77 /// the read length and the next read will start from there. This helps prevent accidentally reading
149     length: usize,  field
153     /// Constructs a user slice from a raw pointer and a length in bytes.
155     /// Constructing a [`UserSlice`] performs no checks on the provided address and length, it can
165     pub fn new(ptr: UserPtr, length: usize) -> Self {  in new()
166         UserSlice { ptr, length }  in new()
180             length: self.length,  in reader()
188             length: self.length,  in writer()
199                 length: self.length,  in reader_writer()
203                 length: self.length,  in reader_writer()
214     length: usize,  field
220     /// Returns an error if skipping more than the length of the buffer.
222         // Update `self.length` first since that's the fallible part of this operation.  in skip()
223         self.length = self.length.checked_sub(num_skip).ok_or(EFAULT)?;  in skip()
237             length: self.length,  in clone_reader()
245         self.length  in len()
250         self.length == 0  in is_empty()
266         if len > self.length {  in read_raw()
269         // SAFETY: `out_ptr` points into a mutable slice of length `len`, so we may write  in read_raw()
276         self.length -= len;  in read_raw()
339         if len > self.length {  in read()
347         // length is a compile-time constant.  in read()
359         self.length -= len;  in read()
369         let len = self.length;  in read_all()
399         // We never read more than `self.length` bytes.  in strcpy_into_buf()
400         if dst.len() > self.length {  in strcpy_into_buf()
401             dst = &mut dst[..self.length];  in strcpy_into_buf()
412             // because we hit the `self.length` limit of this `UserSliceReader`. Since we did not  in strcpy_into_buf()
413             // fill the buffer, we treat this case as if we tried to read past the `self.length`  in strcpy_into_buf()
415             // methods that also return page faults when you exceed `self.length`.  in strcpy_into_buf()
422             // already represents the length including the NUL-terminator.  in strcpy_into_buf()
429         // update `self.length`. This sidesteps concerns such as whether `self.length` should be  in strcpy_into_buf()
446     length: usize,  field
454         self.length  in len()
459         self.length == 0  in is_empty()
470         if len > self.length {  in write_slice()
473         // SAFETY: `data_ptr` points into an immutable slice of length `len`, so we may read  in write_slice()
480         self.length -= len;  in write_slice()
533         if len > self.length {  in write()
540         // kernel pointer. This mirrors the logic on the C side that skips the check when the length  in write()
553         self.length -= len;  in write()
558 /// Reads a nul-terminated string into `dst` and returns the length.