On Thu, Oct 02, 2025 at 11:32:44PM +0200, Danilo Krummrich wrote: > So, when we call pdev.physfn().drvdata_borrow::<NovaCore>() the checks are > included already.
I'm not keen on hiding this reasoning inside an physfn() accessor like this. ie one that returns a Device<Bound>. The reasoning for this is tricky and special. We have enough cases where physfn won't be a bound driver. I think it is big stretch just to declare that unconditionally safe. There is a reason pci_iov_get_pf_drvdata() has such a big comment.. So I'd rather see you follow the C design and have an explicit helper function to convert a VF bound device to a PF bound device and check the owner, basically split up pci_iov_get_pf_drvdata() into a part to get the struct device and an inline to get the drvdata. Rust still has an ops pointer it can pass in so it can be consistent with the C code even if it does another check inside its drvdata_borrow. This way we keep the reasoning and explanation in one place. Jason
