| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260203-qcom-socinfo-v2-2-d6719db85637@google.com>
Date: Tue, 03 Feb 2026 15:46:31 +0000
From: Matthew Maurer <mmaurer@...gle.com>
To: Bjorn Andersson <andersson@...nel.org>, Konrad Dybcio <konradybcio@...nel.org>,
Satya Durga Srinivasu Prabhala <satyap@...cinc.com>, Miguel Ojeda <ojeda@...nel.org>, Boqun Feng <boqun.feng@...il.com>,
Gary Guo <gary@...yguo.net>,
"Björn Roy Baron" <bjorn3_gh@...tonmail.com>, Benno Lossin <lossin@...nel.org>,
Andreas Hindborg <a.hindborg@...nel.org>, Alice Ryhl <aliceryhl@...gle.com>,
Trevor Gross <tmgross@...ch.edu>, Danilo Krummrich <dakr@...nel.org>,
Daniel Almeida <daniel.almeida@...labora.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>, "Rafael J. Wysocki" <rafael@...nel.org>,
David Airlie <airlied@...il.com>, Simona Vetter <simona@...ll.ch>,
Michal Wilczynski <m.wilczynski@...sung.com>, Dave Ertman <david.m.ertman@...el.com>,
Ira Weiny <ira.weiny@...el.com>, Leon Romanovsky <leon@...nel.org>
Cc: Trilok Soni <tsoni@...cinc.com>, linux-kernel@...r.kernel.org,
linux-arm-msm@...r.kernel.org, rust-for-linux@...r.kernel.org,
driver-core@...ts.linux.dev, dri-devel@...ts.freedesktop.org,
linux-pwm@...r.kernel.org, Matthew Maurer <mmaurer@...gle.com>
Subject: [PATCH v2 2/6] rust: io: Support copying arrays and slices
Adds support for doing array copies of data in and out of IO regions.
Fixed size arrays allow for compile-time bound checking, while slice
arguments allow for dynamically checked copies.
Signed-off-by: Matthew Maurer <mmaurer@...gle.com>
---
rust/kernel/io.rs | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 71 insertions(+), 1 deletion(-)
diff --git a/rust/kernel/io.rs b/rust/kernel/io.rs
index 056a3ec71647b866a9a4b4c9abe9a0844f126930..6e74245eced2c267ba3b5b744eab3bc2db670e71 100644
--- a/rust/kernel/io.rs
+++ b/rust/kernel/io.rs
@@ -266,8 +266,9 @@ macro_rules! define_write {
#[inline]
const fn offset_valid<U>(offset: usize, size: usize) -> bool {
let type_size = core::mem::size_of::<U>();
+ let type_align = core::mem::align_of::<U>();
if let Some(end) = offset.checked_add(type_size) {
- end <= size && offset % type_size == 0
+ end <= size && offset % type_align == 0
} else {
false
}
@@ -323,6 +324,25 @@ fn io_addr<U>(&self, offset: usize) -> Result<usize> {
self.addr().checked_add(offset).ok_or(EINVAL)
}
+ /// Returns the absolute I/O address for a given `offset`, performing runtime bounds checks
+ /// to ensure the entire range is available.
+ #[inline]
+ fn io_addr_range<U>(&self, offset: usize, count: usize) -> Result<usize> {
+ if count != 0 {
+ // These ranges are contiguous, so we can just check the first and last elements.
+ let bytes = (count - 1)
+ .checked_mul(core::mem::size_of::<U>())
+ .ok_or(EINVAL)?;
+ let end = offset.checked_add(bytes).ok_or(EINVAL)?;
+ if !offset_valid::<U>(offset, self.maxsize()) || !offset_valid::<U>(end, self.maxsize())
+ {
+ return Err(EINVAL);
+ }
+ }
+
+ self.addr().checked_add(offset).ok_or(EINVAL)
+ }
+
/// Returns the absolute I/O address for a given `offset`,
/// performing compile-time bound checks.
// Always inline to optimize out error path of `build_assert`.
@@ -605,4 +625,54 @@ pub unsafe fn from_raw(raw: &MmioRaw<SIZE>) -> &Self {
pub try_write64_relaxed,
call_mmio_write(writeq_relaxed) <- u64
);
+
+ /// Write a known size buffer to an offset known at compile time.
+ ///
+ /// Bound checks are performed at compile time, hence if the offset is not known at compile
+ /// time, the build will fail, and the buffer size must be statically known.
+ #[inline]
+ pub fn copy_from<const N: usize>(&self, src: &[u8; N], offset: usize) {
+ let addr = self.io_addr_assert::<[u8; N]>(offset);
+ // SAFETY: By the type invariant `addr` is a valid address for MMIO operations, and by the
+ // assertion it's valid for `N` bytes.
+ unsafe { bindings::memcpy_toio(addr as *mut c_void, src.as_ptr().cast(), N) }
+ }
+
+ /// Write the contents of a slice to an offset.
+ ///
+ /// Bound checks are performed at runtime and will fail if the offset (plus the slice size) is
+ /// out of bounds.
+ #[inline]
+ pub fn try_copy_from(&self, src: &[u8], offset: usize) -> Result<()> {
+ let addr = self.io_addr_range::<u8>(offset, src.len())?;
+ // SAFETY: By the type invariant `addr` is a valid address for MMIO operations, and by the
+ // range check it's valid for `src.len()` bytes.
+ unsafe { bindings::memcpy_toio(addr as *mut c_void, src.as_ptr().cast(), src.len()) };
+ Ok(())
+ }
+
+ /// Read a known size buffer from an offset known at compile time.
+ ///
+ /// Bound checks are performed at compile time, hence if the offset is not known at compile
+ /// time, the build will fail, and the buffer size must be statically known.
+ #[inline]
+ pub fn copy_to<const N: usize>(&self, dst: &mut [u8; N], offset: usize) {
+ let addr = self.io_addr_assert::<[u8; N]>(offset);
+ // SAFETY: By the type invariant `addr` is a valid address for MMIO operations, and by the
+ // assertion it's valid for `N` bytes.
+ unsafe { bindings::memcpy_fromio(dst.as_mut_ptr().cast(), addr as *mut c_void, N) }
+ }
+
+ /// Read into a slice from an offset.
+ ///
+ /// Bound checks are performed at runtime and will fail if the offset (plus the slice size) is
+ /// out of bounds.
+ #[inline]
+ pub fn try_copy_to(&self, dst: &mut [u8], offset: usize) -> Result<()> {
+ let addr = self.io_addr_range::<u8>(offset, dst.len())?;
+ // SAFETY: By the type invariant `addr` is a valid address for MMIO operations, and by the
+ // range check, it's valid for `dst.len()` bytes.
+ unsafe { bindings::memcpy_fromio(dst.as_mut_ptr().cast(), addr as *mut c_void, dst.len()) }
+ Ok(())
+ }
}
--
2.53.0.rc2.204.g2597b5adb4-goog
Powered by blists - more mailing lists