On Tue May 19, 2026 at 1:39 PM CEST, Gary Guo wrote:
> Danilo, what do you think?
Two thoughts about this:
(1) The blast radius is bigger than just auxiliary device registrations; this
pattern is applicable to all kinds of registrations that provide the
guarantee to be scoped to the bus device being bound. I.e. it is true for
any class device registration, IRQ registration, etc. They should all
support HRT eventually; there is a subsequent series where I started to
implement this for DRM.
(2) I'm not concerned about the UnsafeForLtImpl approach, as I think for a
human one would really need to be willing to abuse it by intention. I.e.
it is not really different to just using unsafe {} while knowing not to be
able to satisfy the safety requirement.
That said, I expect LLMs to be (heavily) used to write drivers, and LLMs
are typically trained to be compliant. So, I could imagine that a prompt
along the lines of "Can't we make this work without unsafe somehow?" leads
to an LLM abusing this, while going unnoticed for the user.
That said, I think that requiring define_for_lt!() wouldn't be that big of an
issue; the number of registrations per driver is rather limited.
Besides that, considering (2) it may actually address a practical concern.
If you want to make the change I'm happy to integrate it in a v4, otherwise a
follow-up seems reasonable as well.
