mirror of
git://git.yoctoproject.org/linux-yocto.git
synced 2025-10-22 23:13:01 +02:00
9ad8d22f2f
-----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCZzcWKgAKCRCRxhvAZXjc osPAAP9bLzOPIF51IgP9mQTBlKKrpCWCMQVss5xRDseyNEfCEQD/fR9TSSnX9Suw iad9oBkxkzCjyxWIH46rvbdnc38lRwo= =aawA -----END PGP SIGNATURE----- Merge tag 'vfs-6.13.rust.pid_namespace' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs Pull pid_namespace rust bindings from Christian Brauner: "This contains my Rust bindings for pid namespaces needed for various rust drivers. Here's a description of the basic C semantics and how they are mapped to Rust. The pid namespace of a task doesn't ever change once the task is alive. A unshare(CLONE_NEWPID) or setns(fd_pidns/pidfd, CLONE_NEWPID) will not have an effect on the calling task's pid namespace. It will only effect the pid namespace of children created by the calling task. This invariant guarantees that after having acquired a reference to a task's pid namespace it will remain unchanged. When a task has exited and been reaped release_task() will be called. This will set the pid namespace of the task to NULL. So retrieving the pid namespace of a task that is dead will return NULL. Note, that neither holding the RCU lock nor holding a reference count to the task will prevent release_task() from being called. In order to retrieve the pid namespace of a task the task_active_pid_ns() function can be used. There are two cases to consider: (1) retrieving the pid namespace of the current task (2) retrieving the pid namespace of a non-current task From system call context retrieving the pid namespace for case (1) is always safe and requires neither RCU locking nor a reference count to be held. Retrieving the pid namespace after release_task() for current will return NULL but no codepath like that is exposed to Rust. Retrieving the pid namespace from system call context for (2) requires RCU protection. Accessing a pid namespace outside of RCU protection requires a reference count that must've been acquired while holding the RCU lock. Note that accessing a non-current task means NULL can be returned as the non-current task could have already passed through release_task(). To retrieve (1) the current_pid_ns!() macro should be used. It ensures that the returned pid namespace cannot outlive the calling scope. The associated current_pid_ns() function should not be called directly as it could be abused to created an unbounded lifetime for the pid namespace. The current_pid_ns!() macro allows Rust to handle the common case of accessing current's pid namespace without RCU protection and without having to acquire a reference count. For (2) the task_get_pid_ns() method must be used. This will always acquire a reference on the pid namespace and will return an Option to force the caller to explicitly handle the case where pid namespace is None. Something that tends to be forgotten when doing the equivalent operation in C. Missing RCU primitives make it difficult to perform operations that are otherwise safe without holding a reference count as long as RCU protection is guaranteed. But it is not important currently. But we do want it in the future. Note that for (2) the required RCU protection around calling task_active_pid_ns() synchronizes against putting the last reference of the associated struct pid of task->thread_pid. The struct pid stored in that field is used to retrieve the pid namespace of the caller. When release_task() is called task->thread_pid will be NULLed and put_pid() on said struct pid will be delayed in free_pid() via call_rcu() allowing everyone with an RCU protected access to the struct pid acquired from task->thread_pid to finish" * tag 'vfs-6.13.rust.pid_namespace' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs: rust: add PidNamespace
191 lines
5.2 KiB
Rust
191 lines
5.2 KiB
Rust
// SPDX-License-Identifier: GPL-2.0
|
|
|
|
//! The `kernel` crate.
|
|
//!
|
|
//! This crate contains the kernel APIs that have been ported or wrapped for
|
|
//! usage by Rust code in the kernel and is shared by all of them.
|
|
//!
|
|
//! In other words, all the rest of the Rust code in the kernel (e.g. kernel
|
|
//! modules written in Rust) depends on [`core`], [`alloc`] and this crate.
|
|
//!
|
|
//! If you need a kernel C API that is not ported or wrapped yet here, then
|
|
//! do so first instead of bypassing this crate.
|
|
|
|
#![no_std]
|
|
#![feature(coerce_unsized)]
|
|
#![feature(dispatch_from_dyn)]
|
|
#![feature(new_uninit)]
|
|
#![feature(receiver_trait)]
|
|
#![feature(unsize)]
|
|
|
|
// Ensure conditional compilation based on the kernel configuration works;
|
|
// otherwise we may silently break things like initcall handling.
|
|
#[cfg(not(CONFIG_RUST))]
|
|
compile_error!("Missing kernel configuration for conditional compilation");
|
|
|
|
// Allow proc-macros to refer to `::kernel` inside the `kernel` crate (this crate).
|
|
extern crate self as kernel;
|
|
|
|
pub mod alloc;
|
|
#[cfg(CONFIG_BLOCK)]
|
|
pub mod block;
|
|
mod build_assert;
|
|
pub mod cred;
|
|
pub mod device;
|
|
pub mod error;
|
|
#[cfg(CONFIG_RUST_FW_LOADER_ABSTRACTIONS)]
|
|
pub mod firmware;
|
|
pub mod fs;
|
|
pub mod init;
|
|
pub mod ioctl;
|
|
pub mod jump_label;
|
|
#[cfg(CONFIG_KUNIT)]
|
|
pub mod kunit;
|
|
pub mod list;
|
|
#[cfg(CONFIG_NET)]
|
|
pub mod net;
|
|
pub mod page;
|
|
pub mod pid_namespace;
|
|
pub mod prelude;
|
|
pub mod print;
|
|
pub mod rbtree;
|
|
pub mod security;
|
|
pub mod seq_file;
|
|
pub mod sizes;
|
|
mod static_assert;
|
|
#[doc(hidden)]
|
|
pub mod std_vendor;
|
|
pub mod str;
|
|
pub mod sync;
|
|
pub mod task;
|
|
pub mod time;
|
|
pub mod tracepoint;
|
|
pub mod types;
|
|
pub mod uaccess;
|
|
pub mod workqueue;
|
|
|
|
#[doc(hidden)]
|
|
pub use bindings;
|
|
pub use macros;
|
|
pub use uapi;
|
|
|
|
#[doc(hidden)]
|
|
pub use build_error::build_error;
|
|
|
|
/// Prefix to appear before log messages printed from within the `kernel` crate.
|
|
const __LOG_PREFIX: &[u8] = b"rust_kernel\0";
|
|
|
|
/// The top level entrypoint to implementing a kernel module.
|
|
///
|
|
/// For any teardown or cleanup operations, your type may implement [`Drop`].
|
|
pub trait Module: Sized + Sync + Send {
|
|
/// Called at module initialization time.
|
|
///
|
|
/// Use this method to perform whatever setup or registration your module
|
|
/// should do.
|
|
///
|
|
/// Equivalent to the `module_init` macro in the C API.
|
|
fn init(module: &'static ThisModule) -> error::Result<Self>;
|
|
}
|
|
|
|
/// Equivalent to `THIS_MODULE` in the C API.
|
|
///
|
|
/// C header: [`include/linux/export.h`](srctree/include/linux/export.h)
|
|
pub struct ThisModule(*mut bindings::module);
|
|
|
|
// SAFETY: `THIS_MODULE` may be used from all threads within a module.
|
|
unsafe impl Sync for ThisModule {}
|
|
|
|
impl ThisModule {
|
|
/// Creates a [`ThisModule`] given the `THIS_MODULE` pointer.
|
|
///
|
|
/// # Safety
|
|
///
|
|
/// The pointer must be equal to the right `THIS_MODULE`.
|
|
pub const unsafe fn from_ptr(ptr: *mut bindings::module) -> ThisModule {
|
|
ThisModule(ptr)
|
|
}
|
|
|
|
/// Access the raw pointer for this module.
|
|
///
|
|
/// It is up to the user to use it correctly.
|
|
pub const fn as_ptr(&self) -> *mut bindings::module {
|
|
self.0
|
|
}
|
|
}
|
|
|
|
#[cfg(not(any(testlib, test)))]
|
|
#[panic_handler]
|
|
fn panic(info: &core::panic::PanicInfo<'_>) -> ! {
|
|
pr_emerg!("{}\n", info);
|
|
// SAFETY: FFI call.
|
|
unsafe { bindings::BUG() };
|
|
}
|
|
|
|
/// Produces a pointer to an object from a pointer to one of its fields.
|
|
///
|
|
/// # Safety
|
|
///
|
|
/// The pointer passed to this macro, and the pointer returned by this macro, must both be in
|
|
/// bounds of the same allocation.
|
|
///
|
|
/// # Examples
|
|
///
|
|
/// ```
|
|
/// # use kernel::container_of;
|
|
/// struct Test {
|
|
/// a: u64,
|
|
/// b: u32,
|
|
/// }
|
|
///
|
|
/// let test = Test { a: 10, b: 20 };
|
|
/// let b_ptr = &test.b;
|
|
/// // SAFETY: The pointer points at the `b` field of a `Test`, so the resulting pointer will be
|
|
/// // in-bounds of the same allocation as `b_ptr`.
|
|
/// let test_alias = unsafe { container_of!(b_ptr, Test, b) };
|
|
/// assert!(core::ptr::eq(&test, test_alias));
|
|
/// ```
|
|
#[macro_export]
|
|
macro_rules! container_of {
|
|
($ptr:expr, $type:ty, $($f:tt)*) => {{
|
|
let ptr = $ptr as *const _ as *const u8;
|
|
let offset: usize = ::core::mem::offset_of!($type, $($f)*);
|
|
ptr.sub(offset) as *const $type
|
|
}}
|
|
}
|
|
|
|
/// Helper for `.rs.S` files.
|
|
#[doc(hidden)]
|
|
#[macro_export]
|
|
macro_rules! concat_literals {
|
|
($( $asm:literal )* ) => {
|
|
::core::concat!($($asm),*)
|
|
};
|
|
}
|
|
|
|
/// Wrapper around `asm!` configured for use in the kernel.
|
|
///
|
|
/// Uses a semicolon to avoid parsing ambiguities, even though this does not match native `asm!`
|
|
/// syntax.
|
|
// For x86, `asm!` uses intel syntax by default, but we want to use at&t syntax in the kernel.
|
|
#[cfg(any(target_arch = "x86", target_arch = "x86_64"))]
|
|
#[macro_export]
|
|
macro_rules! asm {
|
|
($($asm:expr),* ; $($rest:tt)*) => {
|
|
::core::arch::asm!( $($asm)*, options(att_syntax), $($rest)* )
|
|
};
|
|
}
|
|
|
|
/// Wrapper around `asm!` configured for use in the kernel.
|
|
///
|
|
/// Uses a semicolon to avoid parsing ambiguities, even though this does not match native `asm!`
|
|
/// syntax.
|
|
// For non-x86 arches we just pass through to `asm!`.
|
|
#[cfg(not(any(target_arch = "x86", target_arch = "x86_64")))]
|
|
#[macro_export]
|
|
macro_rules! asm {
|
|
($($asm:expr),* ; $($rest:tt)*) => {
|
|
::core::arch::asm!( $($asm)*, $($rest)* )
|
|
};
|
|
}
|