On Thu Jan 29, 2026 at 3:28 AM CET, Timur Tabi wrote:
> + /// Writes raw data to this user pointer from a DMA coherent allocation.
> + ///
> + /// Returns error if the offset+count exceeds the allocation size.
> + ///
> + /// Fails with [`EFAULT`] if the write happens on a bad address, or if
> the write goes out of
> + /// bounds of this [`UserSliceWriter`]. This call may modify the
> associated userspace slice
> + /// even if it returns an error.
> + ///
> + /// Note: The memory may be concurrently modified by hardware (e.g.,
> DMA). In such cases,
> + /// the copied data may be inconsistent, but this does not cause
> undefined behavior.
> + pub fn write_dma(
> + &mut self,
> + alloc: &CoherentAllocation<u8>,
> + offset: usize,
> + count: usize,
> + ) -> Result {
> + let len = alloc.count();
> + if offset.checked_add(count).ok_or(EOVERFLOW)? > len {
> + return Err(ERANGE);
> + }
> +
> + // SAFETY: `start_ptr()` returns a valid pointer to a memory region
> of `count()` bytes,
> + // as guaranteed by the `CoherentAllocation` invariants. The check
> above ensures
> + // `offset + count <= len`.
> + let src_ptr = unsafe { alloc.start_ptr().add(offset) };
> +
> + // SAFETY: `src_ptr` is valid for reads of `count` bytes per the
> above.
> + let res = unsafe {
> + bindings::copy_to_user(self.ptr.as_mut_ptr(),
> src_ptr.cast::<c_void>(), count)
> + };
> + if res != 0 {
> + return Err(EFAULT);
> + }
> +
> + self.ptr = self.ptr.wrapping_byte_add(count);
> + self.length -= count;
> +
> + Ok(())
> + }
I think the idea was to have a common read_slice_raw() method that can be shared
between write_dma() and write_slice(). Can you please factor this out?
