Merge tag 'rust-fixes-6.9' of https://github.com/Rust-for-Linux/linux

+1 -1

Documentation/rust/arch-support.rst

··· 16 16 Architecture Level of support Constraints 17 17 ============= ================ ============================================== 18 18 ``arm64`` Maintained Little Endian only. 19 - ``loongarch`` Maintained - 19 + ``loongarch`` Maintained \- 20 20 ``um`` Maintained ``x86_64`` only. 21 21 ``x86`` Maintained ``x86_64`` only. 22 22 ============= ================ ==============================================

+1 -1

init/Kconfig

··· 1899 1899 bool "Rust support" 1900 1900 depends on HAVE_RUST 1901 1901 depends on RUST_IS_AVAILABLE 1902 + depends on !CFI_CLANG 1902 1903 depends on !MODVERSIONS 1903 1904 depends on !GCC_PLUGINS 1904 1905 depends on !RANDSTRUCT 1905 1906 depends on !DEBUG_INFO_BTF || PAHOLE_HAS_LANG_EXCLUDE 1906 - select CONSTRUCTORS 1907 1907 help 1908 1908 Enables Rust support in the kernel. 1909 1909

-1

rust/Makefile

··· 175 175 mkdir -p $(objtree)/$(obj)/test/doctests/kernel; \ 176 176 OBJTREE=$(abspath $(objtree)) \ 177 177 $(RUSTDOC) --test $(rust_flags) \ 178 - @$(objtree)/include/generated/rustc_cfg \ 179 178 -L$(objtree)/$(obj) --extern alloc --extern kernel \ 180 179 --extern build_error --extern macros \ 181 180 --extern bindings --extern uapi \

+9 -2

rust/kernel/init.rs

··· 1292 1292 i8, i16, i32, i64, i128, isize, 1293 1293 f32, f64, 1294 1294 1295 - // SAFETY: These are ZSTs, there is nothing to zero. 1296 - {<T: ?Sized>} PhantomData<T>, core::marker::PhantomPinned, Infallible, (), 1295 + // Note: do not add uninhabited types (such as `!` or `core::convert::Infallible`) to this list; 1296 + // creating an instance of an uninhabited type is immediate undefined behavior. For more on 1297 + // uninhabited/empty types, consult The Rustonomicon: 1298 + // <https://doc.rust-lang.org/stable/nomicon/exotic-sizes.html#empty-types>. The Rust Reference 1299 + // also has information on undefined behavior: 1300 + // <https://doc.rust-lang.org/stable/reference/behavior-considered-undefined.html>. 1301 + // 1302 + // SAFETY: These are inhabited ZSTs; there is nothing to zero and a valid value exists. 1303 + {<T: ?Sized>} PhantomData<T>, core::marker::PhantomPinned, (), 1297 1304 1298 1305 // SAFETY: Type is allowed to take any value, including all zeros. 1299 1306 {<T>} MaybeUninit<T>,

+1 -1

rust/kernel/lib.rs

··· 65 65 /// The top level entrypoint to implementing a kernel module. 66 66 /// 67 67 /// For any teardown or cleanup operations, your type may implement [`Drop`]. 68 - pub trait Module: Sized + Sync { 68 + pub trait Module: Sized + Sync + Send { 69 69 /// Called at module initialization time. 70 70 /// 71 71 /// Use this method to perform whatever setup or registration your module

+4

rust/kernel/net/phy.rs

··· 640 640 drivers: Pin<&'static mut [DriverVTable]>, 641 641 } 642 642 643 + // SAFETY: The only action allowed in a `Registration` instance is dropping it, which is safe to do 644 + // from any thread because `phy_drivers_unregister` can be called from any thread context. 645 + unsafe impl Send for Registration {} 646 + 643 647 impl Registration { 644 648 /// Registers a PHY driver. 645 649 pub fn register(

-12

rust/macros/lib.rs

··· 35 35 /// author: "Rust for Linux Contributors", 36 36 /// description: "My very own kernel module!", 37 37 /// license: "GPL", 38 - /// params: { 39 - /// my_i32: i32 { 40 - /// default: 42, 41 - /// permissions: 0o000, 42 - /// description: "Example of i32", 43 - /// }, 44 - /// writeable_i32: i32 { 45 - /// default: 42, 46 - /// permissions: 0o644, 47 - /// description: "Example of i32", 48 - /// }, 49 - /// }, 50 38 /// } 51 39 /// 52 40 /// struct MyModule;

+115 -75

rust/macros/module.rs

··· 199 199 /// Used by the printing macros, e.g. [`info!`]. 200 200 const __LOG_PREFIX: &[u8] = b\"{name}\\0\"; 201 201 202 - /// The \"Rust loadable module\" mark. 203 - // 204 - // This may be best done another way later on, e.g. as a new modinfo 205 - // key or a new section. For the moment, keep it simple. 206 - #[cfg(MODULE)] 207 - #[doc(hidden)] 208 - #[used] 209 - static __IS_RUST_MODULE: () = (); 210 - 211 - static mut __MOD: Option<{type_}> = None; 212 - 213 202 // SAFETY: `__this_module` is constructed by the kernel at load time and will not be 214 203 // freed until the module is unloaded. 215 204 #[cfg(MODULE)] ··· 210 221 kernel::ThisModule::from_ptr(core::ptr::null_mut()) 211 222 }}; 212 223 213 - // Loadable modules need to export the `{{init,cleanup}}_module` identifiers. 214 - /// # Safety 215 - /// 216 - /// This function must not be called after module initialization, because it may be 217 - /// freed after that completes. 218 - #[cfg(MODULE)] 219 - #[doc(hidden)] 220 - #[no_mangle] 221 - #[link_section = \".init.text\"] 222 - pub unsafe extern \"C\" fn init_module() -> core::ffi::c_int {{ 223 - __init() 224 - }} 224 + // Double nested modules, since then nobody can access the public items inside. 225 + mod __module_init {{ 226 + mod __module_init {{ 227 + use super::super::{type_}; 225 228 226 - #[cfg(MODULE)] 227 - #[doc(hidden)] 228 - #[no_mangle] 229 - pub extern \"C\" fn cleanup_module() {{ 230 - __exit() 231 - }} 229 + /// The \"Rust loadable module\" mark. 230 + // 231 + // This may be best done another way later on, e.g. as a new modinfo 232 + // key or a new section. For the moment, keep it simple. 233 + #[cfg(MODULE)] 234 + #[doc(hidden)] 235 + #[used] 236 + static __IS_RUST_MODULE: () = (); 232 237 233 - // Built-in modules are initialized through an initcall pointer 234 - // and the identifiers need to be unique. 235 - #[cfg(not(MODULE))] 236 - #[cfg(not(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS))] 237 - #[doc(hidden)] 238 - #[link_section = \"{initcall_section}\"] 239 - #[used] 240 - pub static __{name}_initcall: extern \"C\" fn() -> core::ffi::c_int = __{name}_init; 238 + static mut __MOD: Option<{type_}> = None; 241 239 242 - #[cfg(not(MODULE))] 243 - #[cfg(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS)] 244 - core::arch::global_asm!( 245 - r#\".section \"{initcall_section}\", \"a\" 246 - __{name}_initcall: 247 - .long __{name}_init - . 248 - .previous 249 - \"# 250 - ); 240 + // Loadable modules need to export the `{{init,cleanup}}_module` identifiers. 241 + /// # Safety 242 + /// 243 + /// This function must not be called after module initialization, because it may be 244 + /// freed after that completes. 245 + #[cfg(MODULE)] 246 + #[doc(hidden)] 247 + #[no_mangle] 248 + #[link_section = \".init.text\"] 249 + pub unsafe extern \"C\" fn init_module() -> core::ffi::c_int {{ 250 + // SAFETY: This function is inaccessible to the outside due to the double 251 + // module wrapping it. It is called exactly once by the C side via its 252 + // unique name. 253 + unsafe {{ __init() }} 254 + }} 251 255 252 - #[cfg(not(MODULE))] 253 - #[doc(hidden)] 254 - #[no_mangle] 255 - pub extern \"C\" fn __{name}_init() -> core::ffi::c_int {{ 256 - __init() 257 - }} 256 + #[cfg(MODULE)] 257 + #[doc(hidden)] 258 + #[no_mangle] 259 + pub extern \"C\" fn cleanup_module() {{ 260 + // SAFETY: 261 + // - This function is inaccessible to the outside due to the double 262 + // module wrapping it. It is called exactly once by the C side via its 263 + // unique name, 264 + // - furthermore it is only called after `init_module` has returned `0` 265 + // (which delegates to `__init`). 266 + unsafe {{ __exit() }} 267 + }} 258 268 259 - #[cfg(not(MODULE))] 260 - #[doc(hidden)] 261 - #[no_mangle] 262 - pub extern \"C\" fn __{name}_exit() {{ 263 - __exit() 264 - }} 269 + // Built-in modules are initialized through an initcall pointer 270 + // and the identifiers need to be unique. 271 + #[cfg(not(MODULE))] 272 + #[cfg(not(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS))] 273 + #[doc(hidden)] 274 + #[link_section = \"{initcall_section}\"] 275 + #[used] 276 + pub static __{name}_initcall: extern \"C\" fn() -> core::ffi::c_int = __{name}_init; 265 277 266 - fn __init() -> core::ffi::c_int {{ 267 - match <{type_} as kernel::Module>::init(&THIS_MODULE) {{ 268 - Ok(m) => {{ 269 - unsafe {{ 270 - __MOD = Some(m); 278 + #[cfg(not(MODULE))] 279 + #[cfg(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS)] 280 + core::arch::global_asm!( 281 + r#\".section \"{initcall_section}\", \"a\" 282 + __{name}_initcall: 283 + .long __{name}_init - . 284 + .previous 285 + \"# 286 + ); 287 + 288 + #[cfg(not(MODULE))] 289 + #[doc(hidden)] 290 + #[no_mangle] 291 + pub extern \"C\" fn __{name}_init() -> core::ffi::c_int {{ 292 + // SAFETY: This function is inaccessible to the outside due to the double 293 + // module wrapping it. It is called exactly once by the C side via its 294 + // placement above in the initcall section. 295 + unsafe {{ __init() }} 296 + }} 297 + 298 + #[cfg(not(MODULE))] 299 + #[doc(hidden)] 300 + #[no_mangle] 301 + pub extern \"C\" fn __{name}_exit() {{ 302 + // SAFETY: 303 + // - This function is inaccessible to the outside due to the double 304 + // module wrapping it. It is called exactly once by the C side via its 305 + // unique name, 306 + // - furthermore it is only called after `__{name}_init` has returned `0` 307 + // (which delegates to `__init`). 308 + unsafe {{ __exit() }} 309 + }} 310 + 311 + /// # Safety 312 + /// 313 + /// This function must only be called once. 314 + unsafe fn __init() -> core::ffi::c_int {{ 315 + match <{type_} as kernel::Module>::init(&super::super::THIS_MODULE) {{ 316 + Ok(m) => {{ 317 + // SAFETY: No data race, since `__MOD` can only be accessed by this 318 + // module and there only `__init` and `__exit` access it. These 319 + // functions are only called once and `__exit` cannot be called 320 + // before or during `__init`. 321 + unsafe {{ 322 + __MOD = Some(m); 323 + }} 324 + return 0; 325 + }} 326 + Err(e) => {{ 327 + return e.to_errno(); 328 + }} 271 329 }} 272 - return 0; 273 330 }} 274 - Err(e) => {{ 275 - return e.to_errno(); 331 + 332 + /// # Safety 333 + /// 334 + /// This function must 335 + /// - only be called once, 336 + /// - be called after `__init` has been called and returned `0`. 337 + unsafe fn __exit() {{ 338 + // SAFETY: No data race, since `__MOD` can only be accessed by this module 339 + // and there only `__init` and `__exit` access it. These functions are only 340 + // called once and `__init` was already called. 341 + unsafe {{ 342 + // Invokes `drop()` on `__MOD`, which should be used for cleanup. 343 + __MOD = None; 344 + }} 276 345 }} 346 + 347 + {modinfo} 277 348 }} 278 349 }} 279 - 280 - fn __exit() {{ 281 - unsafe {{ 282 - // Invokes `drop()` on `__MOD`, which should be used for cleanup. 283 - __MOD = None; 284 - }} 285 - }} 286 - 287 - {modinfo} 288 350 ", 289 351 type_ = info.type_, 290 352 name = info.name,

+1 -1

scripts/Makefile.build

··· 273 273 -Zallow-features=$(rust_allowed_features) \ 274 274 -Zcrate-attr=no_std \ 275 275 -Zcrate-attr='feature($(rust_allowed_features))' \ 276 - --extern alloc --extern kernel \ 276 + -Zunstable-options --extern force:alloc --extern kernel \ 277 277 --crate-type rlib -L $(objtree)/rust/ \ 278 278 --crate-name $(basename $(notdir $@)) \ 279 279 --sysroot=/dev/null \

Configure Feed

Configure Feed