Samuka007/asterinas
1
0
Fork 0
mirror of https://github.com/asterinas/asterinas.git synced 2025-06-08 12:56:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add unsafe with caller-upheld comments

Browse Source
This commit is contained in:
Ruihan Li 2025-05-07 23:47:32 +08:00 committed by Junyang Zhang
parent 31dbae5330
commit 619814e652
6 changed files with 31 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ostd/src/io/io_mem/allocator.rs
View File

@ -114,7 +114,8 @@ pub static IO_MEM_ALLOCATOR: Once<IoMemAllocator> = Once::new();
/// User must ensure all the memory I/O regions that belong to the system device have been removed by calling the /// User must ensure all the memory I/O regions that belong to the system device have been removed by calling the
/// `remove` function. /// `remove` function.
pub(crate) unsafe fn init(io_mem_builder: IoMemAllocatorBuilder) { pub(crate) unsafe fn init(io_mem_builder: IoMemAllocatorBuilder) {
IO_MEM_ALLOCATOR.call_once(|| IoMemAllocator::new(io_mem_builder.allocators)); // SAFETY: The safety is upheld by the caller.
IO_MEM_ALLOCATOR.call_once(|| unsafe { IoMemAllocator::new(io_mem_builder.allocators) });
} }
fn find_allocator<'a>( fn find_allocator<'a>(

9
ostd/src/io/mod.rs
View File

@ -37,7 +37,12 @@ cfg_if!(
/// 3. `MAX_IO_PORT` defined in `crate::arch::io` is guaranteed not to /// 3. `MAX_IO_PORT` defined in `crate::arch::io` is guaranteed not to
/// exceed the maximum value specified by architecture. /// exceed the maximum value specified by architecture.
pub(crate) unsafe fn init(io_mem_builder: IoMemAllocatorBuilder) { pub(crate) unsafe fn init(io_mem_builder: IoMemAllocatorBuilder) {
self::io_mem::init(io_mem_builder); // SAFETY: The safety is upheld by the caller.
unsafe { self::io_mem::init(io_mem_builder) };
// SAFETY: The safety is upheld by the caller.
#[cfg(target_arch = "x86_64")] #[cfg(target_arch = "x86_64")]
self::io_port::init(); unsafe {
self::io_port::init()
};
} }

10
ostd/src/mm/io.rs
View File

@ -302,7 +302,9 @@ unsafe fn memcpy(dst: *mut u8, src: *const u8, len: usize) {
// //
// For more details and future possibilities, see // For more details and future possibilities, see
// <https://github.com/asterinas/asterinas/pull/1001#discussion_r1667317406>. // <https://github.com/asterinas/asterinas/pull/1001#discussion_r1667317406>.
core::intrinsics::volatile_copy_memory(dst, src, len);
// SAFETY: The safety is guaranteed by the safety preconditions and the explanation above.
unsafe { core::intrinsics::volatile_copy_memory(dst, src, len) };
} }
/// Copies `len` bytes from `src` to `dst`. /// Copies `len` bytes from `src` to `dst`.
@ -322,7 +324,8 @@ unsafe fn memcpy(dst: *mut u8, src: *const u8, len: usize) {
/// ///
/// [valid]: crate::mm::io#safety /// [valid]: crate::mm::io#safety
unsafe fn memcpy_fallible(dst: *mut u8, src: *const u8, len: usize) -> usize { unsafe fn memcpy_fallible(dst: *mut u8, src: *const u8, len: usize) -> usize {
let failed_bytes = __memcpy_fallible(dst, src, len); // SAFETY: The safety is upheld by the caller.
let failed_bytes = unsafe { __memcpy_fallible(dst, src, len) };
len - failed_bytes len - failed_bytes
} }
@ -337,7 +340,8 @@ unsafe fn memcpy_fallible(dst: *mut u8, src: *const u8, len: usize) -> usize {
/// ///
/// [valid]: crate::mm::io#safety /// [valid]: crate::mm::io#safety
unsafe fn memset_fallible(dst: *mut u8, value: u8, len: usize) -> usize { unsafe fn memset_fallible(dst: *mut u8, value: u8, len: usize) -> usize {
let failed_bytes = __memset_fallible(dst, value, len); // SAFETY: The safety is upheld by the caller.
let failed_bytes = unsafe { __memset_fallible(dst, value, len) };
len - failed_bytes len - failed_bytes
} }

3
ostd/src/mm/page_table/cursor/mod.rs
View File

@ -781,7 +781,8 @@ impl<'rcu, M: PageTableMode, E: PageTableEntryTrait, C: PagingConstsTrait>
// Do copy. // Do copy.
op(&mut prop); op(&mut prop);
self.jump(src_va).unwrap(); self.jump(src_va).unwrap();
let original = self.map(page, prop); // SAFETY: The safety is upheld by the caller.
let original = unsafe { self.map(page, prop) };
assert!(original.is_none()); assert!(original.is_none());
// Only move the source cursor forward since `Self::map` will do it. // Only move the source cursor forward since `Self::map` will do it.

12
ostd/src/mm/page_table/mod.rs
View File

@ -183,7 +183,10 @@ impl PageTable<KernelMode> {
) -> Result<(), PageTableError> { ) -> Result<(), PageTableError> {
let preempt_guard = disable_preempt(); let preempt_guard = disable_preempt();
let mut cursor = CursorMut::new(self, &preempt_guard, vaddr)?; let mut cursor = CursorMut::new(self, &preempt_guard, vaddr)?;
while let Some(range) = cursor.protect_next(vaddr.end - cursor.virt_addr(), &mut op) { // SAFETY: The safety is upheld by the caller.
while let Some(range) =
unsafe { cursor.protect_next(vaddr.end - cursor.virt_addr(), &mut op) }
{
crate::arch::mm::tlb_flush_addr(range.start); crate::arch::mm::tlb_flush_addr(range.start);
} }
Ok(()) Ok(())
@ -202,7 +205,8 @@ impl<M: PageTableMode, E: PageTableEntryTrait, C: PagingConstsTrait> PageTable<M
} }
pub(in crate::mm) unsafe fn first_activate_unchecked(&self) { pub(in crate::mm) unsafe fn first_activate_unchecked(&self) {
self.root.first_activate(); // SAFETY: The safety is upheld by the caller.
unsafe { self.root.first_activate() };
} }
/// The physical address of the root page table. /// The physical address of the root page table.
@ -221,7 +225,9 @@ impl<M: PageTableMode, E: PageTableEntryTrait, C: PagingConstsTrait> PageTable<M
prop: PageProperty, prop: PageProperty,
) -> Result<(), PageTableError> { ) -> Result<(), PageTableError> {
let preempt_guard = disable_preempt(); let preempt_guard = disable_preempt();
self.cursor_mut(&preempt_guard, vaddr)?.map_pa(paddr, prop); let mut cursor = self.cursor_mut(&preempt_guard, vaddr)?;
// SAFETY: The safety is upheld by the caller.
unsafe { cursor.map_pa(paddr, prop) };
Ok(()) Ok(())
} }

6
ostd/src/mm/page_table/node/mod.rs
View File

@ -109,7 +109,8 @@ impl<E: PageTableEntryTrait, C: PagingConstsTrait> PageTableNode<E, C> {
return; return;
} }
activate_page_table(self.clone().into_raw(), CachePolicy::Writeback); // SAFETY: The safety is upheld by the caller.
unsafe { activate_page_table(self.clone().into_raw(), CachePolicy::Writeback) };
// Restore and drop the last activated page table. // Restore and drop the last activated page table.
// SAFETY: The physical address is valid and points to a forgotten page table node. // SAFETY: The physical address is valid and points to a forgotten page table node.
@ -123,7 +124,8 @@ impl<E: PageTableEntryTrait, C: PagingConstsTrait> PageTableNode<E, C> {
pub(super) unsafe fn first_activate(&self) { pub(super) unsafe fn first_activate(&self) {
use crate::{arch::mm::activate_page_table, mm::CachePolicy}; use crate::{arch::mm::activate_page_table, mm::CachePolicy};
activate_page_table(self.clone().into_raw(), CachePolicy::Writeback); // SAFETY: The safety is upheld by the caller.
unsafe { activate_page_table(self.clone().into_raw(), CachePolicy::Writeback) };
} }
} }