-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The proposed DMA API is unsafe #64
Comments
Using Pin for DMA buffers does not provide the necessary safety. See rust-embedded/embedonomicon#64
I thought about the use of Let's take a step back. Here is what I gather are the minimum requirements a generic safe DMA buffer type has to fulfill:
Requirements 2 and 3 must be true even if we take Looking at the types |
Using Pin for DMA buffers does not provide the necessary safety. See rust-embedded/embedonomicon#64
It appears that the DMA API described in Chapter 8 - DMA is unsafe.
Consider this example. It is basically the motivating example from the "Immovable buffers" section, but with the complete
read_exact
API from the end of the chapter, includingPin
ing and the'static
bound. The example shows that it is still possible to pass a stack-allocated array into this (supposedly safe)read_exact
function, which means the DMA operation will corrupt the stack. All you need to do is wrap the array in a newtype and implDerefMut
for it.I believe the root of the issue is a misunderstanding of the
Pin
API. Contrary to intuition,Pin
does in most cases not pin the pointed-to data in memory: If the target type implementsUnpin
,Pin
does nothing at all:Basically all types we care about implement
Unpin
(I believe only self-referential types are supposed not to?). Which meansPin
ing the buffer passed into the DMA doesn't help us make the code safe.The DMA chapter also mentions the
StableDeref
trait as an alternative. As far as I see, using this would actually lead to a safe API, so we should change the chapter accordingly.The text was updated successfully, but these errors were encountered: