tmakin/ack-tegra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FROMGIT: rust: alloc: replace Vec::set_len with inc_len

Browse Source 
Rename `set_len` to `inc_len` and simplify its safety contract.

Note that the usage in `CString::try_from_fmt` remains correct as the
receiver is known to have `len == 0`.

Reviewed-by: Alice Ryhl <aliceryhl@google.com>
Signed-off-by: Tamir Duberstein <tamird@gmail.com>
Link: https://lore.kernel.org/r/20250416-vec-set-len-v4-4-112b222604cd@gmail.com
Signed-off-by: Danilo Krummrich <dakr@kernel.org>

Bug: 414994413
(cherry picked from commit 88d5d6a38d5161228fbfe017eb94d777d5e8a0e4
 https://github.com/Rust-for-Linux/linux.git alloc-next)
Change-Id: If8c9311fed95246e2329818589e0c9104d5d0685
Signed-off-by: Alice Ryhl <aliceryhl@google.com>
This commit is contained in:
Tamir Duberstein
2025-04-16 13:15:43 -04:00
committed by Matthew Maurer
parent 597ebe7c32
commit 04d685ecf9
3 changed files with 14 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
rust/kernel/alloc/kvec.rs
View File

@@ -185,20 +185,19 @@ where
self.len
}
/// Forcefully sets `self.len` to `new_len`.
/// Increments `self.len` by `additional`.
///
/// # Safety
///
/// - `new_len` must be less than or equal to [`Self::capacity`].
/// - If `new_len` is greater than `self.len`, all elements within the interval
/// [`self.len`,`new_len`) must be initialized.
/// - `additional` must be less than or equal to `self.capacity - self.len`.
/// - All elements within the interval [`self.len`,`self.len + additional`) must be initialized.
#[inline]
pub unsafe fn set_len(&mut self, new_len: usize) {
debug_assert!(new_len <= self.capacity());
// INVARIANT: By the safety requirements of this method `new_len` represents the exact
// number of elements stored within `self`.
self.len = new_len;
pub unsafe fn inc_len(&mut self, additional: usize) {
// Guaranteed by the type invariant to never underflow.
debug_assert!(additional <= self.capacity() - self.len());
// INVARIANT: By the safety requirements of this method this represents the exact number of
// elements stored within `self`.
self.len += additional;
}
/// Decreases `self.len` by `count`.
@@ -317,7 +316,7 @@ where
// SAFETY: We just initialised the first spare entry, so it is safe to increase the length
// by 1. We also know that the new length is <= capacity because of the previous call to
// `reserve` above.
unsafe { self.set_len(self.len() + 1) };
unsafe { self.inc_len(1) };
Ok(())
}
@@ -521,7 +520,7 @@ impl<T: Clone, A: Allocator> Vec<T, A> {
// SAFETY:
// - `self.len() + n < self.capacity()` due to the call to reserve above,
// - the loop and the line above initialized the next `n` elements.
unsafe { self.set_len(self.len() + n) };
unsafe { self.inc_len(n) };
Ok(())
}
@@ -552,7 +551,7 @@ impl<T: Clone, A: Allocator> Vec<T, A> {
// the length by the same number.
// - `self.len() + other.len() <= self.capacity()` is guaranteed by the preceding `reserve`
// call.
unsafe { self.set_len(self.len() + other.len()) };
unsafe { self.inc_len(other.len()) };
Ok(())
}

2
rust/kernel/str.rs
View File

@@ -832,7 +832,7 @@ impl CString {
// SAFETY: The number of bytes that can be written to `f` is bounded by `size`, which is
// `buf`'s capacity. The contents of the buffer have been initialised by writes to `f`.
unsafe { buf.set_len(f.bytes_written()) };
unsafe { buf.inc_len(f.bytes_written()) };
// Check that there are no `NUL` bytes before the end.
// SAFETY: The buffer is valid for read because `f.bytes_written()` is bounded by `size`

2
rust/kernel/uaccess.rs
View File

@@ -291,7 +291,7 @@ impl UserSliceReader {
// SAFETY: Since the call to `read_raw` was successful, so the next `len` bytes of the
// vector have been initialized.
unsafe { buf.set_len(buf.len() + len) };
unsafe { buf.inc_len(len) };
Ok(())
}