On Mon, 2026-01-19 at 12:17 +0000, Gary Guo wrote:
> > +// SAFETY: `LogBuffer` only provides shared access to the underlying
> > `CoherentAllocation`.
> > +// GSP may write to the buffer concurrently regardless of CPU access, so
> > concurrent reads
> > +// from multiple CPU threads do not introduce any additional races beyond
> > what already
> > +// exists with the device. Reads may observe partially-written log
> > entries, which is
> > +// acceptable for debug logging purposes.
> > +unsafe impl Sync for LogBuffer {}
>
> Can we just implement `Sync` on `CoherentAllocation`?
When I moved this to dma.rs, I had to add this:
// SAFETY: All methods that access the underlying DMA buffer (`field_read`,
`field_write`,
// `as_slice`, `as_slice_mut`) are `unsafe`, and callers are responsible for
ensuring no data
// races occur between kernel threads. The safe methods only return metadata
(e.g. `count()`,
// `dma_handle()`) or raw pointers whose use requires `unsafe`. It is safe to
send or share
// a `CoherentAllocation` across threads if `T` can be sent or shared.
unsafe impl<T: AsBytes + FromBytes + Send> Send for CoherentAllocation<T> {}
unsafe impl<T: AsBytes + FromBytes + Sync> Sync for CoherentAllocation<T> {}
This allowed me to eliminate the "Sync for LogBuffer".
Please let me know if you think the safety comment needs to change. I will
post a v6 soon.
