On Fri Jan 16, 2026 at 9:41 PM CET, Lyude Paul wrote:
> @@ -118,7 +120,7 @@ pub trait DeviceContext: Sealed + Send + Sync {}
> ///
> /// The device in `self.0` is guaranteed to be a newly created [`Device`]
> that has not yet been
> /// registered with userspace until this type is dropped.
> -pub struct UnregisteredDevice<T: drm::Driver>(ARef<Device<T, Uninit>>,
> NotThreadSafe);
> +pub struct UnregisteredDevice<T: drm::Driver>(pub(crate) ARef<Device<T,
> Uninit>>, NotThreadSafe);
>
> impl<T: drm::Driver> Deref for UnregisteredDevice<T> {
> type Target = Device<T, Uninit>;
> @@ -165,7 +167,7 @@ impl<T: drm::Driver> UnregisteredDevice<T> {
> /// Create a new `UnregisteredDevice` for a `drm::Driver`.
> ///
> /// This can be used to create a
> [`Registration`](kernel::drm::Registration).
> - pub fn new(dev: &device::Device, data: impl PinInit<T::Data, Error>) ->
> Result<Self> {
> + pub fn new(dev: &device::Device) -> Result<Self> {
> // `__drm_dev_alloc` uses `kmalloc()` to allocate memory, hence
> ensure a `kmalloc()`
> // compatible `Layout`.
> let layout = Kmalloc::aligned_layout(Layout::new::<Self>());
> @@ -184,22 +186,6 @@ pub fn new(dev: &device::Device, data: impl
> PinInit<T::Data, Error>) -> Result<S
> .cast();
> let raw_drm = NonNull::new(from_err_ptr(raw_drm)?).ok_or(ENOMEM)?;
>
> - // SAFETY: `raw_drm` is a valid pointer to `Self`.
> - let raw_data = unsafe { ptr::addr_of_mut!((*raw_drm.as_ptr()).data)
> };
> -
> - // SAFETY:
> - // - `raw_data` is a valid pointer to uninitialized memory.
> - // - `raw_data` will not move until it is dropped.
> - unsafe { data.__pinned_init(raw_data) }.inspect_err(|_| {
> - // SAFETY: `raw_drm` is a valid pointer to `Self`, given that
> `__drm_dev_alloc` was
> - // successful.
> - let drm_dev = unsafe { Device::into_drm_device(raw_drm) };
> -
> - // SAFETY: `__drm_dev_alloc()` was successful, hence `drm_dev`
> must be valid and the
> - // refcount must be non-zero.
> - unsafe { bindings::drm_dev_put(drm_dev) };
> - })?;
> -
> // SAFETY: The reference count is one, and now we take ownership of
> that reference as a
> // `drm::Device`.
> // INVARIANT: We just created the device above, but have yet to call
> `drm_dev_register`.
> @@ -231,7 +217,15 @@ pub fn new(dev: &device::Device, data: impl
> PinInit<T::Data, Error>) -> Result<S
> #[repr(C)]
> pub struct Device<T: drm::Driver, C: DeviceContext = Registered> {
> dev: Opaque<bindings::drm_device>,
> - data: T::Data,
> +
> + /// Keeps track of whether we've initialized the device data yet.
> + pub(crate) data_is_init: AtomicBool,
Please use a kernel atomic, i.e. kernel::sync::atomic::Atomic<bool>. See also
[1].
[1]
https://lore.kernel.org/all/[email protected]/
> + /// The Driver's private data.
> + ///
> + /// This must only be written to from [`drm::Registration::new`].
> + pub(crate) data: UnsafeCell<MaybeUninit<T::Data>>,
Why not just Opaque<T::Data>?
> +
> _ctx: PhantomData<C>,
> }
