tmakin/ack-tegra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
testing-6.12
ack-tegra/rust/kernel/str.rs
Greg Kroah-Hartman 651f2e4fca Merge 6.12.29 into android16-6.12-lts 
GKI (arm64) relevant 44 out of 185 changes, affecting 54 files +634/-365
  b32411f045 dm: add missing unlock on in dm_keyslot_evict() [1 file, +2/-1]
  61e0fc3312 fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio() [1 file, +2/-2]
  14ee85b748 firmware: arm_scmi: Fix timeout checks on polling path [1 file, +8/-5]
  98cd7ed927 sch_htb: make htb_deactivate() idempotent [1 file, +6/-9]
  35be4c0cdf gre: Fix again IPv6 link-local address generation. [1 file, +9/-6]
  c33927f385 can: gw: fix RCU/BH usage in cgw_create_job() [1 file, +90/-59]
  4555c4a13a wifi: mac80211: fix the type of status_code for negotiated TID to Link Mapping [2 files, +7/-7]
  64385c0d02 erofs: ensure the extra temporary copy is valid for shortened bvecs [1 file, +14/-17]
  b37e54259c bpf: Scrub packet on bpf_redirect_peer [1 file, +1/-0]
  bb8f86f40e net: export a helper for adding up queue stats [2 files, +56/-19]
  302a0cd0bb Input: xpad - fix Share button on Xbox One controllers [1 file, +20/-15]
  bf239d3835 Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller [1 file, +1/-0]
  38bb0170d6 Input: xpad - fix two controller table values [1 file, +2/-2]
  2910019b04 mm: vmalloc: support more granular vrealloc() sizing [2 files, +25/-7]
  6166c3cf40 mm/huge_memory: fix dereferencing invalid pmd migration entry [1 file, +8/-3]
  b543a5a73b mm/userfaultfd: fix uninitialized output field for -EAGAIN race [1 file, +22/-6]
  7f37e31483 io_uring: ensure deferred completions are flushed for multishot [1 file, +8/-0]
  abbc99e898 arm64: cpufeature: Move arm64_use_ng_mappings to the .data section to prevent wrong idmap generation [1 file, +8/-1]
  d66a22f6a4 memblock: Accept allocated memory before use in memblock_double_array() [1 file, +8/-1]
  d63851049f module: ensure that kobject_put() is safe for module type kobjects [1 file, +3/-1]
  75f23e49ad usb: gadget: f_ecm: Add get_status callback [1 file, +7/-0]
  d1c8fa4c6e usb: gadget: Use get_status callback to set remote wakeup capability [1 file, +5/-7]
  3366a19948 usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition [1 file, +1/-1]
  5ad298d6d4 usb: typec: ucsi: displayport: Fix NULL pointer access [1 file, +2/-0]
  afe8849597 types: Complement the aligned types with signed 64-bit one [2 files, +3/-1]
  02a77b3020 loop: Use bdev limit helpers for configuring discard [1 file, +4/-4]
  722f6dece7 loop: Simplify discard granularity calc [1 file, +1/-2]
  0558ce095b loop: Fix ABBA locking race [1 file, +15/-15]
  5e1470b276 loop: refactor queue limits updates [1 file, +20/-16]
  a781ffe410 loop: factor out a loop_assign_backing_file helper [1 file, +10/-10]
  184b147b9f loop: Add sanity check for read/write_iter [1 file, +23/-0]
  19fa2a4830 nvme: unblock ctrl state transition for firmware update [1 file, +2/-1]
  3edac2949e io_uring/sqpoll: Increase task_work submission batch size [1 file, +1/-1]
  cd010271a9 do_umount(): add missing barrier before refcount checks in sync case [1 file, +2/-1]
  2482f7705b io_uring: always arm linked timeouts prior to issue [1 file, +15/-35]
  564d25b1a6 mm: page_alloc: don't steal single pages from biggest buddy [1 file, +34/-46]
  16bae58f73 mm: page_alloc: speed up fallbacks in rmqueue_bulk() [1 file, +80/-33]
  86b37810fa sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash [1 file, +1/-3]
  2a3915e861 arm64: insn: Add support for encoding DSB [2 files, +38/-23]
  ec5bca57af arm64: proton-pack: Expose whether the platform is mitigated by firmware [2 files, +6/-0]
  f2aebb8ec6 arm64: proton-pack: Expose whether the branchy loop k value [2 files, +6/-0]
  38c345fd54 arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs [3 files, +52/-5]
  e5f5100f1c arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users [1 file, +3/-0]
  2176530849 arm64: proton-pack: Add new CPUs 'k' values for branch mitigation [2 files, +3/-0]

Changes in 6.12.29
	dm: add missing unlock on in dm_keyslot_evict()
	fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio()
	Revert "btrfs: canonicalize the device path before adding it"
	arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2
	firmware: arm_scmi: Fix timeout checks on polling path
	can: mcan: m_can_class_unregister(): fix order of unregistration calls
	s390/pci: Fix missing check for zpci_create_device() error return
	wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation
	vfio/pci: Align huge faults to order
	s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs
	can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls
	can: rockchip_canfd: rkcanfd_remove(): fix order of unregistration calls
	ksmbd: prevent rename with empty string
	ksmbd: prevent out-of-bounds stream writes by validating *pos
	ksmbd: Fix UAF in __close_file_table_ids
	openvswitch: Fix unsafe attribute parsing in output_userspace()
	ksmbd: fix memory leak in parse_lease_state()
	s390/entry: Fix last breaking event handling in case of stack corruption
	sch_htb: make htb_deactivate() idempotent
	virtio_net: xsk: bind/unbind xsk for tx
	virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable()
	gre: Fix again IPv6 link-local address generation.
	net: ethernet: mtk_eth_soc: reset all TX queues on DMA free
	net: ethernet: mtk_eth_soc: do not reset PSE when setting FE
	can: m_can: m_can_class_allocate_dev(): initialize spin lock on device probe
	can: mcp251xfd: fix TDC setting for low data bit rates
	can: gw: fix RCU/BH usage in cgw_create_job()
	wifi: mac80211: fix the type of status_code for negotiated TID to Link Mapping
	ice: Initial support for E825C hardware in ice_adapter
	ice: use DSN instead of PCI BDF for ice_adapter index
	erofs: ensure the extra temporary copy is valid for shortened bvecs
	ipvs: fix uninit-value for saddr in do_output_route4
	netfilter: ipset: fix region locking in hash types
	bpf: Scrub packet on bpf_redirect_peer
	net: dsa: b53: allow leaky reserved multicast
	net: dsa: b53: keep CPU port always tagged again
	net: dsa: b53: fix clearing PVID of a port
	net: dsa: b53: fix flushing old pvid VLAN on pvid change
	net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave
	net: dsa: b53: always rejoin default untagged VLAN on bridge leave
	net: dsa: b53: do not allow to configure VLAN 0
	net: dsa: b53: do not program vlans when vlan filtering is off
	net: dsa: b53: fix toggling vlan_filtering
	net: dsa: b53: fix learning on VLAN unaware bridges
	net: dsa: b53: do not set learning and unicast/multicast on up
	fbnic: Fix initialization of mailbox descriptor rings
	fbnic: Gate AXI read/write enabling on FW mailbox
	fbnic: Actually flush_tx instead of stalling out
	fbnic: Improve responsiveness of fbnic_mbx_poll_tx_ready
	fbnic: Pull fbnic_fw_xmit_cap_msg use out of interrupt context
	fbnic: Do not allow mailbox to toggle to ready outside fbnic_mbx_poll_tx_ready
	net: export a helper for adding up queue stats
	virtio-net: fix total qstat values
	Input: cyttsp5 - ensure minimum reset pulse width
	Input: cyttsp5 - fix power control issue on wakeup
	Input: mtk-pmic-keys - fix possible null pointer dereference
	Input: xpad - fix Share button on Xbox One controllers
	Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller
	Input: xpad - fix two controller table values
	Input: synaptics - enable InterTouch on Dynabook Portege X30-D
	Input: synaptics - enable InterTouch on Dynabook Portege X30L-G
	Input: synaptics - enable InterTouch on Dell Precision M3800
	Input: synaptics - enable SMBus for HP Elitebook 850 G1
	Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5
	rust: clean Rust 1.88.0's `unnecessary_transmutes` lint
	objtool/rust: add one more `noreturn` Rust function for Rust 1.87.0
	rust: clean Rust 1.88.0's warning about `clippy::disallowed_macros` configuration
	staging: iio: adc: ad7816: Correct conditional logic for store mode
	staging: bcm2835-camera: Initialise dev in v4l2_dev
	staging: axis-fifo: Remove hardware resets for user errors
	staging: axis-fifo: Correct handling of tx_fifo_depth for size validation
	x86/mm: Eliminate window where TLB flushes may be inadvertently skipped
	mm: fix folio_pte_batch() on XEN PV
	mm: vmalloc: support more granular vrealloc() sizing
	mm/huge_memory: fix dereferencing invalid pmd migration entry
	mm/userfaultfd: fix uninitialized output field for -EAGAIN race
	selftests/mm: compaction_test: support platform with huge mount of memory
	selftests/mm: fix a build failure on powerpc
	KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception
	drm/amd/display: Shift DMUB AUX reply command if necessary
	io_uring: ensure deferred completions are flushed for multishot
	iio: adc: ad7606: fix serial register access
	iio: adc: rockchip: Fix clock initialization sequence
	iio: adis16201: Correct inclinometer channel resolution
	iio: imu: inv_mpu6050: align buffer for timestamp
	iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo
	iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo
	drm/v3d: Add job to pending list if the reset was skipped
	drm/xe: Add page queue multiplier
	drm/amdgpu/vcn: using separate VCN1_AON_SOC offset
	drm/amd/display: Fix invalid context error in dml helper
	drm/amd/display: more liberal vmin/vmax update for freesync
	drm/amd/display: Fix the checking condition in dmub aux handling
	drm/amd/display: Remove incorrect checking in dmub aux handler
	drm/amd/display: Fix wrong handling for AUX_DEFER case
	drm/amd/display: Copy AUX read reply data whenever length > 0
	drm/amdgpu/hdp4: use memcfg register to post the write for HDP flush
	drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush
	drm/amdgpu/hdp5: use memcfg register to post the write for HDP flush
	drm/amdgpu/hdp6: use memcfg register to post the write for HDP flush
	drm/amdgpu/hdp7: use memcfg register to post the write for HDP flush
	usb: uhci-platform: Make the clock really optional
	smb: client: Avoid race in open_cached_dir with lease breaks
	xen: swiotlb: Use swiotlb bouncing if kmalloc allocation demands it
	xenbus: Use kref to track req lifetime
	accel/ivpu: Increase state dump msg timeout
	arm64: cpufeature: Move arm64_use_ng_mappings to the .data section to prevent wrong idmap generation
	clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable()
	memblock: Accept allocated memory before use in memblock_double_array()
	module: ensure that kobject_put() is safe for module type kobjects
	x86/microcode: Consolidate the loader enablement checking
	ocfs2: fix the issue with discontiguous allocation in the global_bitmap
	ocfs2: switch osb->disable_recovery to enum
	ocfs2: implement handshaking with ocfs2 recovery thread
	ocfs2: stop quota recovery before disabling quotas
	usb: dwc3: gadget: Make gadget_wakeup asynchronous
	usb: cdnsp: Fix issue with resuming from L1
	usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version
	usb: gadget: f_ecm: Add get_status callback
	usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN
	usb: gadget: Use get_status callback to set remote wakeup capability
	usb: host: tegra: Prevent host controller crash when OTG port is used
	usb: misc: onboard_usb_dev: fix support for Cypress HX3 hubs
	usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition
	usb: typec: ucsi: displayport: Fix NULL pointer access
	USB: usbtmc: use interruptible sleep in usbtmc_read
	usb: usbtmc: Fix erroneous get_stb ioctl error returns
	usb: usbtmc: Fix erroneous wait_srq ioctl return
	usb: usbtmc: Fix erroneous generic_read ioctl return
	iio: accel: adxl367: fix setting odr for activity time update
	iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer.
	types: Complement the aligned types with signed 64-bit one
	iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64
	iio: adc: dln2: Use aligned_s64 for timestamp
	MIPS: Fix MAX_REG_OFFSET
	riscv: misaligned: Add handling for ZCB instructions
	loop: Use bdev limit helpers for configuring discard
	loop: Simplify discard granularity calc
	loop: Fix ABBA locking race
	loop: refactor queue limits updates
	loop: factor out a loop_assign_backing_file helper
	loop: Add sanity check for read/write_iter
	drm/panel: simple: Update timings for AUO G101EVN010
	nvme: unblock ctrl state transition for firmware update
	riscv: misaligned: factorize trap handling
	riscv: misaligned: enable IRQs while handling misaligned accesses
	drm/xe/tests/mocs: Update xe_force_wake_get() return handling
	drm/xe/tests/mocs: Hold XE_FORCEWAKE_ALL for LNCF regs
	io_uring/sqpoll: Increase task_work submission batch size
	do_umount(): add missing barrier before refcount checks in sync case
	Revert "um: work around sched_yield not yielding in time-travel mode"
	rust: allow Rust 1.87.0's `clippy::ptr_eq` lint
	rust: clean Rust 1.88.0's `clippy::uninlined_format_args` lint
	io_uring: always arm linked timeouts prior to issue
	Bluetooth: btmtk: Remove resetting mt7921 before downloading the fw
	Bluetooth: btmtk: Remove the resetting step before downloading the fw
	mm: page_alloc: don't steal single pages from biggest buddy
	mm: page_alloc: speed up fallbacks in rmqueue_bulk()
	sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash
	arm64: insn: Add support for encoding DSB
	arm64: proton-pack: Expose whether the platform is mitigated by firmware
	arm64: proton-pack: Expose whether the branchy loop k value
	arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs
	arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users
	arm64: proton-pack: Add new CPUs 'k' values for branch mitigation
	x86/bpf: Call branch history clearing sequence on exit
	x86/bpf: Add IBHF call at end of classic BPF
	x86/bhi: Do not set BHI_DIS_S in 32-bit mode
	x86/speculation: Simplify and make CALL_NOSPEC consistent
	x86/speculation: Add a conditional CS prefix to CALL_NOSPEC
	x86/speculation: Remove the extra #ifdef around CALL_NOSPEC
	Documentation: x86/bugs/its: Add ITS documentation
	x86/its: Enumerate Indirect Target Selection (ITS) bug
	x86/its: Add support for ITS-safe indirect thunk
	x86/its: Add support for ITS-safe return thunk
	x86/its: Enable Indirect Target Selection mitigation
	x86/its: Add "vmexit" option to skip mitigation on some CPUs
	x86/its: Add support for RSB stuffing mitigation
	x86/its: Align RETs in BHB clear sequence to avoid thunking
	x86/ibt: Keep IBT disabled during alternative patching
	x86/its: Use dynamic thunks for indirect branches
	selftest/x86/bugs: Add selftests for ITS
	x86/its: Fix build errors when CONFIG_MODULES=n
	x86/its: FineIBT-paranoid vs ITS
	Linux 6.12.29

Change-Id: I00ff9cc212474331d43028ec90a190dcd1dfa697
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2025-06-05 11:52:13 +00:00

895 lines
29 KiB
Rust
Raw Permalink Blame History

// SPDX-License-Identifier: GPL-2.0
//! String representations.
use crate::alloc::{flags::*, AllocError, KVec};
use core::fmt::{self, Write};
use core::ops::{self, Deref, DerefMut, Index};
use crate::error::{code::*, Error};
/// Byte string without UTF-8 validity guarantee.
#[repr(transparent)]
pub struct BStr([u8]);
impl BStr {
/// Returns the length of this string.
#[inline]
pub const fn len(&self) -> usize {
self.0.len()
}
/// Returns `true` if the string is empty.
#[inline]
pub const fn is_empty(&self) -> bool {
self.len() == 0
}
/// Creates a [`BStr`] from a `[u8]`.
#[inline]
pub const fn from_bytes(bytes: &[u8]) -> &Self {
// SAFETY: `BStr` is transparent to `[u8]`.
unsafe { &*(bytes as *const [u8] as *const BStr) }
}
}
impl fmt::Display for BStr {
/// Formats printable ASCII characters, escaping the rest.
///
/// ```
/// # use kernel::{fmt, b_str, str::{BStr, CString}};
/// let ascii = b_str!("Hello, BStr!");
/// let s = CString::try_from_fmt(fmt!("{}", ascii)).unwrap();
/// assert_eq!(s.as_bytes(), "Hello, BStr!".as_bytes());
///
/// let non_ascii = b_str!("🦀");
/// let s = CString::try_from_fmt(fmt!("{}", non_ascii)).unwrap();
/// assert_eq!(s.as_bytes(), "\\xf0\\x9f\\xa6\\x80".as_bytes());
/// ```
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
for &b in &self.0 {
match b {
// Common escape codes.
b'\t' => f.write_str("\\t")?,
b'\n' => f.write_str("\\n")?,
b'\r' => f.write_str("\\r")?,
// Printable characters.
0x20..=0x7e => f.write_char(b as char)?,
_ => write!(f, "\\x{b:02x}")?,
}
}
Ok(())
}
}
impl fmt::Debug for BStr {
/// Formats printable ASCII characters with a double quote on either end,
/// escaping the rest.
///
/// ```
/// # use kernel::{fmt, b_str, str::{BStr, CString}};
/// // Embedded double quotes are escaped.
/// let ascii = b_str!("Hello, \"BStr\"!");
/// let s = CString::try_from_fmt(fmt!("{:?}", ascii)).unwrap();
/// assert_eq!(s.as_bytes(), "\"Hello, \\\"BStr\\\"!\"".as_bytes());
///
/// let non_ascii = b_str!("😺");
/// let s = CString::try_from_fmt(fmt!("{:?}", non_ascii)).unwrap();
/// assert_eq!(s.as_bytes(), "\"\\xf0\\x9f\\x98\\xba\"".as_bytes());
/// ```
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
f.write_char('"')?;
for &b in &self.0 {
match b {
// Common escape codes.
b'\t' => f.write_str("\\t")?,
b'\n' => f.write_str("\\n")?,
b'\r' => f.write_str("\\r")?,
// String escape characters.
b'\"' => f.write_str("\\\"")?,
b'\\' => f.write_str("\\\\")?,
// Printable characters.
0x20..=0x7e => f.write_char(b as char)?,
_ => write!(f, "\\x{b:02x}")?,
}
}
f.write_char('"')
}
}
impl Deref for BStr {
type Target = [u8];
#[inline]
fn deref(&self) -> &Self::Target {
&self.0
}
}
/// Creates a new [`BStr`] from a string literal.
///
/// `b_str!` converts the supplied string literal to byte string, so non-ASCII
/// characters can be included.
///
/// # Examples
///
/// ```
/// # use kernel::b_str;
/// # use kernel::str::BStr;
/// const MY_BSTR: &BStr = b_str!("My awesome BStr!");
/// ```
#[macro_export]
macro_rules! b_str {
($str:literal) => {{
const S: &'static str = $str;
const C: &'static $crate::str::BStr = $crate::str::BStr::from_bytes(S.as_bytes());
C
}};
}
/// Possible errors when using conversion functions in [`CStr`].
#[derive(Debug, Clone, Copy)]
pub enum CStrConvertError {
/// Supplied bytes contain an interior `NUL`.
InteriorNul,
/// Supplied bytes are not terminated by `NUL`.
NotNulTerminated,
}
impl From<CStrConvertError> for Error {
#[inline]
fn from(_: CStrConvertError) -> Error {
EINVAL
}
}
/// A string that is guaranteed to have exactly one `NUL` byte, which is at the
/// end.
///
/// Used for interoperability with kernel APIs that take C strings.
#[repr(transparent)]
pub struct CStr([u8]);
impl CStr {
/// Returns the length of this string excluding `NUL`.
#[inline]
pub const fn len(&self) -> usize {
self.len_with_nul() - 1
}
/// Returns the length of this string with `NUL`.
#[inline]
pub const fn len_with_nul(&self) -> usize {
if self.0.is_empty() {
// SAFETY: This is one of the invariant of `CStr`.
// We add a `unreachable_unchecked` here to hint the optimizer that
// the value returned from this function is non-zero.
unsafe { core::hint::unreachable_unchecked() };
}
self.0.len()
}
/// Returns `true` if the string only includes `NUL`.
#[inline]
pub const fn is_empty(&self) -> bool {
self.len() == 0
}
/// Wraps a raw C string pointer.
///
/// # Safety
///
/// `ptr` must be a valid pointer to a `NUL`-terminated C string, and it must
/// last at least `'a`. When `CStr` is alive, the memory pointed by `ptr`
/// must not be mutated.
#[inline]
pub unsafe fn from_char_ptr<'a>(ptr: *const crate::ffi::c_char) -> &'a Self {
// SAFETY: The safety precondition guarantees `ptr` is a valid pointer
// to a `NUL`-terminated C string.
let len = unsafe { bindings::strlen(ptr) } + 1;
// SAFETY: Lifetime guaranteed by the safety precondition.
let bytes = unsafe { core::slice::from_raw_parts(ptr as _, len as _) };
// SAFETY: As `len` is returned by `strlen`, `bytes` does not contain interior `NUL`.
// As we have added 1 to `len`, the last byte is known to be `NUL`.
unsafe { Self::from_bytes_with_nul_unchecked(bytes) }
}
/// Creates a [`CStr`] from a `[u8]`.
///
/// The provided slice must be `NUL`-terminated, does not contain any
/// interior `NUL` bytes.
pub const fn from_bytes_with_nul(bytes: &[u8]) -> Result<&Self, CStrConvertError> {
if bytes.is_empty() {
return Err(CStrConvertError::NotNulTerminated);
}
if bytes[bytes.len() - 1] != 0 {
return Err(CStrConvertError::NotNulTerminated);
}
let mut i = 0;
// `i + 1 < bytes.len()` allows LLVM to optimize away bounds checking,
// while it couldn't optimize away bounds checks for `i < bytes.len() - 1`.
while i + 1 < bytes.len() {
if bytes[i] == 0 {
return Err(CStrConvertError::InteriorNul);
}
i += 1;
}
// SAFETY: We just checked that all properties hold.
Ok(unsafe { Self::from_bytes_with_nul_unchecked(bytes) })
}
/// Creates a [`CStr`] from a `[u8]` without performing any additional
/// checks.
///
/// # Safety
///
/// `bytes` *must* end with a `NUL` byte, and should only have a single
/// `NUL` byte (or the string will be truncated).
#[inline]
pub const unsafe fn from_bytes_with_nul_unchecked(bytes: &[u8]) -> &CStr {
// SAFETY: Properties of `bytes` guaranteed by the safety precondition.
unsafe { core::mem::transmute(bytes) }
}
/// Creates a mutable [`CStr`] from a `[u8]` without performing any
/// additional checks.
///
/// # Safety
///
/// `bytes` *must* end with a `NUL` byte, and should only have a single
/// `NUL` byte (or the string will be truncated).
#[inline]
pub unsafe fn from_bytes_with_nul_unchecked_mut(bytes: &mut [u8]) -> &mut CStr {
// SAFETY: Properties of `bytes` guaranteed by the safety precondition.
unsafe { &mut *(bytes as *mut [u8] as *mut CStr) }
}
/// Returns a C pointer to the string.
#[inline]
pub const fn as_char_ptr(&self) -> *const crate::ffi::c_char {
self.0.as_ptr() as _
}
/// Convert the string to a byte slice without the trailing `NUL` byte.
#[inline]
pub fn as_bytes(&self) -> &[u8] {
&self.0[..self.len()]
}
/// Convert the string to a byte slice containing the trailing `NUL` byte.
#[inline]
pub const fn as_bytes_with_nul(&self) -> &[u8] {
&self.0
}
/// Yields a [`&str`] slice if the [`CStr`] contains valid UTF-8.
///
/// If the contents of the [`CStr`] are valid UTF-8 data, this
/// function will return the corresponding [`&str`] slice. Otherwise,
/// it will return an error with details of where UTF-8 validation failed.
///
/// # Examples
///
/// ```
/// # use kernel::str::CStr;
/// let cstr = CStr::from_bytes_with_nul(b"foo\0").unwrap();
/// assert_eq!(cstr.to_str(), Ok("foo"));
/// ```
#[inline]
pub fn to_str(&self) -> Result<&str, core::str::Utf8Error> {
core::str::from_utf8(self.as_bytes())
}
/// Unsafely convert this [`CStr`] into a [`&str`], without checking for
/// valid UTF-8.
///
/// # Safety
///
/// The contents must be valid UTF-8.
///
/// # Examples
///
/// ```
/// # use kernel::c_str;
/// # use kernel::str::CStr;
/// let bar = c_str!("ツ");
/// // SAFETY: String literals are guaranteed to be valid UTF-8
/// // by the Rust compiler.
/// assert_eq!(unsafe { bar.as_str_unchecked() }, "ツ");
/// ```
#[inline]
pub unsafe fn as_str_unchecked(&self) -> &str {
// SAFETY: TODO.
unsafe { core::str::from_utf8_unchecked(self.as_bytes()) }
}
/// Convert this [`CStr`] into a [`CString`] by allocating memory and
/// copying over the string data.
pub fn to_cstring(&self) -> Result<CString, AllocError> {
CString::try_from(self)
}
/// Converts this [`CStr`] to its ASCII lower case equivalent in-place.
///
/// ASCII letters 'A' to 'Z' are mapped to 'a' to 'z',
/// but non-ASCII letters are unchanged.
///
/// To return a new lowercased value without modifying the existing one, use
/// [`to_ascii_lowercase()`].
///
/// [`to_ascii_lowercase()`]: #method.to_ascii_lowercase
pub fn make_ascii_lowercase(&mut self) {
// INVARIANT: This doesn't introduce or remove NUL bytes in the C
// string.
self.0.make_ascii_lowercase();
}
/// Converts this [`CStr`] to its ASCII upper case equivalent in-place.
///
/// ASCII letters 'a' to 'z' are mapped to 'A' to 'Z',
/// but non-ASCII letters are unchanged.
///
/// To return a new uppercased value without modifying the existing one, use
/// [`to_ascii_uppercase()`].
///
/// [`to_ascii_uppercase()`]: #method.to_ascii_uppercase
pub fn make_ascii_uppercase(&mut self) {
// INVARIANT: This doesn't introduce or remove NUL bytes in the C
// string.
self.0.make_ascii_uppercase();
}
/// Returns a copy of this [`CString`] where each character is mapped to its
/// ASCII lower case equivalent.
///
/// ASCII letters 'A' to 'Z' are mapped to 'a' to 'z',
/// but non-ASCII letters are unchanged.
///
/// To lowercase the value in-place, use [`make_ascii_lowercase`].
///
/// [`make_ascii_lowercase`]: str::make_ascii_lowercase
pub fn to_ascii_lowercase(&self) -> Result<CString, AllocError> {
let mut s = self.to_cstring()?;
s.make_ascii_lowercase();
Ok(s)
}
/// Returns a copy of this [`CString`] where each character is mapped to its
/// ASCII upper case equivalent.
///
/// ASCII letters 'a' to 'z' are mapped to 'A' to 'Z',
/// but non-ASCII letters are unchanged.
///
/// To uppercase the value in-place, use [`make_ascii_uppercase`].
///
/// [`make_ascii_uppercase`]: str::make_ascii_uppercase
pub fn to_ascii_uppercase(&self) -> Result<CString, AllocError> {
let mut s = self.to_cstring()?;
s.make_ascii_uppercase();
Ok(s)
}
}
impl fmt::Display for CStr {
/// Formats printable ASCII characters, escaping the rest.
///
/// ```
/// # use kernel::c_str;
/// # use kernel::fmt;
/// # use kernel::str::CStr;
/// # use kernel::str::CString;
/// let penguin = c_str!("🐧");
/// let s = CString::try_from_fmt(fmt!("{}", penguin)).unwrap();
/// assert_eq!(s.as_bytes_with_nul(), "\\xf0\\x9f\\x90\\xa7\0".as_bytes());
///
/// let ascii = c_str!("so \"cool\"");
/// let s = CString::try_from_fmt(fmt!("{}", ascii)).unwrap();
/// assert_eq!(s.as_bytes_with_nul(), "so \"cool\"\0".as_bytes());
/// ```
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
for &c in self.as_bytes() {
if (0x20..0x7f).contains(&c) {
// Printable character.
f.write_char(c as char)?;
} else {
write!(f, "\\x{c:02x}")?;
}
}
Ok(())
}
}
impl fmt::Debug for CStr {
/// Formats printable ASCII characters with a double quote on either end, escaping the rest.
///
/// ```
/// # use kernel::c_str;
/// # use kernel::fmt;
/// # use kernel::str::CStr;
/// # use kernel::str::CString;
/// let penguin = c_str!("🐧");
/// let s = CString::try_from_fmt(fmt!("{:?}", penguin)).unwrap();
/// assert_eq!(s.as_bytes_with_nul(), "\"\\xf0\\x9f\\x90\\xa7\"\0".as_bytes());
///
/// // Embedded double quotes are escaped.
/// let ascii = c_str!("so \"cool\"");
/// let s = CString::try_from_fmt(fmt!("{:?}", ascii)).unwrap();
/// assert_eq!(s.as_bytes_with_nul(), "\"so \\\"cool\\\"\"\0".as_bytes());
/// ```
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
f.write_str("\"")?;
for &c in self.as_bytes() {
match c {
// Printable characters.
b'\"' => f.write_str("\\\"")?,
0x20..=0x7e => f.write_char(c as char)?,
_ => write!(f, "\\x{c:02x}")?,
}
}
f.write_str("\"")
}
}
impl AsRef<BStr> for CStr {
#[inline]
fn as_ref(&self) -> &BStr {
BStr::from_bytes(self.as_bytes())
}
}
impl Deref for CStr {
type Target = BStr;
#[inline]
fn deref(&self) -> &Self::Target {
self.as_ref()
}
}
impl Index<ops::RangeFrom<usize>> for CStr {
type Output = CStr;
#[inline]
fn index(&self, index: ops::RangeFrom<usize>) -> &Self::Output {
// Delegate bounds checking to slice.
// Assign to _ to mute clippy's unnecessary operation warning.
let _ = &self.as_bytes()[index.start..];
// SAFETY: We just checked the bounds.
unsafe { Self::from_bytes_with_nul_unchecked(&self.0[index.start..]) }
}
}
impl Index<ops::RangeFull> for CStr {
type Output = CStr;
#[inline]
fn index(&self, _index: ops::RangeFull) -> &Self::Output {
self
}
}
mod private {
use core::ops;
// Marker trait for index types that can be forward to `BStr`.
pub trait CStrIndex {}
impl CStrIndex for usize {}
impl CStrIndex for ops::Range<usize> {}
impl CStrIndex for ops::RangeInclusive<usize> {}
impl CStrIndex for ops::RangeToInclusive<usize> {}
}
impl<Idx> Index<Idx> for CStr
where
Idx: private::CStrIndex,
BStr: Index<Idx>,
{
type Output = <BStr as Index<Idx>>::Output;
#[inline]
fn index(&self, index: Idx) -> &Self::Output {
&self.as_ref()[index]
}
}
/// Creates a new [`CStr`] from a string literal.
///
/// The string literal should not contain any `NUL` bytes.
///
/// # Examples
///
/// ```
/// # use kernel::c_str;
/// # use kernel::str::CStr;
/// const MY_CSTR: &CStr = c_str!("My awesome CStr!");
/// ```
#[macro_export]
macro_rules! c_str {
($str:expr) => {{
const S: &str = concat!($str, "\0");
const C: &$crate::str::CStr = match $crate::str::CStr::from_bytes_with_nul(S.as_bytes()) {
Ok(v) => v,
Err(_) => panic!("string contains interior NUL"),
};
C
}};
}
#[cfg(test)]
mod tests {
use super::*;
struct String(CString);
impl String {
fn from_fmt(args: fmt::Arguments<'_>) -> Self {
String(CString::try_from_fmt(args).unwrap())
}
}
impl Deref for String {
type Target = str;
fn deref(&self) -> &str {
self.0.to_str().unwrap()
}
}
macro_rules! format {
($($f:tt)*) => ({
&*String::from_fmt(kernel::fmt!($($f)*))
})
}
const ALL_ASCII_CHARS: &'static str =
"\\x01\\x02\\x03\\x04\\x05\\x06\\x07\\x08\\x09\\x0a\\x0b\\x0c\\x0d\\x0e\\x0f\
\\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17\\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f \
!\"#$%&'()*+,-./0123456789:;<=>?@\
ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\\x7f\
\\x80\\x81\\x82\\x83\\x84\\x85\\x86\\x87\\x88\\x89\\x8a\\x8b\\x8c\\x8d\\x8e\\x8f\
\\x90\\x91\\x92\\x93\\x94\\x95\\x96\\x97\\x98\\x99\\x9a\\x9b\\x9c\\x9d\\x9e\\x9f\
\\xa0\\xa1\\xa2\\xa3\\xa4\\xa5\\xa6\\xa7\\xa8\\xa9\\xaa\\xab\\xac\\xad\\xae\\xaf\
\\xb0\\xb1\\xb2\\xb3\\xb4\\xb5\\xb6\\xb7\\xb8\\xb9\\xba\\xbb\\xbc\\xbd\\xbe\\xbf\
\\xc0\\xc1\\xc2\\xc3\\xc4\\xc5\\xc6\\xc7\\xc8\\xc9\\xca\\xcb\\xcc\\xcd\\xce\\xcf\
\\xd0\\xd1\\xd2\\xd3\\xd4\\xd5\\xd6\\xd7\\xd8\\xd9\\xda\\xdb\\xdc\\xdd\\xde\\xdf\
\\xe0\\xe1\\xe2\\xe3\\xe4\\xe5\\xe6\\xe7\\xe8\\xe9\\xea\\xeb\\xec\\xed\\xee\\xef\
\\xf0\\xf1\\xf2\\xf3\\xf4\\xf5\\xf6\\xf7\\xf8\\xf9\\xfa\\xfb\\xfc\\xfd\\xfe\\xff";
#[test]
fn test_cstr_to_str() {
let good_bytes = b"\xf0\x9f\xa6\x80\0";
let checked_cstr = CStr::from_bytes_with_nul(good_bytes).unwrap();
let checked_str = checked_cstr.to_str().unwrap();
assert_eq!(checked_str, "🦀");
}
#[test]
#[should_panic]
fn test_cstr_to_str_panic() {
let bad_bytes = b"\xc3\x28\0";
let checked_cstr = CStr::from_bytes_with_nul(bad_bytes).unwrap();
checked_cstr.to_str().unwrap();
}
#[test]
fn test_cstr_as_str_unchecked() {
let good_bytes = b"\xf0\x9f\x90\xA7\0";
let checked_cstr = CStr::from_bytes_with_nul(good_bytes).unwrap();
let unchecked_str = unsafe { checked_cstr.as_str_unchecked() };
assert_eq!(unchecked_str, "🐧");
}
#[test]
fn test_cstr_display() {
let hello_world = CStr::from_bytes_with_nul(b"hello, world!\0").unwrap();
assert_eq!(format!("{hello_world}"), "hello, world!");
let non_printables = CStr::from_bytes_with_nul(b"\x01\x09\x0a\0").unwrap();
assert_eq!(format!("{non_printables}"), "\\x01\\x09\\x0a");
let non_ascii = CStr::from_bytes_with_nul(b"d\xe9j\xe0 vu\0").unwrap();
assert_eq!(format!("{non_ascii}"), "d\\xe9j\\xe0 vu");
let good_bytes = CStr::from_bytes_with_nul(b"\xf0\x9f\xa6\x80\0").unwrap();
assert_eq!(format!("{good_bytes}"), "\\xf0\\x9f\\xa6\\x80");
}
#[test]
fn test_cstr_display_all_bytes() {
let mut bytes: [u8; 256] = [0; 256];
// fill `bytes` with [1..=255] + [0]
for i in u8::MIN..=u8::MAX {
bytes[i as usize] = i.wrapping_add(1);
}
let cstr = CStr::from_bytes_with_nul(&bytes).unwrap();
assert_eq!(format!("{cstr}"), ALL_ASCII_CHARS);
}
#[test]
fn test_cstr_debug() {
let hello_world = CStr::from_bytes_with_nul(b"hello, world!\0").unwrap();
assert_eq!(format!("{hello_world:?}"), "\"hello, world!\"");
let non_printables = CStr::from_bytes_with_nul(b"\x01\x09\x0a\0").unwrap();
assert_eq!(format!("{non_printables:?}"), "\"\\x01\\x09\\x0a\"");
let non_ascii = CStr::from_bytes_with_nul(b"d\xe9j\xe0 vu\0").unwrap();
assert_eq!(format!("{non_ascii:?}"), "\"d\\xe9j\\xe0 vu\"");
let good_bytes = CStr::from_bytes_with_nul(b"\xf0\x9f\xa6\x80\0").unwrap();
assert_eq!(format!("{good_bytes:?}"), "\"\\xf0\\x9f\\xa6\\x80\"");
}
#[test]
fn test_bstr_display() {
let hello_world = BStr::from_bytes(b"hello, world!");
assert_eq!(format!("{hello_world}"), "hello, world!");
let escapes = BStr::from_bytes(b"_\t_\n_\r_\\_\'_\"_");
assert_eq!(format!("{escapes}"), "_\\t_\\n_\\r_\\_'_\"_");
let others = BStr::from_bytes(b"\x01");
assert_eq!(format!("{others}"), "\\x01");
let non_ascii = BStr::from_bytes(b"d\xe9j\xe0 vu");
assert_eq!(format!("{non_ascii}"), "d\\xe9j\\xe0 vu");
let good_bytes = BStr::from_bytes(b"\xf0\x9f\xa6\x80");
assert_eq!(format!("{good_bytes}"), "\\xf0\\x9f\\xa6\\x80");
}
#[test]
fn test_bstr_debug() {
let hello_world = BStr::from_bytes(b"hello, world!");
assert_eq!(format!("{hello_world:?}"), "\"hello, world!\"");
let escapes = BStr::from_bytes(b"_\t_\n_\r_\\_\'_\"_");
assert_eq!(format!("{escapes:?}"), "\"_\\t_\\n_\\r_\\\\_'_\\\"_\"");
let others = BStr::from_bytes(b"\x01");
assert_eq!(format!("{others:?}"), "\"\\x01\"");
let non_ascii = BStr::from_bytes(b"d\xe9j\xe0 vu");
assert_eq!(format!("{non_ascii:?}"), "\"d\\xe9j\\xe0 vu\"");
let good_bytes = BStr::from_bytes(b"\xf0\x9f\xa6\x80");
assert_eq!(format!("{good_bytes:?}"), "\"\\xf0\\x9f\\xa6\\x80\"");
}
}
/// Allows formatting of [`fmt::Arguments`] into a raw buffer.
///
/// It does not fail if callers write past the end of the buffer so that they can calculate the
/// size required to fit everything.
///
/// # Invariants
///
/// The memory region between `pos` (inclusive) and `end` (exclusive) is valid for writes if `pos`
/// is less than `end`.
pub(crate) struct RawFormatter {
// Use `usize` to use `saturating_*` functions.
beg: usize,
pos: usize,
end: usize,
}
impl RawFormatter {
/// Creates a new instance of [`RawFormatter`] with an empty buffer.
fn new() -> Self {
// INVARIANT: The buffer is empty, so the region that needs to be writable is empty.
Self {
beg: 0,
pos: 0,
end: 0,
}
}
/// Creates a new instance of [`RawFormatter`] with the given buffer pointers.
///
/// # Safety
///
/// If `pos` is less than `end`, then the region between `pos` (inclusive) and `end`
/// (exclusive) must be valid for writes for the lifetime of the returned [`RawFormatter`].
pub(crate) unsafe fn from_ptrs(pos: *mut u8, end: *mut u8) -> Self {
// INVARIANT: The safety requirements guarantee the type invariants.
Self {
beg: pos as _,
pos: pos as _,
end: end as _,
}
}
/// Creates a new instance of [`RawFormatter`] with the given buffer.
///
/// # Safety
///
/// The memory region starting at `buf` and extending for `len` bytes must be valid for writes
/// for the lifetime of the returned [`RawFormatter`].
pub(crate) unsafe fn from_buffer(buf: *mut u8, len: usize) -> Self {
let pos = buf as usize;
// INVARIANT: We ensure that `end` is never less then `buf`, and the safety requirements
// guarantees that the memory region is valid for writes.
Self {
pos,
beg: pos,
end: pos.saturating_add(len),
}
}
/// Returns the current insert position.
///
/// N.B. It may point to invalid memory.
pub(crate) fn pos(&self) -> *mut u8 {
self.pos as _
}
/// Returns the number of bytes written to the formatter.
pub(crate) fn bytes_written(&self) -> usize {
self.pos - self.beg
}
}
impl fmt::Write for RawFormatter {
fn write_str(&mut self, s: &str) -> fmt::Result {
// `pos` value after writing `len` bytes. This does not have to be bounded by `end`, but we
// don't want it to wrap around to 0.
let pos_new = self.pos.saturating_add(s.len());
// Amount that we can copy. `saturating_sub` ensures we get 0 if `pos` goes past `end`.
let len_to_copy = core::cmp::min(pos_new, self.end).saturating_sub(self.pos);
if len_to_copy > 0 {
// SAFETY: If `len_to_copy` is non-zero, then we know `pos` has not gone past `end`
// yet, so it is valid for write per the type invariants.
unsafe {
core::ptr::copy_nonoverlapping(
s.as_bytes().as_ptr(),
self.pos as *mut u8,
len_to_copy,
)
};
}
self.pos = pos_new;
Ok(())
}
}
/// Allows formatting of [`fmt::Arguments`] into a raw buffer.
///
/// Fails if callers attempt to write more than will fit in the buffer.
pub(crate) struct Formatter(RawFormatter);
impl Formatter {
/// Creates a new instance of [`Formatter`] with the given buffer.
///
/// # Safety
///
/// The memory region starting at `buf` and extending for `len` bytes must be valid for writes
/// for the lifetime of the returned [`Formatter`].
pub(crate) unsafe fn from_buffer(buf: *mut u8, len: usize) -> Self {
// SAFETY: The safety requirements of this function satisfy those of the callee.
Self(unsafe { RawFormatter::from_buffer(buf, len) })
}
}
impl Deref for Formatter {
type Target = RawFormatter;
fn deref(&self) -> &Self::Target {
&self.0
}
}
impl fmt::Write for Formatter {
fn write_str(&mut self, s: &str) -> fmt::Result {
self.0.write_str(s)?;
// Fail the request if we go past the end of the buffer.
if self.0.pos > self.0.end {
Err(fmt::Error)
} else {
Ok(())
}
}
}
/// An owned string that is guaranteed to have exactly one `NUL` byte, which is at the end.
///
/// Used for interoperability with kernel APIs that take C strings.
///
/// # Invariants
///
/// The string is always `NUL`-terminated and contains no other `NUL` bytes.
///
/// # Examples
///
/// ```
/// use kernel::{str::CString, fmt};
///
/// let s = CString::try_from_fmt(fmt!("{}{}{}", "abc", 10, 20)).unwrap();
/// assert_eq!(s.as_bytes_with_nul(), "abc1020\0".as_bytes());
///
/// let tmp = "testing";
/// let s = CString::try_from_fmt(fmt!("{tmp}{}", 123)).unwrap();
/// assert_eq!(s.as_bytes_with_nul(), "testing123\0".as_bytes());
///
/// // This fails because it has an embedded `NUL` byte.
/// let s = CString::try_from_fmt(fmt!("a\0b{}", 123));
/// assert_eq!(s.is_ok(), false);
/// ```
pub struct CString {
buf: KVec<u8>,
}
impl CString {
/// Creates an instance of [`CString`] from the given formatted arguments.
pub fn try_from_fmt(args: fmt::Arguments<'_>) -> Result<Self, Error> {
// Calculate the size needed (formatted string plus `NUL` terminator).
let mut f = RawFormatter::new();
f.write_fmt(args)?;
f.write_str("\0")?;
let size = f.bytes_written();
// Allocate a vector with the required number of bytes, and write to it.
let mut buf = KVec::with_capacity(size, GFP_KERNEL)?;
// SAFETY: The buffer stored in `buf` is at least of size `size` and is valid for writes.
let mut f = unsafe { Formatter::from_buffer(buf.as_mut_ptr(), size) };
f.write_fmt(args)?;
f.write_str("\0")?;
// SAFETY: The number of bytes that can be written to `f` is bounded by `size`, which is
// `buf`'s capacity. The contents of the buffer have been initialised by writes to `f`.
unsafe { buf.inc_len(f.bytes_written()) };
// Check that there are no `NUL` bytes before the end.
// SAFETY: The buffer is valid for read because `f.bytes_written()` is bounded by `size`
// (which the minimum buffer size) and is non-zero (we wrote at least the `NUL` terminator)
// so `f.bytes_written() - 1` doesn't underflow.
let ptr = unsafe { bindings::memchr(buf.as_ptr().cast(), 0, (f.bytes_written() - 1) as _) };
if !ptr.is_null() {
return Err(EINVAL);
}
// INVARIANT: We wrote the `NUL` terminator and checked above that no other `NUL` bytes
// exist in the buffer.
Ok(Self { buf })
}
}
impl Deref for CString {
type Target = CStr;
fn deref(&self) -> &Self::Target {
// SAFETY: The type invariants guarantee that the string is `NUL`-terminated and that no
// other `NUL` bytes exist.
unsafe { CStr::from_bytes_with_nul_unchecked(self.buf.as_slice()) }
}
}
impl DerefMut for CString {
fn deref_mut(&mut self) -> &mut Self::Target {
// SAFETY: A `CString` is always NUL-terminated and contains no other
// NUL bytes.
unsafe { CStr::from_bytes_with_nul_unchecked_mut(self.buf.as_mut_slice()) }
}
}
impl<'a> TryFrom<&'a CStr> for CString {
type Error = AllocError;
fn try_from(cstr: &'a CStr) -> Result<CString, AllocError> {
let mut buf = KVec::new();
buf.extend_from_slice(cstr.as_bytes_with_nul(), GFP_KERNEL)?;
// INVARIANT: The `CStr` and `CString` types have the same invariants for
// the string data, and we copied it over without changes.
Ok(CString { buf })
}
}
impl fmt::Debug for CString {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
fmt::Debug::fmt(&**self, f)
}
}
/// A convenience alias for [`core::format_args`].
#[macro_export]
macro_rules! fmt {
($($f:tt)*) => ( core::format_args!($($f)*) )
}
Reference in New Issue View Git Blame Copy Permalink