The _guarded() calls are required in BHs, timers, fd read/write callbacks, etc because we're no longer in the memory region dispatch code with the reentrancy guard set. It's not clear to me whether the _guarded() calls are actually required in most of these patches though? Do you plan to convert every DMA API call to a _guarded() call in the future?
I'm asking because coming up with an API that doesn't require these code changes will reduce code churn and make existing code safe. Does it make sense to separate the DMA API and the reentrancy guard API? That way the reentrancy guard can be put in place once in any BH, timer, etc callback and then the existing DMA APIs are used within those callbacks without new _guarded() APIs. This approach also reduces the number of times that the guard is toggled. The current approach is fine-grained (per DMA API call) so the guard needs to be toggled all the time, e.g. in DMA sglist loops. If we want the compiler to prevent DMA API calls without a reentrancy guard, then AddressSpace pointers can be hidden behind an API that sets the guard. This ensures that you cannot access an address space unless you have a reentrancy guard. Stefan
