Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v6.16 2025-05-18T18:56:03Z 2025-05-18T18:56:03Z Miguel Ojeda ojeda@kernel.org 2025-05-18T18:56:03Z urn:sha1:22c3335c5dcd33063fe1894676a3a6ff1008d506 Pull alloc updates from Danilo Krummrich: "Box: - Support for type coercion, e.g. 'Box<T>' to 'Box<dyn U>' if T implements U Vec: - Implement new methods (prerequisites for nova-core and binder) - Vec::truncate() - Vec::resize() - Vec::clear() - Vec::pop() - Vec::push_within_capacity() - New error type: PushError - Vec::drain_all() - Vec::retain() - Vec::remove() - New error type: RemoveError - Vec::insert_within_capacity - New error type: InsertError - Simplify Vec::push() using Vec::spare_capacity_mut() - Split Vec::set_len() into Vec::inc_len() and Vec::dec_len() - Add type invariant Vec::len() <= Vec::capacity - Simplify Vec::truncate() using Vec::dec_len()" * tag 'alloc-next-v6.16-2025-05-13' of https://github.com/Rust-for-Linux/linux: rust: alloc: add Vec::insert_within_capacity rust: alloc: add Vec::remove rust: alloc: add Vec::retain rust: alloc: add Vec::drain_all rust: alloc: add Vec::push_within_capacity rust: alloc: add Vec::pop rust: alloc: add Vec::clear rust: alloc: replace `Vec::set_len` with `inc_len` rust: alloc: refactor `Vec::truncate` using `dec_len` rust: alloc: add `Vec::dec_len` rust: alloc: add Vec::len() <= Vec::capacity invariant rust: alloc: allow coercion from `Box<T>` to `Box<dyn U>` if T implements U rust: alloc: use `spare_capacity_mut` to reduce unsafe rust: alloc: add Vec::resize method rust: alloc: add Vec::truncate method rust: alloc: add missing invariant in Vec::set_len() 2025-05-11T22:20:25Z Miguel Ojeda ojeda@kernel.org 2025-04-29T15:14:45Z urn:sha1:7d8dee4689278e174900509b8c4604651159d8ee The `kernel` prelude brings `Result` and the error codes; and the prelude itself is already available in the examples automatically. In addition, `Result` already defaults to `T = ()`. Thus simplify. Reviewed-by: Alice Ryhl <aliceryhl@google.com> Link: https://lore.kernel.org/r/20250429151445.438977-1-ojeda@kernel.org Signed-off-by: Miguel Ojeda <ojeda@kernel.org> 2025-04-23T10:05:23Z Tamir Duberstein tamird@gmail.com 2025-04-16T17:15:43Z urn:sha1:88d5d6a38d5161228fbfe017eb94d777d5e8a0e4 Rename `set_len` to `inc_len` and simplify its safety contract. Note that the usage in `CString::try_from_fmt` remains correct as the receiver is known to have `len == 0`. Reviewed-by: Alice Ryhl <aliceryhl@google.com> Signed-off-by: Tamir Duberstein <tamird@gmail.com> Link: https://lore.kernel.org/r/20250416-vec-set-len-v4-4-112b222604cd@gmail.com Signed-off-by: Danilo Krummrich <dakr@kernel.org> 2025-03-23T18:45:03Z Tamir Duberstein tamird@gmail.com 2025-03-17T11:43:03Z urn:sha1:4e72a62e8ddd00e50bfe9aec13995fa2079f6486 Correctly refer to `reserve` rather than `try_reserve` in a comment. This comment has been incorrect since inception in commit 1b580e7b9ba2 ("rust: uaccess: add userspace pointers"). Fixes: 1b580e7b9ba2 ("rust: uaccess: add userspace pointers") Signed-off-by: Tamir Duberstein <tamird@gmail.com> Reviewed-by: Alice Ryhl <aliceryhl@google.com> Reviewed-by: Benno Lossin <benno.lossin@proton.me> Reviewed-by: Charalampos Mitrodimas <charmitro@posteo.net> Link: https://lore.kernel.org/r/20250317-uaccess-typo-reserve-v1-1-bbfcb45121f3@gmail.com Signed-off-by: Miguel Ojeda <ojeda@kernel.org> 2025-01-13T22:46:23Z Filipe Xavier felipeaggger@gmail.com 2025-01-07T19:25:39Z urn:sha1:c80dd3fc45d573458bc763d599d97c82cf5dc212 The UserSliceReader::read_all function is currently restricted to use only Vec with the kmalloc allocator. However, there is no reason for this limitation. This patch generalizes the function to accept any Vec regardless of the allocator used. There's a use-case for a KVVec in Binder to avoid maximum sizes for a certain array. Link: https://github.com/Rust-for-Linux/linux/issues/1136 Signed-off-by: Filipe Xavier <felipeaggger@gmail.com> Reviewed-by: Alice Ryhl <aliceryhl@google.com> Reviewed-by: Boqun Feng <boqun.feng@gmail.com> Link: https://lore.kernel.org/r/20250107-gen-userslice-readall-alloc-v2-1-d7fe4d19241a@gmail.com [ Reflowed and slightly reworded title. - Miguel ] Signed-off-by: Miguel Ojeda <ojeda@kernel.org> 2024-12-16T20:49:33Z Gary Guo gary@garyguo.net 2024-09-13T21:29:24Z urn:sha1:1bae8729e50a900f41e9a1c17ae81113e4cf62b8 The following FFI types are replaced compared to `core::ffi`: 1. `char` type is now always mapped to `u8`, since kernel uses `-funsigned-char` on the C code. `core::ffi` maps it to platform default ABI, which can be either signed or unsigned. 2. `long` is now always mapped to `isize`. It's very common in the kernel to use `long` to represent a pointer-sized integer, and in fact `intptr_t` is a typedef of `long` in the kernel. Enforce this mapping rather than mapping to `i32/i64` depending on platform can save us a lot of unnecessary casts. Signed-off-by: Gary Guo <gary@garyguo.net> Reviewed-by: Alice Ryhl <aliceryhl@google.com> Link: https://lore.kernel.org/r/20240913213041.395655-5-gary@garyguo.net [ Moved `uaccess` changes from the next commit, since they were irrefutable patterns that Rust >= 1.82.0 warns about. Reworded slightly and reformatted a few documentation comments. Rebased on top of `rust-next`. Added the removal of two casts to avoid Clippy warnings. - Miguel ] Signed-off-by: Miguel Ojeda <ojeda@kernel.org> 2024-11-10T22:58:00Z Gary Guo gary@garyguo.net 2024-09-13T21:29:23Z urn:sha1:d072acda4862f095ec9056979b654cc06a22cc68 Currently FFI integer types are defined in libcore. This commit creates the `ffi` crate and asks bindgen to use that crate for FFI integer types instead of `core::ffi`. This commit is preparatory and no type changes are made in this commit yet. Signed-off-by: Gary Guo <gary@garyguo.net> Link: https://lore.kernel.org/r/20240913213041.395655-4-gary@garyguo.net [ Added `rustdoc`, `rusttest` and KUnit tests support. Rebased on top of `rust-next` (e.g. migrated more `core::ffi` cases). Reworded crate docs slightly and formatted. - Miguel ] Signed-off-by: Miguel Ojeda <ojeda@kernel.org> 2024-10-15T21:10:32Z Danilo Krummrich dakr@kernel.org 2024-10-04T15:41:23Z urn:sha1:58eff8e872bd04ccb3adcf99aec7334ffad06cfd Now that we got the kernel `Vec` in place, convert all existing `Vec` users to make use of it. Reviewed-by: Alice Ryhl <aliceryhl@google.com> Reviewed-by: Benno Lossin <benno.lossin@proton.me> Reviewed-by: Gary Guo <gary@garyguo.net> Signed-off-by: Danilo Krummrich <dakr@kernel.org> Link: https://lore.kernel.org/r/20241004154149.93856-20-dakr@kernel.org [ Converted `kasan_test_rust.rs` too, as discussed. - Miguel ] Signed-off-by: Miguel Ojeda <ojeda@kernel.org> 2024-10-09T22:33:42Z Aliet Exposito Garcia aliet.exposito@gmail.com 2024-09-18T22:51:14Z urn:sha1:ce1c54fdff7c4556b08f5b875a331d8952e8b6b7 Refactor the `FromBytes` and `AsBytes` traits from `types.rs` into a new `transmute.rs` module: - Add `rust/kernel/transmute.rs` with the definitions of `FromBytes` and `AsBytes`. - Remove the same trait definitions from `rust/kernel/types.rs`. - Update `rust/kernel/uaccess.rs` to import `AsBytes` and `FromBytes` from `transmute.rs`. The traits and their implementations remain unchanged. Suggested-by: Benno Lossin <benno.lossin@proton.me> Link: https://github.com/Rust-for-Linux/linux/issues/1117 Signed-off-by: Aliet Exposito Garcia <aliet.exposito@gmail.com> Reviewed-by: Fiona Behrens <me@kloenk.dev> Reviewed-by: Benno Lossin <benno.lossin@proton.me> Link: https://lore.kernel.org/r/20240918225115.2309224-2-aliet.exposito@gmail.com [ Rebased on top of the lints series and slightly reworded. - Miguel ] Signed-off-by: Miguel Ojeda <ojeda@kernel.org> 2024-07-08T21:44:01Z Alice Ryhl aliceryhl@google.com 2024-05-28T14:58:04Z urn:sha1:b33bf37adbb2ae35881e7fdd997ce3334d71b129 Add safe methods for reading and writing Rust values to and from userspace pointers. The C methods for copying to/from userspace use a function called `check_object_size` to verify that the kernel pointer is not dangling. However, this check is skipped when the length is a compile-time constant, with the assumption that such cases trivially have a correct kernel pointer. In this patch, we apply the same optimization to the typed accessors. For both methods, the size of the operation is known at compile time to be size_of of the type being read or written. Since the C side doesn't provide a variant that skips only this check, we create custom helpers for this purpose. The majority of reads and writes to userspace pointers in the Rust Binder driver uses these accessor methods. Benchmarking has found that skipping the `check_object_size` check makes a big difference for the cases being skipped here. (And that the check doesn't make a difference for the cases that use the raw read/write methods.) This code is based on something that was originally written by Wedson on the old rust branch. It was modified by Alice to skip the `check_object_size` check, and to update various comments, including the notes about kernel pointers in `WritableToBytes`. Co-developed-by: Wedson Almeida Filho <wedsonaf@gmail.com> Signed-off-by: Wedson Almeida Filho <wedsonaf@gmail.com> Reviewed-by: Benno Lossin <benno.lossin@proton.me> Reviewed-by: Boqun Feng <boqun.feng@gmail.com> Reviewed-by: Trevor Gross <tmgross@umich.edu> Reviewed-by: Gary Guo <gary@garyguo.net> Signed-off-by: Alice Ryhl <aliceryhl@google.com> Link: https://lore.kernel.org/r/20240528-alice-mm-v7-3-78222c31b8f4@google.com [ Wrapped docs to 100 and added a few intra-doc links. - Miguel ] Signed-off-by: Miguel Ojeda <ojeda@kernel.org>