
+        let mut cmdbuf_reader =
+            UserSlice::new(cmd.cmd_buffer as UserPtr, cmd.cmd_buffer_size as usize).reader();
 
         let mut cmdbuf: uapi::drm_asahi_cmd_compute = Default::default();
         // SAFETY: The output pointer is valid, and the size does not exceed the type size
         // per the min() above, and all bit patterns are valid.
-        unsafe {
-            cmdbuf_reader.read_raw(&mut cmdbuf as *mut _ as *mut u8, cmdbuf_read_size)?;
-        }
+        // cmdbuf_reader.read_raw(&mut cmdbuf as *mut _ as *mut MaybeUninit<u8>, cmdbuf_read_size)})?;
+        cmdbuf_reader.read_raw(unsafe {
+            core::slice::from_raw_parts_mut(
+                &mut cmdbuf as *mut _ as *mut MaybeUninit<u8>,
+                cmdbuf_read_size,
+            )
+        })?;
 
         if cmdbuf.flags & !(uapi::ASAHI_COMPUTE_NO_PREEMPTION as u64) != 0 {
             return Err(EINVAL);
@@ -82,37 +81,32 @@ impl super::QueueInner::ver {
 
         let mut ext_ptr = cmdbuf.extensions;
         while ext_ptr != 0 {
-            let ext_type = u32::from_ne_bytes(
-                // SAFETY: There is a double read from userspace here, but there is no TOCTOU
-                // issue since at worst the extension parse below will read garbage, and
-                // we do not trust any fields anyway.
-                unsafe { UserSlicePtr::new(ext_ptr as usize as *mut _, 4) }
-                    .read_all()?
-                    .try_into()
-                    .or(Err(EINVAL))?,
-            );
+            // SAFETY: There is a double read from userspace here, but there is no TOCTOU
+            // issue since at worst the extension parse below will read garbage, and
+            // we do not trust any fields anyway.
+            let ext_type = UserSlice::new(ext_ptr as UserPtr, 4)
+                .reader()
+                .read::<u32>()?;
 
             match ext_type {
                 uapi::ASAHI_COMPUTE_EXT_TIMESTAMPS => {
                     let mut ext_user_timestamps: uapi::drm_asahi_cmd_compute_user_timestamps =
                         Default::default();
 
                     // SAFETY: See above
-                    let mut ext_reader = unsafe {
-                        UserSlicePtr::new(
-                            ext_ptr as usize as *mut _,
-                            core::mem::size_of::<uapi::drm_asahi_cmd_compute_user_timestamps>(),
-                        )
-                        .reader()
-                    };
+                    let mut ext_reader = UserSlice::new(
+                        ext_ptr as UserPtr,
+                        core::mem::size_of::<uapi::drm_asahi_cmd_compute_user_timestamps>(),
+                    )
+                    .reader();
                     // SAFETY: The output buffer is valid and of the correct size, and all bit
                     // patterns are valid.
-                    unsafe {
-                        ext_reader.read_raw(
-                            &mut ext_user_timestamps as *mut _ as *mut u8,
+                    ext_reader.read_raw(unsafe {
+                        core::slice::from_raw_parts_mut(
+                            &mut ext_user_timestamps as *mut _ as *mut MaybeUninit<u8>,
                             core::mem::size_of::<uapi::drm_asahi_cmd_compute_user_timestamps>(),
-                        )?;
-                    }
+                        )
+                    })?;
 
                     user_timestamps.start = common::get_timestamp_object(
                         objects,
diff --git a/drivers/gpu/drm/asahi/queue/render.rs b/drivers/gpu/drm/asahi/queue/render.rs
@@ -16,15 +16,15 @@ use crate::util::*;
 use crate::workqueue::WorkError;
 use crate::{buffer, file, fw, gpu, microseq, workqueue};
 use crate::{inner_ptr, inner_weak_ptr};
+use core::mem::MaybeUninit;
 use core::sync::atomic::Ordering;
 use kernel::dma_fence::RawDmaFence;
 use kernel::drm::sched::Job;
-use kernel::io_buffer::IoBufferReader;
 use kernel::new_mutex;
 use kernel::prelude::*;
 use kernel::sync::Arc;
+use kernel::uaccess::{UserPtr, UserSlice};
 use kernel::uapi;
-use kernel::user_ptr::UserSlicePtr;
 use kernel::xarray;
 
 const DEBUG_CLASS: DebugFlags = DebugFlags::Render;
@@ -232,21 +232,19 @@ impl super::QueueInner::ver {
 
         let cmdbuf_read_size =
             (cmd.cmd_buffer_size as usize).min(core::mem::size_of::<uapi::drm_asahi_cmd_render>());
-        // SAFETY: This is the sole UserSlicePtr instance for this cmd_buffer.
-        let mut cmdbuf_reader = unsafe {
-            UserSlicePtr::new(
-                cmd.cmd_buffer as usize as *mut _,
-                cmd.cmd_buffer_size as usize,
-            )
-            .reader()
-        };
+        // SAFETY: This is the sole UserSlice instance for this cmd_buffer.
+        let mut cmdbuf_reader =
+            UserSlice::new(cmd.cmd_buffer as UserPtr, cmd.cmd_buffer_size as usize).reader();
 
         let mut cmdbuf: uapi::drm_asahi_cmd_render = Default::default();
         // SAFETY: The output pointer is valid, and the size does not exceed the type size
         // per the min() above, and all bit patterns are valid.
-        unsafe {
-            cmdbuf_reader.read_raw(&mut cmdbuf as *mut _ as *mut u8, cmdbuf_read_size)?;
-        }
+        cmdbuf_reader.read_raw(unsafe {
+            core::slice::from_raw_parts_mut(
+                &mut cmdbuf as *mut _ as *mut MaybeUninit<u8>,
+                cmdbuf_read_size,
+            )
+        })?;
 
         if cmdbuf.flags
             & !(uapi::ASAHI_RENDER_NO_CLEAR_PIPELINE_TEXTURES
@@ -282,15 +280,12 @@ impl super::QueueInner::ver {
 
         let mut ext_ptr = cmdbuf.extensions;
         while ext_ptr != 0 {
-            let ext_type = u32::from_ne_bytes(
-                // SAFETY: There is a double read from userspace here, but there is no TOCTOU
-                // issue since at worst the extension parse below will read garbage, and
-                // we do not trust any fields anyway.
-                unsafe { UserSlicePtr::new(ext_ptr as usize as *mut _, 4) }
-                    .read_all()?
-                    .try_into()
-                    .or(Err(EINVAL))?,
-            );
+            // SAFETY: There is a double read from userspace here, but there is no TOCTOU
+            // issue since at worst the extension parse below will read garbage, and
+            // we do not trust any fields anyway.
+            let ext_type = UserSlice::new(ext_ptr as UserPtr, 4)
+                .reader()
+                .read::<u32>()?;
 
             match ext_type {
                 uapi::ASAHI_RENDER_EXT_UNKNOWNS => {
@@ -299,21 +294,19 @@ impl super::QueueInner::ver {
                         return Err(EINVAL);
                     }
                     // SAFETY: See above
-                    let mut ext_reader = unsafe {
-                        UserSlicePtr::new(
-                            ext_ptr as usize as *mut _,
-                            core::mem::size_of::<uapi::drm_asahi_cmd_render_unknowns>(),
-                        )
-                        .reader()
-                    };
+                    let mut ext_reader = UserSlice::new(
+                        ext_ptr as UserPtr,
+                        core::mem::size_of::<uapi::drm_asahi_cmd_render_unknowns>(),
+                    )
+                    .reader();
                     // SAFETY: The output buffer is valid and of the correct size, and all bit
                     // patterns are valid.
-                    unsafe {
-                        ext_reader.read_raw(
-                            &mut unks as *mut _ as *mut u8,
+                    ext_reader.read_raw(unsafe {
+                        core::slice::from_raw_parts_mut(
+                            &mut unks as *mut _ as *mut MaybeUninit<u8>,
                             core::mem::size_of::<uapi::drm_asahi_cmd_render_unknowns>(),
-                        )?;
-                    }
+                        )
+                    })?;
 
                     ext_ptr = unks.next;
                 }
@@ -322,21 +315,19 @@ impl super::QueueInner::ver {
                         Default::default();
 
                     // SAFETY: See above
-                    let mut ext_reader = unsafe {
-                        UserSlicePtr::new(
-                            ext_ptr as usize as *mut _,
-                            core::mem::size_of::<uapi::drm_asahi_cmd_render_user_timestamps>(),
-                        )
-                        .reader()
-                    };
+                    let mut ext_reader = UserSlice::new(
+                        ext_ptr as UserPtr,
+                        core::mem::size_of::<uapi::drm_asahi_cmd_render_user_timestamps>(),
+                    )
+                    .reader();
                     // SAFETY: The output buffer is valid and of the correct size, and all bit
                     // patterns are valid.
-                    unsafe {
-                        ext_reader.read_raw(
-                            &mut ext_user_timestamps as *mut _ as *mut u8,
+                    ext_reader.read_raw(unsafe {
+                        core::slice::from_raw_parts_mut(
+                            &mut ext_user_timestamps as *mut _ as *mut MaybeUninit<u8>,
                             core::mem::size_of::<uapi::drm_asahi_cmd_render_user_timestamps>(),
-                        )?;
-                    }
+                        )
+                    })?;
 
                     vtx_user_timestamps.start = common::get_timestamp_object(
                         objects,
