- Linux-kselftest-mirror - lists.linaro.org

[PATCH 3/3] rust: replace `addr_of[_mut]!` with `&raw [mut]`

by Antonio Hickey

Replacing all occurrences of `addr_of!(place)` with `&raw place`, and all occurrences of `addr_of_mut!(place)` with `&raw mut place`. Utilizing the new feature will allow us to reduce macro complexity, and improve consistency with existing reference syntax as `&raw`, `&raw mut` is very similar to `&`, `&mut` making it fit more naturally with other existing code. Depends on: Patch 1/3 0001-rust-enable-raw_ref_op-feature.patch Suggested-by: Benno Lossin <y86-dev(a)protonmail.com> Link: https://github.com/Rust-for-Linux/linux/issues/1148 Signed-off-by: Antonio Hickey <contact(a)antoniohickey.com> --- rust/kernel/block/mq/request.rs | 4 ++-- rust/kernel/faux.rs | 4 ++-- rust/kernel/fs/file.rs | 2 +- rust/kernel/init.rs | 8 ++++---- rust/kernel/init/macros.rs | 28 +++++++++++++------------- rust/kernel/jump_label.rs | 4 ++-- rust/kernel/kunit.rs | 4 ++-- rust/kernel/list.rs | 2 +- rust/kernel/list/impl_list_item_mod.rs | 6 +++--- rust/kernel/net/phy.rs | 4 ++-- rust/kernel/pci.rs | 4 ++-- rust/kernel/platform.rs | 4 +--- rust/kernel/rbtree.rs | 22 ++++++++++---------- rust/kernel/sync/arc.rs | 2 +- rust/kernel/task.rs | 4 ++-- rust/kernel/workqueue.rs | 8 ++++---- 16 files changed, 54 insertions(+), 56 deletions(-) diff --git a/rust/kernel/block/mq/request.rs b/rust/kernel/block/mq/request.rs index 7943f43b9575..4a5b7ec914ef 100644 --- a/rust/kernel/block/mq/request.rs +++ b/rust/kernel/block/mq/request.rs @@ -12,7 +12,7 @@ }; use core::{ marker::PhantomData, - ptr::{addr_of_mut, NonNull}, + ptr::NonNull, sync::atomic::{AtomicU64, Ordering}, }; @@ -187,7 +187,7 @@ pub(crate) fn refcount(&self) -> &AtomicU64 { pub(crate) unsafe fn refcount_ptr(this: *mut Self) -> *mut AtomicU64 { // SAFETY: Because of the safety requirements of this function, the // field projection is safe. - unsafe { addr_of_mut!((*this).refcount) } + unsafe { &raw mut (*this).refcount } } } diff --git a/rust/kernel/faux.rs b/rust/kernel/faux.rs index 5acc0c02d451..52ac554c1119 100644 --- a/rust/kernel/faux.rs +++ b/rust/kernel/faux.rs @@ -7,7 +7,7 @@ //! C header: [`include/linux/device/faux.h`] use crate::{bindings, device, error::code::*, prelude::*}; -use core::ptr::{addr_of_mut, null, null_mut, NonNull}; +use core::ptr::{null, null_mut, NonNull}; /// The registration of a faux device. /// @@ -45,7 +45,7 @@ impl AsRef<device::Device> for Registration { fn as_ref(&self) -> &device::Device { // SAFETY: The underlying `device` in `faux_device` is guaranteed by the C API to be // a valid initialized `device`. - unsafe { device::Device::as_ref(addr_of_mut!((*self.as_raw()).dev)) } + unsafe { device::Device::as_ref((&raw mut (*self.as_raw()).dev)) } } } diff --git a/rust/kernel/fs/file.rs b/rust/kernel/fs/file.rs index ed57e0137cdb..7ee4830b67f3 100644 --- a/rust/kernel/fs/file.rs +++ b/rust/kernel/fs/file.rs @@ -331,7 +331,7 @@ pub fn flags(&self) -> u32 { // SAFETY: The file is valid because the shared reference guarantees a nonzero refcount. // // FIXME(read_once): Replace with `read_once` when available on the Rust side. - unsafe { core::ptr::addr_of!((*self.as_ptr()).f_flags).read_volatile() } + unsafe { (&raw const (*self.as_ptr()).f_flags).read_volatile() } } } diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs index 7fd1ea8265a5..a8fac6558671 100644 --- a/rust/kernel/init.rs +++ b/rust/kernel/init.rs @@ -122,7 +122,7 @@ //! ```rust //! # #![expect(unreachable_pub, clippy::disallowed_names)] //! use kernel::{init, types::Opaque}; -//! use core::{ptr::addr_of_mut, marker::PhantomPinned, pin::Pin}; +//! use core::{marker::PhantomPinned, pin::Pin}; //! # mod bindings { //! # #![expect(non_camel_case_types)] //! # #![expect(clippy::missing_safety_doc)] @@ -159,7 +159,7 @@ //! unsafe { //! init::pin_init_from_closure(move |slot: *mut Self| { //! // `slot` contains uninit memory, avoid creating a reference. -//! let foo = addr_of_mut!((*slot).foo); +//! let foo = &raw mut (*slot).foo; //! //! // Initialize the `foo` //! bindings::init_foo(Opaque::raw_get(foo)); @@ -541,7 +541,7 @@ macro_rules! stack_try_pin_init { /// /// ```rust /// # use kernel::{macros::{Zeroable, pin_data}, pin_init}; -/// # use core::{ptr::addr_of_mut, marker::PhantomPinned}; +/// # use core::marker::PhantomPinned; /// #[pin_data] /// #[derive(Zeroable)] /// struct Buf { @@ -554,7 +554,7 @@ macro_rules! stack_try_pin_init { /// pin_init!(&this in Buf { /// buf: [0; 64], /// // SAFETY: TODO. -/// ptr: unsafe { addr_of_mut!((*this.as_ptr()).buf).cast() }, +/// ptr: unsafe { &raw mut (*this.as_ptr()).buf.cast() }, /// pin: PhantomPinned, /// }); /// pin_init!(Buf { diff --git a/rust/kernel/init/macros.rs b/rust/kernel/init/macros.rs index 1fd146a83241..af525fbb2f01 100644 --- a/rust/kernel/init/macros.rs +++ b/rust/kernel/init/macros.rs @@ -244,25 +244,25 @@ //! struct __InitOk; //! // This is the expansion of `t,`, which is syntactic sugar for `t: t,`. //! { -//! unsafe { ::core::ptr::write(::core::addr_of_mut!((*slot).t), t) }; +//! unsafe { ::core::ptr::write(&raw mut (*slot).t, t) }; //! } //! // Since initialization could fail later (not in this case, since the //! // error type is `Infallible`) we will need to drop this field if there //! // is an error later. This `DropGuard` will drop the field when it gets //! // dropped and has not yet been forgotten. //! let __t_guard = unsafe { -//! ::pinned_init::__internal::DropGuard::new(::core::addr_of_mut!((*slot).t)) +//! ::pinned_init::__internal::DropGuard::new(&raw mut (*slot).t) //! }; //! // Expansion of `x: 0,`: //! // Since this can be an arbitrary expression we cannot place it inside //! // of the `unsafe` block, so we bind it here. //! { //! let x = 0; -//! unsafe { ::core::ptr::write(::core::addr_of_mut!((*slot).x), x) }; +//! unsafe { ::core::ptr::write(&raw mut (*slot).x, x) }; //! } //! // We again create a `DropGuard`. //! let __x_guard = unsafe { -//! ::kernel::init::__internal::DropGuard::new(::core::addr_of_mut!((*slot).x)) +//! ::kernel::init::__internal::DropGuard::new(&raw mut (*slot).x) //! }; //! // Since initialization has successfully completed, we can now forget //! // the guards. This is not `mem::forget`, since we only have @@ -459,15 +459,15 @@ //! { //! struct __InitOk; //! { -//! unsafe { ::core::ptr::write(::core::addr_of_mut!((*slot).a), a) }; +//! unsafe { ::core::ptr::write(&raw mut (*slot).a, a) }; //! } //! let __a_guard = unsafe { -//! ::kernel::init::__internal::DropGuard::new(::core::addr_of_mut!((*slot).a)) +//! ::kernel::init::__internal::DropGuard::new(&raw mut (*slot).a) //! }; //! let init = Bar::new(36); -//! unsafe { data.b(::core::addr_of_mut!((*slot).b), b)? }; +//! unsafe { data.b(&raw mut (*slot).b, b)? }; //! let __b_guard = unsafe { -//! ::kernel::init::__internal::DropGuard::new(::core::addr_of_mut!((*slot).b)) +//! ::kernel::init::__internal::DropGuard::new(&raw mut (*slot).b) //! }; //! ::core::mem::forget(__b_guard); //! ::core::mem::forget(__a_guard); @@ -1210,7 +1210,7 @@ fn assert_zeroable<T: $crate::init::Zeroable>(_: *mut T) {} // SAFETY: `slot` is valid, because we are inside of an initializer closure, we // return when an error/panic occurs. // We also use the `data` to require the correct trait (`Init` or `PinInit`) for `$field`. - unsafe { $data.$field(::core::ptr::addr_of_mut!((*$slot).$field), init)? }; + unsafe { $data.$field(&raw mut (*$slot).$field, init)? }; // Create the drop guard: // // We rely on macro hygiene to make it impossible for users to access this local variable. @@ -1218,7 +1218,7 @@ fn assert_zeroable<T: $crate::init::Zeroable>(_: *mut T) {} ::kernel::macros::paste! { // SAFETY: We forget the guard later when initialization has succeeded. let [< __ $field _guard >] = unsafe { - $crate::init::__internal::DropGuard::new(::core::ptr::addr_of_mut!((*$slot).$field)) + $crate::init::__internal::DropGuard::new(&raw mut (*$slot).$field) }; $crate::__init_internal!(init_slot($use_data): @@ -1241,7 +1241,7 @@ fn assert_zeroable<T: $crate::init::Zeroable>(_: *mut T) {} // // SAFETY: `slot` is valid, because we are inside of an initializer closure, we // return when an error/panic occurs. - unsafe { $crate::init::Init::__init(init, ::core::ptr::addr_of_mut!((*$slot).$field))? }; + unsafe { $crate::init::Init::__init(init, &raw mut (*$slot).$field)? }; // Create the drop guard: // // We rely on macro hygiene to make it impossible for users to access this local variable. @@ -1249,7 +1249,7 @@ fn assert_zeroable<T: $crate::init::Zeroable>(_: *mut T) {} ::kernel::macros::paste! { // SAFETY: We forget the guard later when initialization has succeeded. let [< __ $field _guard >] = unsafe { - $crate::init::__internal::DropGuard::new(::core::ptr::addr_of_mut!((*$slot).$field)) + $crate::init::__internal::DropGuard::new(&raw mut (*$slot).$field) }; $crate::__init_internal!(init_slot(): @@ -1272,7 +1272,7 @@ fn assert_zeroable<T: $crate::init::Zeroable>(_: *mut T) {} // Initialize the field. // // SAFETY: The memory at `slot` is uninitialized. - unsafe { ::core::ptr::write(::core::ptr::addr_of_mut!((*$slot).$field), $field) }; + unsafe { ::core::ptr::write(&raw mut (*$slot).$field, $field) }; } // Create the drop guard: // @@ -1281,7 +1281,7 @@ fn assert_zeroable<T: $crate::init::Zeroable>(_: *mut T) {} ::kernel::macros::paste! { // SAFETY: We forget the guard later when initialization has succeeded. let [< __ $field _guard >] = unsafe { - $crate::init::__internal::DropGuard::new(::core::ptr::addr_of_mut!((*$slot).$field)) + $crate::init::__internal::DropGuard::new(&raw mut (*$slot).$field) }; $crate::__init_internal!(init_slot($($use_data)?): diff --git a/rust/kernel/jump_label.rs b/rust/kernel/jump_label.rs index 4e974c768dbd..05d4564714c7 100644 --- a/rust/kernel/jump_label.rs +++ b/rust/kernel/jump_label.rs @@ -20,8 +20,8 @@ #[macro_export] macro_rules! static_branch_unlikely { ($key:path, $keytyp:ty, $field:ident) => {{ - let _key: *const $keytyp = ::core::ptr::addr_of!($key); - let _key: *const $crate::bindings::static_key_false = ::core::ptr::addr_of!((*_key).$field); + let _key: *const $keytyp = &raw $key; + let _key: *const $crate::bindings::static_key_false = &raw (*_key).$field; let _key: *const $crate::bindings::static_key = _key.cast(); #[cfg(not(CONFIG_JUMP_LABEL))] diff --git a/rust/kernel/kunit.rs b/rust/kernel/kunit.rs index 824da0e9738a..18357dd782ed 100644 --- a/rust/kernel/kunit.rs +++ b/rust/kernel/kunit.rs @@ -128,9 +128,9 @@ unsafe impl Sync for UnaryAssert {} unsafe { $crate::bindings::__kunit_do_failed_assertion( kunit_test, - core::ptr::addr_of!(LOCATION.0), + &raw LOCATION.0, $crate::bindings::kunit_assert_type_KUNIT_ASSERTION, - core::ptr::addr_of!(ASSERTION.0.assert), + &raw ASSERTION.0.assert, Some($crate::bindings::kunit_unary_assert_format), core::ptr::null(), ); diff --git a/rust/kernel/list.rs b/rust/kernel/list.rs index c0ed227b8a4f..e98f0820f002 100644 --- a/rust/kernel/list.rs +++ b/rust/kernel/list.rs @@ -176,7 +176,7 @@ pub fn new() -> impl PinInit<Self> { #[inline] unsafe fn fields(me: *mut Self) -> *mut ListLinksFields { // SAFETY: The caller promises that the pointer is valid. - unsafe { Opaque::raw_get(ptr::addr_of!((*me).inner)) } + unsafe { Opaque::raw_get(&raw const (*me).inner) } } /// # Safety diff --git a/rust/kernel/list/impl_list_item_mod.rs b/rust/kernel/list/impl_list_item_mod.rs index a0438537cee1..014b6713d59d 100644 --- a/rust/kernel/list/impl_list_item_mod.rs +++ b/rust/kernel/list/impl_list_item_mod.rs @@ -49,7 +49,7 @@ macro_rules! impl_has_list_links { // SAFETY: The implementation of `raw_get_list_links` only compiles if the field has the // right type. // - // The behavior of `raw_get_list_links` is not changed since the `addr_of_mut!` macro is + // The behavior of `raw_get_list_links` is not changed since the `&raw mut` op is // equivalent to the pointer offset operation in the trait definition. unsafe impl$(<$($implarg),*>)? $crate::list::HasListLinks$(<$id>)? for $self $(<$($selfarg),*>)? @@ -61,7 +61,7 @@ unsafe fn raw_get_list_links(ptr: *mut Self) -> *mut $crate::list::ListLinks$(<$ // SAFETY: The caller promises that the pointer is not dangling. We know that this // expression doesn't follow any pointers, as the `offset_of!` invocation above // would otherwise not compile. - unsafe { ::core::ptr::addr_of_mut!((*ptr)$(.$field)*) } + unsafe { &raw mut (*ptr)$(.$field)* } } } )*}; @@ -103,7 +103,7 @@ macro_rules! impl_has_list_links_self_ptr { unsafe fn raw_get_list_links(ptr: *mut Self) -> *mut $crate::list::ListLinks$(<$id>)? { // SAFETY: The caller promises that the pointer is not dangling. let ptr: *mut $crate::list::ListLinksSelfPtr<$item_type $(, $id)?> = - unsafe { ::core::ptr::addr_of_mut!((*ptr).$field) }; + unsafe { &raw mut (*ptr).$field }; ptr.cast() } } diff --git a/rust/kernel/net/phy.rs b/rust/kernel/net/phy.rs index a59469c785e3..757db052cc09 100644 --- a/rust/kernel/net/phy.rs +++ b/rust/kernel/net/phy.rs @@ -7,7 +7,7 @@ //! C headers: [`include/linux/phy.h`](srctree/include/linux/phy.h). use crate::{error::*, prelude::*, types::Opaque}; -use core::{marker::PhantomData, ptr::addr_of_mut}; +use core::marker::PhantomData; pub mod reg; @@ -285,7 +285,7 @@ impl AsRef<kernel::device::Device> for Device { fn as_ref(&self) -> &kernel::device::Device { let phydev = self.0.get(); // SAFETY: The struct invariant ensures that `mdio.dev` is valid. - unsafe { kernel::device::Device::as_ref(addr_of_mut!((*phydev).mdio.dev)) } + unsafe { kernel::device::Device::as_ref(&raw mut (*phydev).mdio.dev) } } } diff --git a/rust/kernel/pci.rs b/rust/kernel/pci.rs index f7b2743828ae..6cb9ed1e7cbf 100644 --- a/rust/kernel/pci.rs +++ b/rust/kernel/pci.rs @@ -17,7 +17,7 @@ types::{ARef, ForeignOwnable, Opaque}, ThisModule, }; -use core::{ops::Deref, ptr::addr_of_mut}; +use core::ops::Deref; use kernel::prelude::*; /// An adapter for the registration of PCI drivers. @@ -60,7 +60,7 @@ extern "C" fn probe_callback( ) -> kernel::ffi::c_int { // SAFETY: The PCI bus only ever calls the probe callback with a valid pointer to a // `struct pci_dev`. - let dev = unsafe { device::Device::get_device(addr_of_mut!((*pdev).dev)) }; + let dev = unsafe { device::Device::get_device(&raw mut (*pdev).dev) }; // SAFETY: `dev` is guaranteed to be embedded in a valid `struct pci_dev` by the call // above. let mut pdev = unsafe { Device::from_dev(dev) }; diff --git a/rust/kernel/platform.rs b/rust/kernel/platform.rs index 1297f5292ba9..344875ad7b82 100644 --- a/rust/kernel/platform.rs +++ b/rust/kernel/platform.rs @@ -14,8 +14,6 @@ ThisModule, }; -use core::ptr::addr_of_mut; - /// An adapter for the registration of platform drivers. pub struct Adapter<T: Driver>(T); @@ -55,7 +53,7 @@ unsafe fn unregister(pdrv: &Opaque<Self::RegType>) { impl<T: Driver + 'static> Adapter<T> { extern "C" fn probe_callback(pdev: *mut bindings::platform_device) -> kernel::ffi::c_int { // SAFETY: The platform bus only ever calls the probe callback with a valid `pdev`. - let dev = unsafe { device::Device::get_device(addr_of_mut!((*pdev).dev)) }; + let dev = unsafe { device::Device::get_device(&raw mut (*pdev).dev) }; // SAFETY: `dev` is guaranteed to be embedded in a valid `struct platform_device` by the // call above. let mut pdev = unsafe { Device::from_dev(dev) }; diff --git a/rust/kernel/rbtree.rs b/rust/kernel/rbtree.rs index 1ea25c7092fb..b0ad35663cb0 100644 --- a/rust/kernel/rbtree.rs +++ b/rust/kernel/rbtree.rs @@ -11,7 +11,7 @@ cmp::{Ord, Ordering}, marker::PhantomData, mem::MaybeUninit, - ptr::{addr_of_mut, from_mut, NonNull}, + ptr::{from_mut, NonNull}, }; /// A red-black tree with owned nodes. @@ -238,7 +238,7 @@ pub fn values_mut(&mut self) -> impl Iterator<Item = &'_ mut V> { /// Returns a cursor over the tree nodes, starting with the smallest key. pub fn cursor_front(&mut self) -> Option<Cursor<'_, K, V>> { - let root = addr_of_mut!(self.root); + let root = &raw mut self.root; // SAFETY: `self.root` is always a valid root node let current = unsafe { bindings::rb_first(root) }; NonNull::new(current).map(|current| { @@ -253,7 +253,7 @@ pub fn cursor_front(&mut self) -> Option<Cursor<'_, K, V>> { /// Returns a cursor over the tree nodes, starting with the largest key. pub fn cursor_back(&mut self) -> Option<Cursor<'_, K, V>> { - let root = addr_of_mut!(self.root); + let root = &raw mut self.root; // SAFETY: `self.root` is always a valid root node let current = unsafe { bindings::rb_last(root) }; NonNull::new(current).map(|current| { @@ -459,7 +459,7 @@ pub fn cursor_lower_bound(&mut self, key: &K) -> Option<Cursor<'_, K, V>> let best = best_match?; // SAFETY: `best` is a non-null node so it is valid by the type invariants. - let links = unsafe { addr_of_mut!((*best.as_ptr()).links) }; + let links = unsafe { &raw mut (*best.as_ptr()).links }; NonNull::new(links).map(|current| { // INVARIANT: @@ -767,7 +767,7 @@ pub fn remove_current(self) -> (Option<Self>, RBTreeNode<K, V>) { let node = RBTreeNode { node }; // SAFETY: The reference to the tree used to create the cursor outlives the cursor, so // the tree cannot change. By the tree invariant, all nodes are valid. - unsafe { bindings::rb_erase(&mut (*this).links, addr_of_mut!(self.tree.root)) }; + unsafe { bindings::rb_erase(&mut (*this).links, &raw mut self.tree.root) }; let current = match (prev, next) { (_, Some(next)) => next, @@ -803,7 +803,7 @@ fn remove_neighbor(&mut self, direction: Direction) -> Option<RBTreeNode<K, V>> let neighbor = neighbor.as_ptr(); // SAFETY: The reference to the tree used to create the cursor outlives the cursor, so // the tree cannot change. By the tree invariant, all nodes are valid. - unsafe { bindings::rb_erase(neighbor, addr_of_mut!(self.tree.root)) }; + unsafe { bindings::rb_erase(neighbor, &raw mut self.tree.root) }; // SAFETY: By the type invariant of `Self`, all non-null `rb_node` pointers stored in `self` // point to the links field of `Node<K, V>` objects. let this = unsafe { container_of!(neighbor, Node<K, V>, links) }.cast_mut(); @@ -918,7 +918,7 @@ unsafe fn to_key_value_raw<'b>(node: NonNull<bindings::rb_node>) -> (&'b K, *mut let k = unsafe { &(*this).key }; // SAFETY: The passed `node` is the current node or a non-null neighbor, // thus `this` is valid by the type invariants. - let v = unsafe { addr_of_mut!((*this).value) }; + let v = unsafe { &raw mut (*this).value }; (k, v) } } @@ -1027,7 +1027,7 @@ fn next(&mut self) -> Option<Self::Item> { self.next = unsafe { bindings::rb_next(self.next) }; // SAFETY: By the same reasoning above, it is safe to dereference the node. - Some(unsafe { (addr_of_mut!((*cur).key), addr_of_mut!((*cur).value)) }) + Some(unsafe { (&raw mut (*cur).key, &raw mut (*cur).value) }) } } @@ -1170,7 +1170,7 @@ fn insert(self, node: RBTreeNode<K, V>) -> &'a mut V { // SAFETY: `node` is valid at least until we call `Box::from_raw`, which only happens when // the node is removed or replaced. - let node_links = unsafe { addr_of_mut!((*node).links) }; + let node_links = unsafe { &raw mut (*node).links }; // INVARIANT: We are linking in a new node, which is valid. It remains valid because we // "forgot" it with `Box::into_raw`. @@ -1178,7 +1178,7 @@ fn insert(self, node: RBTreeNode<K, V>) -> &'a mut V { unsafe { bindings::rb_link_node(node_links, self.parent, self.child_field_of_parent) }; // SAFETY: All pointers are valid. `node` has just been inserted into the tree. - unsafe { bindings::rb_insert_color(node_links, addr_of_mut!((*self.rbtree).root)) }; + unsafe { bindings::rb_insert_color(node_links, &raw mut (*self.rbtree).root) }; // SAFETY: The node is valid until we remove it from the tree. unsafe { &mut (*node).value } @@ -1261,7 +1261,7 @@ fn replace(self, node: RBTreeNode<K, V>) -> RBTreeNode<K, V> { // SAFETY: `node` is valid at least until we call `Box::from_raw`, which only happens when // the node is removed or replaced. - let new_node_links = unsafe { addr_of_mut!((*node).links) }; + let new_node_links = unsafe { &raw mut (*node).links }; // SAFETY: This updates the pointers so that `new_node_links` is in the tree where // `self.node_links` used to be. diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index 3cefda7a4372..81d8b0f84957 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -243,7 +243,7 @@ pub fn into_raw(self) -> *const T { let ptr = self.ptr.as_ptr(); core::mem::forget(self); // SAFETY: The pointer is valid. - unsafe { core::ptr::addr_of!((*ptr).data) } + unsafe { &raw const (*ptr).data } } /// Recreates an [`Arc`] instance previously deconstructed via [`Arc::into_raw`]. diff --git a/rust/kernel/task.rs b/rust/kernel/task.rs index 49012e711942..b2ac768eed23 100644 --- a/rust/kernel/task.rs +++ b/rust/kernel/task.rs @@ -257,7 +257,7 @@ pub fn as_ptr(&self) -> *mut bindings::task_struct { pub fn group_leader(&self) -> &Task { // SAFETY: The group leader of a task never changes after initialization, so reading this // field is not a data race. - let ptr = unsafe { *ptr::addr_of!((*self.as_ptr()).group_leader) }; + let ptr = unsafe { *(&raw const (*self.as_ptr()).group_leader) }; // SAFETY: The lifetime of the returned task reference is tied to the lifetime of `self`, // and given that a task has a reference to its group leader, we know it must be valid for @@ -269,7 +269,7 @@ pub fn group_leader(&self) -> &Task { pub fn pid(&self) -> Pid { // SAFETY: The pid of a task never changes after initialization, so reading this field is // not a data race. - unsafe { *ptr::addr_of!((*self.as_ptr()).pid) } + unsafe { *(&raw const (*self.as_ptr()).pid) } } /// Returns the UID of the given task. diff --git a/rust/kernel/workqueue.rs b/rust/kernel/workqueue.rs index 0cd100d2aefb..34e8abb38974 100644 --- a/rust/kernel/workqueue.rs +++ b/rust/kernel/workqueue.rs @@ -401,9 +401,9 @@ pub fn new(name: &'static CStr, key: &'static LockClassKey) -> impl PinInit<Self pub unsafe fn raw_get(ptr: *const Self) -> *mut bindings::work_struct { // SAFETY: The caller promises that the pointer is aligned and not dangling. // - // A pointer cast would also be ok due to `#[repr(transparent)]`. We use `addr_of!` so that - // the compiler does not complain that the `work` field is unused. - unsafe { Opaque::raw_get(core::ptr::addr_of!((*ptr).work)) } + // A pointer cast would also be ok due to `#[repr(transparent)]`. We use `&raw const (*ptr).work` + // so that the compiler does not complain that the `work` field is unused. + unsafe { Opaque::raw_get(&raw const (*ptr).work) } } } @@ -510,7 +510,7 @@ macro_rules! impl_has_work { unsafe fn raw_get_work(ptr: *mut Self) -> *mut $crate::workqueue::Work<$work_type $(, $id)?> { // SAFETY: The caller promises that the pointer is not dangling. unsafe { - ::core::ptr::addr_of_mut!((*ptr).$field) + &raw mut (*ptr).$field } } } -- 2.48.1

6 months

2
1
0 0

[PATCH v2 3/3] rust: replace `addr_of[_mut]!` with `&raw [const | mut]`

by Antonio Hickey

Replacing all occurrences of `addr_of!(place)` with `&raw const place`, and all occurrences of `addr_of_mut!(place)` with `&raw mut place`. Utilizing the new feature will allow us to reduce macro complexity, and improve consistency with existing reference syntax as `&raw const`, `&raw mut` is very similar to `&`, `&mut` making it fit more naturally with other existing code than the previously used macros. Suggested-by: Benno Lossin <benno.lossin(a)proton.me> Link: https://github.com/Rust-for-Linux/linux/issues/1148 Signed-off-by: Antonio Hickey <contact(a)antoniohickey.com> --- rust/kernel/block/mq/request.rs | 4 ++-- rust/kernel/faux.rs | 4 ++-- rust/kernel/fs/file.rs | 2 +- rust/kernel/init.rs | 8 ++++---- rust/kernel/init/macros.rs | 28 +++++++++++++------------- rust/kernel/jump_label.rs | 4 ++-- rust/kernel/kunit.rs | 4 ++-- rust/kernel/list.rs | 2 +- rust/kernel/list/impl_list_item_mod.rs | 6 +++--- rust/kernel/net/phy.rs | 4 ++-- rust/kernel/pci.rs | 4 ++-- rust/kernel/platform.rs | 4 +--- rust/kernel/rbtree.rs | 22 ++++++++++---------- rust/kernel/sync/arc.rs | 2 +- rust/kernel/task.rs | 4 ++-- rust/kernel/workqueue.rs | 8 ++++---- 16 files changed, 54 insertions(+), 56 deletions(-) diff --git a/rust/kernel/block/mq/request.rs b/rust/kernel/block/mq/request.rs index 7943f43b9575..4a5b7ec914ef 100644 --- a/rust/kernel/block/mq/request.rs +++ b/rust/kernel/block/mq/request.rs @@ -12,7 +12,7 @@ }; use core::{ marker::PhantomData, - ptr::{addr_of_mut, NonNull}, + ptr::NonNull, sync::atomic::{AtomicU64, Ordering}, }; @@ -187,7 +187,7 @@ pub(crate) fn refcount(&self) -> &AtomicU64 { pub(crate) unsafe fn refcount_ptr(this: *mut Self) -> *mut AtomicU64 { // SAFETY: Because of the safety requirements of this function, the // field projection is safe. - unsafe { addr_of_mut!((*this).refcount) } + unsafe { &raw mut (*this).refcount } } } diff --git a/rust/kernel/faux.rs b/rust/kernel/faux.rs index 5acc0c02d451..52ac554c1119 100644 --- a/rust/kernel/faux.rs +++ b/rust/kernel/faux.rs @@ -7,7 +7,7 @@ //! C header: [`include/linux/device/faux.h`] use crate::{bindings, device, error::code::*, prelude::*}; -use core::ptr::{addr_of_mut, null, null_mut, NonNull}; +use core::ptr::{null, null_mut, NonNull}; /// The registration of a faux device. /// @@ -45,7 +45,7 @@ impl AsRef<device::Device> for Registration { fn as_ref(&self) -> &device::Device { // SAFETY: The underlying `device` in `faux_device` is guaranteed by the C API to be // a valid initialized `device`. - unsafe { device::Device::as_ref(addr_of_mut!((*self.as_raw()).dev)) } + unsafe { device::Device::as_ref((&raw mut (*self.as_raw()).dev)) } } } diff --git a/rust/kernel/fs/file.rs b/rust/kernel/fs/file.rs index ed57e0137cdb..7ee4830b67f3 100644 --- a/rust/kernel/fs/file.rs +++ b/rust/kernel/fs/file.rs @@ -331,7 +331,7 @@ pub fn flags(&self) -> u32 { // SAFETY: The file is valid because the shared reference guarantees a nonzero refcount. // // FIXME(read_once): Replace with `read_once` when available on the Rust side. - unsafe { core::ptr::addr_of!((*self.as_ptr()).f_flags).read_volatile() } + unsafe { (&raw const (*self.as_ptr()).f_flags).read_volatile() } } } diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs index 7fd1ea8265a5..a8fac6558671 100644 --- a/rust/kernel/init.rs +++ b/rust/kernel/init.rs @@ -122,7 +122,7 @@ //! ```rust //! # #![expect(unreachable_pub, clippy::disallowed_names)] //! use kernel::{init, types::Opaque}; -//! use core::{ptr::addr_of_mut, marker::PhantomPinned, pin::Pin}; +//! use core::{marker::PhantomPinned, pin::Pin}; //! # mod bindings { //! # #![expect(non_camel_case_types)] //! # #![expect(clippy::missing_safety_doc)] @@ -159,7 +159,7 @@ //! unsafe { //! init::pin_init_from_closure(move |slot: *mut Self| { //! // `slot` contains uninit memory, avoid creating a reference. -//! let foo = addr_of_mut!((*slot).foo); +//! let foo = &raw mut (*slot).foo; //! //! // Initialize the `foo` //! bindings::init_foo(Opaque::raw_get(foo)); @@ -541,7 +541,7 @@ macro_rules! stack_try_pin_init { /// /// ```rust /// # use kernel::{macros::{Zeroable, pin_data}, pin_init}; -/// # use core::{ptr::addr_of_mut, marker::PhantomPinned}; +/// # use core::marker::PhantomPinned; /// #[pin_data] /// #[derive(Zeroable)] /// struct Buf { @@ -554,7 +554,7 @@ macro_rules! stack_try_pin_init { /// pin_init!(&this in Buf { /// buf: [0; 64], /// // SAFETY: TODO. -/// ptr: unsafe { addr_of_mut!((*this.as_ptr()).buf).cast() }, +/// ptr: unsafe { &raw mut (*this.as_ptr()).buf.cast() }, /// pin: PhantomPinned, /// }); /// pin_init!(Buf { diff --git a/rust/kernel/init/macros.rs b/rust/kernel/init/macros.rs index 1fd146a83241..af525fbb2f01 100644 --- a/rust/kernel/init/macros.rs +++ b/rust/kernel/init/macros.rs @@ -244,25 +244,25 @@ //! struct __InitOk; //! // This is the expansion of `t,`, which is syntactic sugar for `t: t,`. //! { -//! unsafe { ::core::ptr::write(::core::addr_of_mut!((*slot).t), t) }; +//! unsafe { ::core::ptr::write(&raw mut (*slot).t, t) }; //! } //! // Since initialization could fail later (not in this case, since the //! // error type is `Infallible`) we will need to drop this field if there //! // is an error later. This `DropGuard` will drop the field when it gets //! // dropped and has not yet been forgotten. //! let __t_guard = unsafe { -//! ::pinned_init::__internal::DropGuard::new(::core::addr_of_mut!((*slot).t)) +//! ::pinned_init::__internal::DropGuard::new(&raw mut (*slot).t) //! }; //! // Expansion of `x: 0,`: //! // Since this can be an arbitrary expression we cannot place it inside //! // of the `unsafe` block, so we bind it here. //! { //! let x = 0; -//! unsafe { ::core::ptr::write(::core::addr_of_mut!((*slot).x), x) }; +//! unsafe { ::core::ptr::write(&raw mut (*slot).x, x) }; //! } //! // We again create a `DropGuard`. //! let __x_guard = unsafe { -//! ::kernel::init::__internal::DropGuard::new(::core::addr_of_mut!((*slot).x)) +//! ::kernel::init::__internal::DropGuard::new(&raw mut (*slot).x) //! }; //! // Since initialization has successfully completed, we can now forget //! // the guards. This is not `mem::forget`, since we only have @@ -459,15 +459,15 @@ //! { //! struct __InitOk; //! { -//! unsafe { ::core::ptr::write(::core::addr_of_mut!((*slot).a), a) }; +//! unsafe { ::core::ptr::write(&raw mut (*slot).a, a) }; //! } //! let __a_guard = unsafe { -//! ::kernel::init::__internal::DropGuard::new(::core::addr_of_mut!((*slot).a)) +//! ::kernel::init::__internal::DropGuard::new(&raw mut (*slot).a) //! }; //! let init = Bar::new(36); -//! unsafe { data.b(::core::addr_of_mut!((*slot).b), b)? }; +//! unsafe { data.b(&raw mut (*slot).b, b)? }; //! let __b_guard = unsafe { -//! ::kernel::init::__internal::DropGuard::new(::core::addr_of_mut!((*slot).b)) +//! ::kernel::init::__internal::DropGuard::new(&raw mut (*slot).b) //! }; //! ::core::mem::forget(__b_guard); //! ::core::mem::forget(__a_guard); @@ -1210,7 +1210,7 @@ fn assert_zeroable<T: $crate::init::Zeroable>(_: *mut T) {} // SAFETY: `slot` is valid, because we are inside of an initializer closure, we // return when an error/panic occurs. // We also use the `data` to require the correct trait (`Init` or `PinInit`) for `$field`. - unsafe { $data.$field(::core::ptr::addr_of_mut!((*$slot).$field), init)? }; + unsafe { $data.$field(&raw mut (*$slot).$field, init)? }; // Create the drop guard: // // We rely on macro hygiene to make it impossible for users to access this local variable. @@ -1218,7 +1218,7 @@ fn assert_zeroable<T: $crate::init::Zeroable>(_: *mut T) {} ::kernel::macros::paste! { // SAFETY: We forget the guard later when initialization has succeeded. let [< __ $field _guard >] = unsafe { - $crate::init::__internal::DropGuard::new(::core::ptr::addr_of_mut!((*$slot).$field)) + $crate::init::__internal::DropGuard::new(&raw mut (*$slot).$field) }; $crate::__init_internal!(init_slot($use_data): @@ -1241,7 +1241,7 @@ fn assert_zeroable<T: $crate::init::Zeroable>(_: *mut T) {} // // SAFETY: `slot` is valid, because we are inside of an initializer closure, we // return when an error/panic occurs. - unsafe { $crate::init::Init::__init(init, ::core::ptr::addr_of_mut!((*$slot).$field))? }; + unsafe { $crate::init::Init::__init(init, &raw mut (*$slot).$field)? }; // Create the drop guard: // // We rely on macro hygiene to make it impossible for users to access this local variable. @@ -1249,7 +1249,7 @@ fn assert_zeroable<T: $crate::init::Zeroable>(_: *mut T) {} ::kernel::macros::paste! { // SAFETY: We forget the guard later when initialization has succeeded. let [< __ $field _guard >] = unsafe { - $crate::init::__internal::DropGuard::new(::core::ptr::addr_of_mut!((*$slot).$field)) + $crate::init::__internal::DropGuard::new(&raw mut (*$slot).$field) }; $crate::__init_internal!(init_slot(): @@ -1272,7 +1272,7 @@ fn assert_zeroable<T: $crate::init::Zeroable>(_: *mut T) {} // Initialize the field. // // SAFETY: The memory at `slot` is uninitialized. - unsafe { ::core::ptr::write(::core::ptr::addr_of_mut!((*$slot).$field), $field) }; + unsafe { ::core::ptr::write(&raw mut (*$slot).$field, $field) }; } // Create the drop guard: // @@ -1281,7 +1281,7 @@ fn assert_zeroable<T: $crate::init::Zeroable>(_: *mut T) {} ::kernel::macros::paste! { // SAFETY: We forget the guard later when initialization has succeeded. let [< __ $field _guard >] = unsafe { - $crate::init::__internal::DropGuard::new(::core::ptr::addr_of_mut!((*$slot).$field)) + $crate::init::__internal::DropGuard::new(&raw mut (*$slot).$field) }; $crate::__init_internal!(init_slot($($use_data)?): diff --git a/rust/kernel/jump_label.rs b/rust/kernel/jump_label.rs index 4e974c768dbd..ca10abae0eee 100644 --- a/rust/kernel/jump_label.rs +++ b/rust/kernel/jump_label.rs @@ -20,8 +20,8 @@ #[macro_export] macro_rules! static_branch_unlikely { ($key:path, $keytyp:ty, $field:ident) => {{ - let _key: *const $keytyp = ::core::ptr::addr_of!($key); - let _key: *const $crate::bindings::static_key_false = ::core::ptr::addr_of!((*_key).$field); + let _key: *const $keytyp = &raw const $key; + let _key: *const $crate::bindings::static_key_false = &raw const (*_key).$field; let _key: *const $crate::bindings::static_key = _key.cast(); #[cfg(not(CONFIG_JUMP_LABEL))] diff --git a/rust/kernel/kunit.rs b/rust/kernel/kunit.rs index 824da0e9738a..a17ef3b2e860 100644 --- a/rust/kernel/kunit.rs +++ b/rust/kernel/kunit.rs @@ -128,9 +128,9 @@ unsafe impl Sync for UnaryAssert {} unsafe { $crate::bindings::__kunit_do_failed_assertion( kunit_test, - core::ptr::addr_of!(LOCATION.0), + &raw const LOCATION.0, $crate::bindings::kunit_assert_type_KUNIT_ASSERTION, - core::ptr::addr_of!(ASSERTION.0.assert), + &raw const ASSERTION.0.assert, Some($crate::bindings::kunit_unary_assert_format), core::ptr::null(), ); diff --git a/rust/kernel/list.rs b/rust/kernel/list.rs index c0ed227b8a4f..e98f0820f002 100644 --- a/rust/kernel/list.rs +++ b/rust/kernel/list.rs @@ -176,7 +176,7 @@ pub fn new() -> impl PinInit<Self> { #[inline] unsafe fn fields(me: *mut Self) -> *mut ListLinksFields { // SAFETY: The caller promises that the pointer is valid. - unsafe { Opaque::raw_get(ptr::addr_of!((*me).inner)) } + unsafe { Opaque::raw_get(&raw const (*me).inner) } } /// # Safety diff --git a/rust/kernel/list/impl_list_item_mod.rs b/rust/kernel/list/impl_list_item_mod.rs index a0438537cee1..014b6713d59d 100644 --- a/rust/kernel/list/impl_list_item_mod.rs +++ b/rust/kernel/list/impl_list_item_mod.rs @@ -49,7 +49,7 @@ macro_rules! impl_has_list_links { // SAFETY: The implementation of `raw_get_list_links` only compiles if the field has the // right type. // - // The behavior of `raw_get_list_links` is not changed since the `addr_of_mut!` macro is + // The behavior of `raw_get_list_links` is not changed since the `&raw mut` op is // equivalent to the pointer offset operation in the trait definition. unsafe impl$(<$($implarg),*>)? $crate::list::HasListLinks$(<$id>)? for $self $(<$($selfarg),*>)? @@ -61,7 +61,7 @@ unsafe fn raw_get_list_links(ptr: *mut Self) -> *mut $crate::list::ListLinks$(<$ // SAFETY: The caller promises that the pointer is not dangling. We know that this // expression doesn't follow any pointers, as the `offset_of!` invocation above // would otherwise not compile. - unsafe { ::core::ptr::addr_of_mut!((*ptr)$(.$field)*) } + unsafe { &raw mut (*ptr)$(.$field)* } } } )*}; @@ -103,7 +103,7 @@ macro_rules! impl_has_list_links_self_ptr { unsafe fn raw_get_list_links(ptr: *mut Self) -> *mut $crate::list::ListLinks$(<$id>)? { // SAFETY: The caller promises that the pointer is not dangling. let ptr: *mut $crate::list::ListLinksSelfPtr<$item_type $(, $id)?> = - unsafe { ::core::ptr::addr_of_mut!((*ptr).$field) }; + unsafe { &raw mut (*ptr).$field }; ptr.cast() } } diff --git a/rust/kernel/net/phy.rs b/rust/kernel/net/phy.rs index a59469c785e3..757db052cc09 100644 --- a/rust/kernel/net/phy.rs +++ b/rust/kernel/net/phy.rs @@ -7,7 +7,7 @@ //! C headers: [`include/linux/phy.h`](srctree/include/linux/phy.h). use crate::{error::*, prelude::*, types::Opaque}; -use core::{marker::PhantomData, ptr::addr_of_mut}; +use core::marker::PhantomData; pub mod reg; @@ -285,7 +285,7 @@ impl AsRef<kernel::device::Device> for Device { fn as_ref(&self) -> &kernel::device::Device { let phydev = self.0.get(); // SAFETY: The struct invariant ensures that `mdio.dev` is valid. - unsafe { kernel::device::Device::as_ref(addr_of_mut!((*phydev).mdio.dev)) } + unsafe { kernel::device::Device::as_ref(&raw mut (*phydev).mdio.dev) } } } diff --git a/rust/kernel/pci.rs b/rust/kernel/pci.rs index f7b2743828ae..6cb9ed1e7cbf 100644 --- a/rust/kernel/pci.rs +++ b/rust/kernel/pci.rs @@ -17,7 +17,7 @@ types::{ARef, ForeignOwnable, Opaque}, ThisModule, }; -use core::{ops::Deref, ptr::addr_of_mut}; +use core::ops::Deref; use kernel::prelude::*; /// An adapter for the registration of PCI drivers. @@ -60,7 +60,7 @@ extern "C" fn probe_callback( ) -> kernel::ffi::c_int { // SAFETY: The PCI bus only ever calls the probe callback with a valid pointer to a // `struct pci_dev`. - let dev = unsafe { device::Device::get_device(addr_of_mut!((*pdev).dev)) }; + let dev = unsafe { device::Device::get_device(&raw mut (*pdev).dev) }; // SAFETY: `dev` is guaranteed to be embedded in a valid `struct pci_dev` by the call // above. let mut pdev = unsafe { Device::from_dev(dev) }; diff --git a/rust/kernel/platform.rs b/rust/kernel/platform.rs index 1297f5292ba9..344875ad7b82 100644 --- a/rust/kernel/platform.rs +++ b/rust/kernel/platform.rs @@ -14,8 +14,6 @@ ThisModule, }; -use core::ptr::addr_of_mut; - /// An adapter for the registration of platform drivers. pub struct Adapter<T: Driver>(T); @@ -55,7 +53,7 @@ unsafe fn unregister(pdrv: &Opaque<Self::RegType>) { impl<T: Driver + 'static> Adapter<T> { extern "C" fn probe_callback(pdev: *mut bindings::platform_device) -> kernel::ffi::c_int { // SAFETY: The platform bus only ever calls the probe callback with a valid `pdev`. - let dev = unsafe { device::Device::get_device(addr_of_mut!((*pdev).dev)) }; + let dev = unsafe { device::Device::get_device(&raw mut (*pdev).dev) }; // SAFETY: `dev` is guaranteed to be embedded in a valid `struct platform_device` by the // call above. let mut pdev = unsafe { Device::from_dev(dev) }; diff --git a/rust/kernel/rbtree.rs b/rust/kernel/rbtree.rs index 1ea25c7092fb..b0ad35663cb0 100644 --- a/rust/kernel/rbtree.rs +++ b/rust/kernel/rbtree.rs @@ -11,7 +11,7 @@ cmp::{Ord, Ordering}, marker::PhantomData, mem::MaybeUninit, - ptr::{addr_of_mut, from_mut, NonNull}, + ptr::{from_mut, NonNull}, }; /// A red-black tree with owned nodes. @@ -238,7 +238,7 @@ pub fn values_mut(&mut self) -> impl Iterator<Item = &'_ mut V> { /// Returns a cursor over the tree nodes, starting with the smallest key. pub fn cursor_front(&mut self) -> Option<Cursor<'_, K, V>> { - let root = addr_of_mut!(self.root); + let root = &raw mut self.root; // SAFETY: `self.root` is always a valid root node let current = unsafe { bindings::rb_first(root) }; NonNull::new(current).map(|current| { @@ -253,7 +253,7 @@ pub fn cursor_front(&mut self) -> Option<Cursor<'_, K, V>> { /// Returns a cursor over the tree nodes, starting with the largest key. pub fn cursor_back(&mut self) -> Option<Cursor<'_, K, V>> { - let root = addr_of_mut!(self.root); + let root = &raw mut self.root; // SAFETY: `self.root` is always a valid root node let current = unsafe { bindings::rb_last(root) }; NonNull::new(current).map(|current| { @@ -459,7 +459,7 @@ pub fn cursor_lower_bound(&mut self, key: &K) -> Option<Cursor<'_, K, V>> let best = best_match?; // SAFETY: `best` is a non-null node so it is valid by the type invariants. - let links = unsafe { addr_of_mut!((*best.as_ptr()).links) }; + let links = unsafe { &raw mut (*best.as_ptr()).links }; NonNull::new(links).map(|current| { // INVARIANT: @@ -767,7 +767,7 @@ pub fn remove_current(self) -> (Option<Self>, RBTreeNode<K, V>) { let node = RBTreeNode { node }; // SAFETY: The reference to the tree used to create the cursor outlives the cursor, so // the tree cannot change. By the tree invariant, all nodes are valid. - unsafe { bindings::rb_erase(&mut (*this).links, addr_of_mut!(self.tree.root)) }; + unsafe { bindings::rb_erase(&mut (*this).links, &raw mut self.tree.root) }; let current = match (prev, next) { (_, Some(next)) => next, @@ -803,7 +803,7 @@ fn remove_neighbor(&mut self, direction: Direction) -> Option<RBTreeNode<K, V>> let neighbor = neighbor.as_ptr(); // SAFETY: The reference to the tree used to create the cursor outlives the cursor, so // the tree cannot change. By the tree invariant, all nodes are valid. - unsafe { bindings::rb_erase(neighbor, addr_of_mut!(self.tree.root)) }; + unsafe { bindings::rb_erase(neighbor, &raw mut self.tree.root) }; // SAFETY: By the type invariant of `Self`, all non-null `rb_node` pointers stored in `self` // point to the links field of `Node<K, V>` objects. let this = unsafe { container_of!(neighbor, Node<K, V>, links) }.cast_mut(); @@ -918,7 +918,7 @@ unsafe fn to_key_value_raw<'b>(node: NonNull<bindings::rb_node>) -> (&'b K, *mut let k = unsafe { &(*this).key }; // SAFETY: The passed `node` is the current node or a non-null neighbor, // thus `this` is valid by the type invariants. - let v = unsafe { addr_of_mut!((*this).value) }; + let v = unsafe { &raw mut (*this).value }; (k, v) } } @@ -1027,7 +1027,7 @@ fn next(&mut self) -> Option<Self::Item> { self.next = unsafe { bindings::rb_next(self.next) }; // SAFETY: By the same reasoning above, it is safe to dereference the node. - Some(unsafe { (addr_of_mut!((*cur).key), addr_of_mut!((*cur).value)) }) + Some(unsafe { (&raw mut (*cur).key, &raw mut (*cur).value) }) } } @@ -1170,7 +1170,7 @@ fn insert(self, node: RBTreeNode<K, V>) -> &'a mut V { // SAFETY: `node` is valid at least until we call `Box::from_raw`, which only happens when // the node is removed or replaced. - let node_links = unsafe { addr_of_mut!((*node).links) }; + let node_links = unsafe { &raw mut (*node).links }; // INVARIANT: We are linking in a new node, which is valid. It remains valid because we // "forgot" it with `Box::into_raw`. @@ -1178,7 +1178,7 @@ fn insert(self, node: RBTreeNode<K, V>) -> &'a mut V { unsafe { bindings::rb_link_node(node_links, self.parent, self.child_field_of_parent) }; // SAFETY: All pointers are valid. `node` has just been inserted into the tree. - unsafe { bindings::rb_insert_color(node_links, addr_of_mut!((*self.rbtree).root)) }; + unsafe { bindings::rb_insert_color(node_links, &raw mut (*self.rbtree).root) }; // SAFETY: The node is valid until we remove it from the tree. unsafe { &mut (*node).value } @@ -1261,7 +1261,7 @@ fn replace(self, node: RBTreeNode<K, V>) -> RBTreeNode<K, V> { // SAFETY: `node` is valid at least until we call `Box::from_raw`, which only happens when // the node is removed or replaced. - let new_node_links = unsafe { addr_of_mut!((*node).links) }; + let new_node_links = unsafe { &raw mut (*node).links }; // SAFETY: This updates the pointers so that `new_node_links` is in the tree where // `self.node_links` used to be. diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index 3cefda7a4372..81d8b0f84957 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -243,7 +243,7 @@ pub fn into_raw(self) -> *const T { let ptr = self.ptr.as_ptr(); core::mem::forget(self); // SAFETY: The pointer is valid. - unsafe { core::ptr::addr_of!((*ptr).data) } + unsafe { &raw const (*ptr).data } } /// Recreates an [`Arc`] instance previously deconstructed via [`Arc::into_raw`]. diff --git a/rust/kernel/task.rs b/rust/kernel/task.rs index 49012e711942..b2ac768eed23 100644 --- a/rust/kernel/task.rs +++ b/rust/kernel/task.rs @@ -257,7 +257,7 @@ pub fn as_ptr(&self) -> *mut bindings::task_struct { pub fn group_leader(&self) -> &Task { // SAFETY: The group leader of a task never changes after initialization, so reading this // field is not a data race. - let ptr = unsafe { *ptr::addr_of!((*self.as_ptr()).group_leader) }; + let ptr = unsafe { *(&raw const (*self.as_ptr()).group_leader) }; // SAFETY: The lifetime of the returned task reference is tied to the lifetime of `self`, // and given that a task has a reference to its group leader, we know it must be valid for @@ -269,7 +269,7 @@ pub fn group_leader(&self) -> &Task { pub fn pid(&self) -> Pid { // SAFETY: The pid of a task never changes after initialization, so reading this field is // not a data race. - unsafe { *ptr::addr_of!((*self.as_ptr()).pid) } + unsafe { *(&raw const (*self.as_ptr()).pid) } } /// Returns the UID of the given task. diff --git a/rust/kernel/workqueue.rs b/rust/kernel/workqueue.rs index 0cd100d2aefb..34e8abb38974 100644 --- a/rust/kernel/workqueue.rs +++ b/rust/kernel/workqueue.rs @@ -401,9 +401,9 @@ pub fn new(name: &'static CStr, key: &'static LockClassKey) -> impl PinInit<Self pub unsafe fn raw_get(ptr: *const Self) -> *mut bindings::work_struct { // SAFETY: The caller promises that the pointer is aligned and not dangling. // - // A pointer cast would also be ok due to `#[repr(transparent)]`. We use `addr_of!` so that - // the compiler does not complain that the `work` field is unused. - unsafe { Opaque::raw_get(core::ptr::addr_of!((*ptr).work)) } + // A pointer cast would also be ok due to `#[repr(transparent)]`. We use `&raw const (*ptr).work` + // so that the compiler does not complain that the `work` field is unused. + unsafe { Opaque::raw_get(&raw const (*ptr).work) } } } @@ -510,7 +510,7 @@ macro_rules! impl_has_work { unsafe fn raw_get_work(ptr: *mut Self) -> *mut $crate::workqueue::Work<$work_type $(, $id)?> { // SAFETY: The caller promises that the pointer is not dangling. unsafe { - ::core::ptr::addr_of_mut!((*ptr).$field) + &raw mut (*ptr).$field } } } -- 2.48.1

6 months

1
0
0 0

[RFC PATCH v1 0/2] mseal: allow noop mprotect

by jeffxu＠chromium.org

From: Jeff Xu <jeffxu(a)chromium.org> Initially, when mseal was introduced in 6.10, semantically, when a VMA within the specified address range is sealed, the mprotect will be rejected, leaving all of VMA unmodified. However, adding an extra loop to check the mseal flag for every VMA slows things down a bit, therefore in 6.12, this issue was solved by removing can_modify_mm and checking each VMA’s mseal flag directly without an extra loop [1]. This is a semantic change, i.e. partial update is allowed, VMAs can be updated until a sealed VMA is found. The new semantic also means, we could allow mprotect on a sealed VMA if the new attribute of VMA remains the same as the old one. Relaxing this avoids unnecessary impacts for applications that want to seal a particular mapping. Doing this also has no security impact. The mseal_test is also modified by this patch to adapt to the new semantic. Please note, mseal_test is currently undergoing refactoring, and eventually will be replaced with a new memory sealing selftest. In this patch, I only make a minimum change to make it pass. I considered adding a new testcase in mseal_test to cover this new behavior, however, the existing mseal_test is using wrong patterns and won’t pass the review. Such a new test is better to be added in the new refactored memory sealing tests. The refactoring is currently pending review [2]. [1] https://lore.kernel.org/all/20240817-mseal-depessimize-v3-0-d8d2e037df30@gm… [2] https://lore.kernel.org/all/20241211053311.245636-1-jeffxu@google.com/ Jeff Xu (2): selftests/mm: mseal_test: avoid using no-op mprotect mseal: allow noop mprotect mm/mprotect.c | 6 +++--- tools/testing/selftests/mm/mseal_test.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) -- 2.49.0.rc0.332.g42c0ae87b1-goog

6 months

5
10
0 0

[PATCH] selftests/bpf: Fix sockopt selftest failure on powerpc

by Saket Kumar Bhaskar

The SO_RCVLOWAT option is defined as 18 in the selftest header, which matches the generic definition. However, on powerpc, SO_RCVLOWAT is defined as 16. This discrepancy causes sol_socket_sockopt() to fail with the default switch case on powerpc. This commit fixes by defining SO_RCVLOWAT as 16 for powerpc. Signed-off-by: Saket Kumar Bhaskar <skb99(a)linux.ibm.com> --- tools/testing/selftests/bpf/progs/bpf_tracing_net.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/testing/selftests/bpf/progs/bpf_tracing_net.h b/tools/testing/selftests/bpf/progs/bpf_tracing_net.h index 59843b430f76..bcd44d5018bf 100644 --- a/tools/testing/selftests/bpf/progs/bpf_tracing_net.h +++ b/tools/testing/selftests/bpf/progs/bpf_tracing_net.h @@ -15,7 +15,11 @@ #define SO_KEEPALIVE 9 #define SO_PRIORITY 12 #define SO_REUSEPORT 15 +#if defined(__TARGET_ARCH_powerpc) +#define SO_RCVLOWAT 16 +#else #define SO_RCVLOWAT 18 +#endif #define SO_BINDTODEVICE 25 #define SO_MARK 36 #define SO_MAX_PACING_RATE 47 -- 2.43.5

6 months

3
2
0 0

Error during --arch x86_64 kunit test run

by Shuah Khan

David, Brendan, Rae, I am seeing the following error when I run ./tools/testing/kunit/kunit.py run --arch x86_64 ERROR:root:ld:arch/x86/realmode/rm/realmode.lds:236: undefined symbol `sev_es_trampoline_start' referenced in expression I isolated it to dependency on CONFIG_AMD_MEM_ENCRYPT I added the option using --kconfig_add ./tools/testing/kunit/kunit.py run --arch x86_64 --kconfig_add CONFIG_AMD_MEM_ENCRYPT=y I see the following RROR:root:Not all Kconfig options selected in kunitconfig were in the generated .config. This is probably due to unsatisfied dependencies. Missing: CONFIG_AMD_MEM_ENCRYPT=y Is there a better way to fix the dependencies? Does kunit default config need changing for x86_64? thanks, -- Shuah

6 months

2
4
0 0

[PATCH v6 0/3] printf: convert self-test to KUnit

by Tamir Duberstein

This is one of just 3 remaining "Test Module" kselftests (the others being bitmap and scanf), the rest having been converted to KUnit. I tested this using: $ tools/testing/kunit/kunit.py run --arch arm64 --make_options LLVM=1 printf I have also sent out a series converting scanf[0]. Link: https://lore.kernel.org/all/20250204-scanf-kunit-convert-v3-0-386d7c3ee714@… [0] Signed-off-by: Tamir Duberstein <tamird(a)gmail.com> --- Changes in v6: - Use __printf correctly on `__test`. (Petr Mladek) - Rebase on linux-next. - Remove leftover references to `printf.sh`. - Update comment in `hash_pointer`. (Petr Mladek) - Avoid overrun in `KUNIT_EXPECT_MEMNEQ`. (Petr Mladek) - Restore trailing newlines on printk strings and add some missing ones. (Petr Mladek) - Use `kunit_skip` on not-yet-initialized crng. (Petr Mladek) - Link to v5: https://lore.kernel.org/r/20250221-printf-kunit-convert-v5-0-5db840301730@g… Changes in v5: - Update `do_test` `__printf` annotation (Rasmus Villemoes). - Link to v4: https://lore.kernel.org/r/20250214-printf-kunit-convert-v4-0-c254572f1565@g… Changes in v4: - Add patch "implicate test line in failure messages". - Rebase on linux-next, move scanf_kunit.c into lib/tests/. - Link to v3: https://lore.kernel.org/r/20250210-printf-kunit-convert-v3-0-ee6ac5500f5e@g… Changes in v3: - Remove extraneous trailing newlines from failure messages. - Replace `pr_warn` with `kunit_warn`. - Drop arch changes. - Remove KUnit boilerplate from CONFIG_PRINTF_KUNIT_TEST help text. - Restore `total_tests` counting. - Remove tc_fail macro in last patch. - Link to v2: https://lore.kernel.org/r/20250207-printf-kunit-convert-v2-0-057b23860823@g… Changes in v2: - Incorporate code review from prior work[0] by Arpitha Raghunandan. - Link to v1: https://lore.kernel.org/r/20250204-printf-kunit-convert-v1-0-ecf1b846a4de@g… Link: https://lore.kernel.org/lkml/20200817043028.76502-1-98.arpi@gmail.com/t/#u [0] --- Tamir Duberstein (3): printf: convert self-test to KUnit printf: break kunit into test cases printf: implicate test line in failure messages Documentation/core-api/printk-formats.rst | 4 +- Documentation/dev-tools/kselftest.rst | 2 +- MAINTAINERS | 2 +- lib/Kconfig.debug | 12 +- lib/Makefile | 1 - lib/tests/Makefile | 1 + lib/{test_printf.c => tests/printf_kunit.c} | 442 ++++++++++++---------------- tools/testing/selftests/kselftest/module.sh | 2 +- tools/testing/selftests/lib/Makefile | 2 +- tools/testing/selftests/lib/config | 1 - tools/testing/selftests/lib/printf.sh | 4 - 11 files changed, 207 insertions(+), 266 deletions(-) --- base-commit: 7ec162622e66a4ff886f8f28712ea1b13069e1aa change-id: 20250131-printf-kunit-convert-fd4012aa2ec6 Best regards, -- Tamir Duberstein <tamird(a)gmail.com>

6 months

3
9
0 0

[PATCH v4 0/6] Fix some issues related to an interrupt type in pci_endpoint_test

by Kunihiko Hayashi

This series solves some issues about global "irq_type" that is used for indicating the current type for users. In addition, avoid an unexpected warning that occur due to interrupts remaining after displaying an error caused by devm_request_irq(). Patch 1 includes adding GET_IRQTYPE test (check for failure). Patch 2-4 include fixes for stable kernels that have global "irq_type". Patch 5-6 include improvements for the latest. Changes since v3: - Add GET_IRQTYPE check to pci_endpoint test in selftests - Add the reason why global variables aren't necessary (patch 5/6) - Add Reviewed-by: lines (patch {2, 4, 6}/6) Changes since v2: - Rebase to v6.14-rc1 - Update message to clarify, and add result of call trace (patch 1/5) - Add Reviewed-by: lines (patch 2/5) - Add new patch to remove global "irq_type" variable (patch 4/5) - Add new patch to replace "devm" version of IRQ functions (patch 5/5) Changes since v1: - Divide original patch into two - Add an error message example - Add "pcitest" display example - Add a patch to fix an interrupt remaining issue Kunihiko Hayashi (6): selftests: pci_endpoint: Add GET_IRQTYPE checks to each interrupt test misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error misc: pci_endpoint_test: Fix displaying irq_type after request_irq error misc: pci_endpoint_test: Fix irq_type to convey the correct type misc: pci_endpoint_test: Remove global 'irq_type' and 'no_msi' misc: pci_endpoint_test: Do not use managed irq functions drivers/misc/pci_endpoint_test.c | 31 +++++++------------ .../pci_endpoint/pci_endpoint_test.c | 11 ++++++- 2 files changed, 21 insertions(+), 21 deletions(-) -- 2.25.1

6 months

4
11
0 0

[PATCH v10 0/8] Buddy allocator like (or non-uniform) folio split

by Zi Yan

Hi all, This patchset adds a new buddy allocator like (or non-uniform) large folio split from a order-n folio to order-m with m < n. It reduces 1. the total number of after-split folios from 2^(n-m) to n-m+1; 2. the amount of memory needed for multi-index xarray split from 2^(n/6-m/6) to n/6-m/6, assuming XA_CHUNK_SHIFT=6; 3. keep more large folios after a split from all order-m folios to order-(n-1) to order-m folios. For example, to split an order-9 to order-0, folio split generates 10 (or 11 for anonymous memory) folios instead of 512, allocates 1 xa_node instead of 8, and leaves 1 order-8, 1 order-7, ..., 1 order-1 and 2 order-0 folios (or 4 order-0 for anonymous memory) instead of 512 order-0 folios. Instead of duplicating existing split_huge_page*() code, __folio_split() is introduced as the shared backend code for both split_huge_page_to_list_to_order() and folio_split(). __folio_split() can support both uniform split and buddy allocator like (or non-uniform) split. All existing split_huge_page*() users can be gradually converted to use folio_split() if possible. In this patchset, I converted truncate_inode_partial_folio() to use folio_split(). xfstests quick group passed for both tmpfs and xfs. I also semi-replicated Hugh's test[12] and ran it without any issue for almost 24 hours. It is on top of mm-everything-2025-03-07-07-55. It is ready to be merged. Changelog === From V9[13] 1. Incorporated Hugh's fixes[14] (Thanks Hugh): a) moved folio_set_order() in __split_folio_to_order() to be called only once for the input folio, b) used folio_test_swapcache() to catch both anon and shmem in swap cache cases, c) moved folio_next() out of for(;;), d) used mapping instead of origin_folio->mapping. 2. Added a TODO in __folio_split(), since large in-swap-cache shmem folio split is not supported yet. 3. Changed __split_folio_to_order() based on David Hildenbrand's MM owner tracking for large folios patchset[15], due to rebasing. From V8[11]: 1. Removed gfp parameter from xas_try_split() and GFP_NOWAIT is used all the time. (per Baolin Wang) 2. Used __xas_init_node_for_split() instead of __xas_alloc_node_for_split() and moved node allocation out. It fixed a bug when xa_node is pre-allocated by xas_nomem() before xas_try_split() is called without being initialized for split. From V7[9]: 1. Fixed a wrong function name in lib/test_xarray.c. 2. Made __split_folio_to_order() never fail, since the old order check is already done in __folio_split(). (per David Hildenbrand) 3. Fixed an issue reported by syzbot[10] by not dropping the original folio during truncate. 4. Fixed a WARNING when READ_ONLY_THP_FOR_FS is enabled. (Thank David Hildenbrand for reporting the issue) 5. Used two separate struct page* parameters, split_at and lock_at, to specify at which subpage the non-uniform split happens and which subpage to keep locked after the split, respectively. It improves code readability. From V6[8]: 1. Added an xarray function xas_try_split() to support iterative folio split, removing the need of using xas_split_alloc() and xas_split(). The function guarantees that at most one xa_node is allocated for each call. 2. Added concrete numbers of after-split folios and xa_node savings to cover letter, commit log. (per Andrew) From V5[7]: 1. Split shmem to any lower order patches are in mm tree, so dropped from this series. 2. Rename split_folio_at() to try_folio_split() to clarify that non-uniform split will not be used if it is not supported. From V4[6]: 1. Enabled shmem support in both uniform and buddy allocator like split and added selftests for it. 2. Added functions to check if uniform split and buddy allocator like split are supported for the given folio and order. 3. Made truncate fall back to uniform split if buddy allocator split is not supported (CONFIG_READ_ONLY_THP_FOR_FS and FS without large folio). 4. Added the missing folio_clear_has_hwpoisoned() to __split_unmapped_folio(). From V3[5]: 1. Used xas_split_alloc(GFP_NOWAIT) instead of xas_nomem(), since extra operations inside xas_split_alloc() are needed for correctness. 2. Enabled folio_split() for shmem and no issue was found with xfstests quick test group. 3. Split both ends of a truncate range in truncate_inode_partial_folio() to avoid wasting memory in shmem truncate (per David Hildenbrand). 4. Removed page_in_folio_offset() since page_folio() does the same thing. 5. Finished truncate related tests from xfstests quick test group on XFS and tmpfs without issues. 6. Disabled buddy allocator like split on CONFIG_READ_ONLY_THP_FOR_FS and FS without large folio. This check was missed in the prior versions. From V2[3]: 1. Incorporated all the feedback from Kirill[4]. 2. Used GFP_NOWAIT for xas_nomem(). 3. Tested the code path when xas_nomem() fails. 4. Added selftests for folio_split(). 5. Fixed no THP config build error. From V1[2]: 1. Split the original patch 1 into multiple ones for easy review (per Kirill). 2. Added xas_destroy() to avoid memory leak. 3. Fixed nr_dropped not used error (per kernel test robot). 4. Added proper error handling when xas_nomem() fails to allocate memory for xas_split() during buddy allocator like split. From RFC[1]: 1. Merged backend code of split_huge_page_to_list_to_order() and folio_split(). The same code is used for both uniform split and buddy allocator like split. 2. Use xas_nomem() instead of xas_split_alloc() for folio_split(). 3. folio_split() now leaves the first after-split folio unlocked, instead of the one containing the given page, since the caller of truncate_inode_partial_folio() locks and unlocks the first folio. 4. Extended split_huge_page debugfs to use folio_split(). 5. Added truncate_inode_partial_folio() as first user of folio_split(). Design === folio_split() splits a large folio in the same way as buddy allocator splits a large free page for allocation. The purpose is to minimize the number of folios after the split. For example, if user wants to free the 3rd subpage in a order-9 folio, folio_split() will split the order-9 folio as: O-0, O-0, O-0, O-0, O-2, O-3, O-4, O-5, O-6, O-7, O-8 if it is anon O-1, O-0, O-0, O-2, O-3, O-4, O-5, O-6, O-7, O-9 if it is pagecache Since anon folio does not support order-1 yet. The split process is similar to existing approach: 1. Unmap all page mappings (split PMD mappings if exist); 2. Split meta data like memcg, page owner, page alloc tag; 3. Copy meta data in struct folio to sub pages, but instead of spliting the whole folio into multiple smaller ones with the same order in a shot, this approach splits the folio iteratively. Taking the example above, this approach first splits the original order-9 into two order-8, then splits left part of order-8 to two order-7 and so on; 4. Post-process split folios, like write mapping->i_pages for pagecache, adjust folio refcounts, add split folios to corresponding list; 5. Remap split folios 6. Unlock split folios. __split_unmapped_folio() and __split_folio_to_order() replace __split_huge_page() and __split_huge_page_tail() respectively. __split_unmapped_folio() uses different approaches to perform uniform split and buddy allocator like split: 1. uniform split: one single call to __split_folio_to_order() is used to uniformly split the given folio. All resulting folios are put back to the list after split. The folio containing the given page is left to caller to unlock and others are unlocked. 2. buddy allocator like (or non-uniform) split: (old_order - new_order) calls to __split_folio_to_order() are used to split the given folio at order N to order N-1. After each call, the target folio is changed to the one containing the page, which is given as a folio_split() parameter. After each call, folios not containing the page are put back to the list. The folio containing the page is put back to the list when its order is new_order. All folios are unlocked except the first folio, which is left to caller to unlock. Patch Overview === 1. Patch 1 added a new xarray function xas_try_split() to perform iterative xarray split. 2. Patch 2 added __split_unmapped_folio() and __split_folio_to_order() to prepare for moving to new backend split code. 3. Patch 3 moved common code in split_huge_page_to_list_to_order() to __folio_split(). 4. Patch 4 added new folio_split() and made split_huge_page_to_list_to_order() share the new __split_unmapped_folio() with folio_split(). 5. Patch 5 removed no longer used __split_huge_page() and __split_huge_page_tail(). 6. Patch 6 added a new in_folio_offset to split_huge_page debugfs for folio_split() test. 7. Patch 7 used try_folio_split() for truncate operation. 8. Patch 8 added folio_split() tests. Any comments and/or suggestions are welcome. Thanks. [1] https://lore.kernel.org/linux-mm/20241008223748.555845-1-ziy@nvidia.com/ [2] https://lore.kernel.org/linux-mm/20241028180932.1319265-1-ziy@nvidia.com/ [3] https://lore.kernel.org/linux-mm/20241101150357.1752726-1-ziy@nvidia.com/ [4] https://lore.kernel.org/linux-mm/e6ppwz5t4p4kvir6eqzoto4y5fmdjdxdyvxvtw43nc… [5] https://lore.kernel.org/linux-mm/20241205001839.2582020-1-ziy@nvidia.com/ [6] https://lore.kernel.org/linux-mm/20250106165513.104899-1-ziy@nvidia.com/ [7] https://lore.kernel.org/linux-mm/20250116211042.741543-1-ziy@nvidia.com/ [8] https://lore.kernel.org/linux-mm/20250205031417.1771278-1-ziy@nvidia.com/ [9] https://lore.kernel.org/linux-mm/20250211155034.268962-1-ziy@nvidia.com/ [10] https://lore.kernel.org/all/67af65cb.050a0220.21dd3.004a.GAE@google.com/ [11] https://lore.kernel.org/linux-mm/20250218235012.1542225-1-ziy@nvidia.com/ [12] https://lore.kernel.org/linux-mm/D45D4F01-E5A5-47E6-8724-01610CC192CC@nvidi… [13] https://lore.kernel.org/linux-mm/20250226210032.2044041-1-ziy@nvidia.com/ [14] https://lore.kernel.org/linux-mm/2fae27fe-6e2e-3587-4b68-072118d80cf8@googl… [15] https://lore.kernel.org/all/20250303163014.1128035-4-david@redhat.com/ Zi Yan (8): xarray: add xas_try_split() to split a multi-index entry mm/huge_memory: add two new (not yet used) functions for folio_split() mm/huge_memory: move folio split common code to __folio_split() mm/huge_memory: add buddy allocator like (non-uniform) folio_split() mm/huge_memory: remove the old, unused __split_huge_page() mm/huge_memory: add folio_split() to debugfs testing interface mm/truncate: use folio_split() in truncate operation selftests/mm: add tests for folio_split(), buddy allocator like split Documentation/core-api/xarray.rst | 14 +- include/linux/huge_mm.h | 36 + include/linux/xarray.h | 6 + lib/test_xarray.c | 52 ++ lib/xarray.c | 132 ++- mm/huge_memory.c | 786 ++++++++++++------ mm/truncate.c | 37 +- tools/testing/radix-tree/Makefile | 1 + .../selftests/mm/split_huge_page_test.c | 34 +- 9 files changed, 809 insertions(+), 289 deletions(-) -- 2.47.2

6 months

2
16
0 0

[PATCH net 7/7] selftests: net: test for lwtunnel dst ref loops

by Justin Iurman

As recently specified by commit 0ea09cbf8350 ("docs: netdev: add a note on selftest posting") in net-next, the selftest is therefore shipped in this series. However, this selftest does not really test this series. It needs this series to avoid crashing the kernel. What it really tests, thanks to kmemleak, is what was fixed by the following commits: - commit c71a192976de ("net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels") - commit 92191dd10730 ("net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels") - commit c64a0727f9b1 ("net: ipv6: fix dst ref loop on input in seg6 lwt") - commit 13e55fbaec17 ("net: ipv6: fix dst ref loop on input in rpl lwt") - commit 0e7633d7b95b ("net: ipv6: fix dst ref loop in ila lwtunnel") - commit 5da15a9c11c1 ("net: ipv6: fix missing dst ref drop in ila lwtunnel") Cc: Shuah Khan <shuah(a)kernel.org> Cc: linux-kselftest(a)vger.kernel.org Signed-off-by: Justin Iurman <justin.iurman(a)uliege.be> --- tools/testing/selftests/net/Makefile | 1 + tools/testing/selftests/net/config | 2 + .../selftests/net/lwt_dst_cache_ref_loop.sh | 250 ++++++++++++++++++ 3 files changed, 253 insertions(+) create mode 100755 tools/testing/selftests/net/lwt_dst_cache_ref_loop.sh diff --git a/tools/testing/selftests/net/Makefile b/tools/testing/selftests/net/Makefile index 73ee88d6b043..8f32b4f01aee 100644 --- a/tools/testing/selftests/net/Makefile +++ b/tools/testing/selftests/net/Makefile @@ -100,6 +100,7 @@ TEST_PROGS += vlan_bridge_binding.sh TEST_PROGS += bpf_offload.py TEST_PROGS += ipv6_route_update_soft_lockup.sh TEST_PROGS += busy_poll_test.sh +TEST_PROGS += lwt_dst_cache_ref_loop.sh # YNL files, must be before "include ..lib.mk" YNL_GEN_FILES := busy_poller netlink-dumps diff --git a/tools/testing/selftests/net/config b/tools/testing/selftests/net/config index 5b9baf708950..61e5116987f3 100644 --- a/tools/testing/selftests/net/config +++ b/tools/testing/selftests/net/config @@ -107,3 +107,5 @@ CONFIG_XFRM_INTERFACE=m CONFIG_XFRM_USER=m CONFIG_IP_NF_MATCH_RPFILTER=m CONFIG_IP6_NF_MATCH_RPFILTER=m +CONFIG_IPV6_ILA=m +CONFIG_IPV6_RPL_LWTUNNEL=y diff --git a/tools/testing/selftests/net/lwt_dst_cache_ref_loop.sh b/tools/testing/selftests/net/lwt_dst_cache_ref_loop.sh new file mode 100755 index 000000000000..9161f16154a5 --- /dev/null +++ b/tools/testing/selftests/net/lwt_dst_cache_ref_loop.sh @@ -0,0 +1,250 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0+ +# +# Author: Justin Iurman <justin.iurman(a)uliege.be> +# +# WARNING +# ------- +# This is just a dummy script that triggers encap cases with possible dst cache +# reference loops in affected lwt users (see list below). Some cases are +# pathological configurations for simplicity, others are valid. Overall, we +# don't want this issue to happen, no matter what. In order to catch any +# reference loops, kmemleak MUST be used. The results alone are always blindly +# successful, don't rely on them. Note that the following tests may crash the +# kernel if the fix to prevent lwtunnel_{input|output|xmit}() reentry loops is +# not present. +# +# Affected lwt users so far (please update accordingly if needed): +# - ila_lwt (output only) +# - ioam6_iptunnel (output only) +# - rpl_iptunnel (both input and output) +# - seg6_iptunnel (both input and output) + +source lib.sh + +check_compatibility() +{ + setup_ns tmp_node &>/dev/null + if [ $? != 0 ] + then + echo "SKIP: Cannot create netns." + exit $ksft_skip + fi + + ip link add name veth0 netns $tmp_node type veth \ + peer name veth1 netns $tmp_node &>/dev/null + local ret=$? + + ip -netns $tmp_node link set veth0 up &>/dev/null + ret=$((ret + $?)) + + ip -netns $tmp_node link set veth1 up &>/dev/null + ret=$((ret + $?)) + + if [ $ret != 0 ] + then + echo "SKIP: Cannot configure links." + cleanup_ns $tmp_node + exit $ksft_skip + fi + + lsmod 2>/dev/null | grep -q "ila" + ila_lsmod=$? + [ $ila_lsmod != 0 ] && modprobe ila &>/dev/null + + ip -netns $tmp_node route add 2001:db8:1::/64 \ + encap ila 1:2:3:4 csum-mode no-action ident-type luid hook-type output \ + dev veth0 &>/dev/null + + ip -netns $tmp_node route add 2001:db8:2::/64 \ + encap ioam6 trace prealloc type 0x800000 ns 0 size 4 dev veth0 &>/dev/null + + ip -netns $tmp_node route add 2001:db8:3::/64 \ + encap rpl segs 2001:db8:3::1 dev veth0 &>/dev/null + + ip -netns $tmp_node route add 2001:db8:4::/64 \ + encap seg6 mode inline segs 2001:db8:4::1 dev veth0 &>/dev/null + + ip -netns $tmp_node -6 route 2>/dev/null | grep -q "encap ila" + skip_ila=$? + + ip -netns $tmp_node -6 route 2>/dev/null | grep -q "encap ioam6" + skip_ioam6=$? + + ip -netns $tmp_node -6 route 2>/dev/null | grep -q "encap rpl" + skip_rpl=$? + + ip -netns $tmp_node -6 route 2>/dev/null | grep -q "encap seg6" + skip_seg6=$? + + cleanup_ns $tmp_node +} + +setup() +{ + setup_ns alpha beta gamma &>/dev/null + + ip link add name veth-alpha netns $alpha type veth \ + peer name veth-betaL netns $beta &>/dev/null + ip link add name veth-betaR netns $beta type veth \ + peer name veth-gamma netns $gamma &>/dev/null + + ip -netns $alpha link set veth-alpha name veth0 &>/dev/null + ip -netns $beta link set veth-betaL name veth0 &>/dev/null + ip -netns $beta link set veth-betaR name veth1 &>/dev/null + ip -netns $gamma link set veth-gamma name veth0 &>/dev/null + + ip -netns $alpha addr add 2001:db8:1::2/64 dev veth0 &>/dev/null + ip -netns $alpha link set veth0 up &>/dev/null + ip -netns $alpha link set lo up &>/dev/null + ip -netns $alpha route add 2001:db8:2::/64 \ + via 2001:db8:1::1 dev veth0 &>/dev/null + + ip -netns $beta addr add 2001:db8:1::1/64 dev veth0 &>/dev/null + ip -netns $beta addr add 2001:db8:2::1/64 dev veth1 &>/dev/null + ip -netns $beta link set veth0 up &>/dev/null + ip -netns $beta link set veth1 up &>/dev/null + ip -netns $beta link set lo up &>/dev/null + ip -netns $beta route del 2001:db8:2::/64 + ip -netns $beta route add 2001:db8:2::/64 dev veth1 + ip netns exec $beta sysctl -wq net.ipv6.conf.all.forwarding=1 &>/dev/null + + ip -netns $gamma addr add 2001:db8:2::2/64 dev veth0 &>/dev/null + ip -netns $gamma link set veth0 up &>/dev/null + ip -netns $gamma link set lo up &>/dev/null + ip -netns $gamma route add 2001:db8:1::/64 \ + via 2001:db8:2::1 dev veth0 &>/dev/null + + sleep 1 + + ip netns exec $alpha ping6 -c 5 -W 1 2001:db8:2::2 &>/dev/null + if [ $? != 0 ] + then + echo "SKIP: Setup failed." + cleanup + exit $ksft_skip + fi + + sleep 1 +} + +cleanup() +{ + cleanup_ns $alpha $beta $gamma + [ $ila_lsmod != 0 ] && modprobe -r ila &>/dev/null +} + +run_ila() +{ + if [ $skip_ila != 0 ] + then + echo "SKIP: ila (output)" + return + fi + + ip -netns $beta route del 2001:db8:2::/64 + + ip -netns $beta route add 2001:db8:2:0:0:0:0:2/128 \ + encap ila 2001:db8:2:0 csum-mode no-action ident-type luid hook-type output \ + dev veth1 &>/dev/null + sleep 1 + + echo "TEST: ila (output)" + ip netns exec $beta ping6 -c 2 -W 1 2001:db8:2::2 &>/dev/null + sleep 1 + + ip -netns $beta route del 2001:db8:2:0:0:0:0:2/128 + ip -netns $beta route add 2001:db8:2::/64 dev veth1 + sleep 1 +} + +run_ioam6() +{ + if [ $skip_ioam6 != 0 ] + then + echo "SKIP: ioam6 (output)" + return + fi + + ip -netns $beta route change 2001:db8:2::/64 \ + encap ioam6 trace prealloc type 0x800000 ns 1 size 4 \ + dev veth1 &>/dev/null + sleep 1 + + echo "TEST: ioam6 (output)" + ip netns exec $beta ping6 -c 2 -W 1 2001:db8:2::2 &>/dev/null + sleep 1 +} + +run_rpl() +{ + if [ $skip_rpl != 0 ] + then + echo "SKIP: rpl (input)" + echo "SKIP: rpl (output)" + return + fi + + ip -netns $beta route change 2001:db8:2::/64 \ + encap rpl segs 2001:db8:2::2 \ + dev veth1 &>/dev/null + sleep 1 + + echo "TEST: rpl (input)" + ip netns exec $alpha ping6 -c 2 -W 1 2001:db8:2::2 &>/dev/null + sleep 1 + + echo "TEST: rpl (output)" + ip netns exec $beta ping6 -c 2 -W 1 2001:db8:2::2 &>/dev/null + sleep 1 +} + +run_seg6() +{ + if [ $skip_seg6 != 0 ] + then + echo "SKIP: seg6 (input)" + echo "SKIP: seg6 (output)" + return + fi + + ip -netns $beta route change 2001:db8:2::/64 \ + encap seg6 mode inline segs 2001:db8:2::2 \ + dev veth1 &>/dev/null + sleep 1 + + echo "TEST: seg6 (input)" + ip netns exec $alpha ping6 -c 2 -W 1 2001:db8:2::2 &>/dev/null + sleep 1 + + echo "TEST: seg6 (output)" + ip netns exec $beta ping6 -c 2 -W 1 2001:db8:2::2 &>/dev/null + sleep 1 +} + +run() +{ + run_ila + run_ioam6 + run_rpl + run_seg6 +} + +if [ "$(id -u)" -ne 0 ] +then + echo "SKIP: Need root privileges." + exit $ksft_skip +fi + +if [ ! -x "$(command -v ip)" ] +then + echo "SKIP: Could not run test without ip tool." + exit $ksft_skip +fi + +check_compatibility +setup +run +cleanup + +exit $ksft_pass -- 2.34.1

6 months

2
1
0 0

Re: [PATCH 3/3] rust: replace `addr_of[_mut]!` with `&raw [mut]`

by Benno Lossin

On Thu Mar 13, 2025 at 6:33 AM CET, Antonio Hickey wrote: > Replacing all occurrences of `addr_of!(place)` with `&raw place`, and > all occurrences of `addr_of_mut!(place)` with `&raw mut place`. > > Utilizing the new feature will allow us to reduce macro complexity, and > improve consistency with existing reference syntax as `&raw`, `&raw mut` > is very similar to `&`, `&mut` making it fit more naturally with other > existing code. > > Depends on: Patch 1/3 0001-rust-enable-raw_ref_op-feature.patch This information shouldn't be in the commit message. You can put it below the `---` (that won't end up in the commit message). But since you sent this as part of a series, you don't need to mention it. > Suggested-by: Benno Lossin <y86-dev(a)protonmail.com> > Link: https://github.com/Rust-for-Linux/linux/issues/1148 > Signed-off-by: Antonio Hickey <contact(a)antoniohickey.com> > --- > rust/kernel/block/mq/request.rs | 4 ++-- > rust/kernel/faux.rs | 4 ++-- > rust/kernel/fs/file.rs | 2 +- > rust/kernel/init.rs | 8 ++++---- > rust/kernel/init/macros.rs | 28 +++++++++++++------------- > rust/kernel/jump_label.rs | 4 ++-- > rust/kernel/kunit.rs | 4 ++-- > rust/kernel/list.rs | 2 +- > rust/kernel/list/impl_list_item_mod.rs | 6 +++--- > rust/kernel/net/phy.rs | 4 ++-- > rust/kernel/pci.rs | 4 ++-- > rust/kernel/platform.rs | 4 +--- > rust/kernel/rbtree.rs | 22 ++++++++++---------- > rust/kernel/sync/arc.rs | 2 +- > rust/kernel/task.rs | 4 ++-- > rust/kernel/workqueue.rs | 8 ++++---- > 16 files changed, 54 insertions(+), 56 deletions(-) [...] > diff --git a/rust/kernel/jump_label.rs b/rust/kernel/jump_label.rs > index 4e974c768dbd..05d4564714c7 100644 > --- a/rust/kernel/jump_label.rs > +++ b/rust/kernel/jump_label.rs > @@ -20,8 +20,8 @@ > #[macro_export] > macro_rules! static_branch_unlikely { > ($key:path, $keytyp:ty, $field:ident) => {{ > - let _key: *const $keytyp = ::core::ptr::addr_of!($key); > - let _key: *const $crate::bindings::static_key_false = ::core::ptr::addr_of!((*_key).$field); > + let _key: *const $keytyp = &raw $key; This should be `&raw const $key`. I wrote that wrongly in the issue. > + let _key: *const $crate::bindings::static_key_false = &raw (*_key).$field; Same here. > let _key: *const $crate::bindings::static_key = _key.cast(); > > #[cfg(not(CONFIG_JUMP_LABEL))] > diff --git a/rust/kernel/kunit.rs b/rust/kernel/kunit.rs > index 824da0e9738a..18357dd782ed 100644 > --- a/rust/kernel/kunit.rs > +++ b/rust/kernel/kunit.rs > @@ -128,9 +128,9 @@ unsafe impl Sync for UnaryAssert {} > unsafe { > $crate::bindings::__kunit_do_failed_assertion( > kunit_test, > - core::ptr::addr_of!(LOCATION.0), > + &raw LOCATION.0, And here. > $crate::bindings::kunit_assert_type_KUNIT_ASSERTION, > - core::ptr::addr_of!(ASSERTION.0.assert), > + &raw ASSERTION.0.assert, Lastly here as well. --- Cheers, Benno

6 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror