| /linux/rust/kernel/ |
| H A D | opp.rs | 43 // SAFETY: The requirements are satisfied by the existence of [`Device`] and its safety in new()
58 // SAFETY: The `ptr` is guaranteed by the C code to be valid. in table()
74 // SAFETY: The pointer was created via `dev_pm_opp_init_cpufreq_table`, and is only in drop()
183 // SAFETY: The requirements are satisfied by the existence of [`Device`] and its safety in new()
195 // SAFETY: The requirements are satisfied by the existence of [`Device`] and its safety in drop()
321 // SAFETY: This is the same token value returned by the C code via `dev_pm_opp_set_config`. in drop()
500 // SAFETY in set()
[all...] |
| H A D | miscdevice.rs | 35 // SAFETY: All zeros is valid for this C type. in into_raw()
63 // SAFETY: It is allowed to call `misc_deregister` on a different thread from where you called
66 // SAFETY: All `&self` methods on this type are written to ensure that it is safe to call them in
75 // SAFETY: The initializer can write to the provided `slot`. in register()
78 // SAFETY: We just wrote the misc device options to the slot. The miscdevice will in register()
96 // SAFETY: This can only be called after a successful register(), which always in device()
108 // SAFETY: We know that the device is registered by the type invariants. in drop()
200 /// # Safety in open()
205 // SAFETY: The pointers are valid and for a file being opened. in open()
211 // SAFETY in open()
[all...] |
| H A D | auxiliary.rs | 24 // SAFETY: A call to `unregister` for a given instance of `RegType` is guaranteed to be valid if
34 // SAFETY: It's safe to set the fields of `struct auxiliary_driver` on initialization. in register()
42 // SAFETY: `adrv` is guaranteed to be a valid `RegType`. in register()
49 // SAFETY: `adrv` is guaranteed to be a valid `RegType`. in unregister()
59 // SAFETY: The auxiliary bus only ever calls the probe callback with a valid pointer to a in probe_callback()
65 // SAFETY: `DeviceId` is a `#[repr(transparent)`] wrapper of `struct auxiliary_device_id` in probe_callback()
79 // SAFETY: The auxiliary bus only ever calls the probe callback with a valid pointer to a in remove_callback()
85 // SAFETY: `remove_callback` is only ever called after a successful call to in remove_callback()
114 // SAFETY: FFI type is valid to be zero-initialized. in new()
137 // SAFETY
[all...] |
| H A D | configfs.rs | 136 // SAFETY: We do not provide any operations on `Subsystem`.
139 // SAFETY: Ownership of `Subsystem` can safely be transferred to other threads.
156 // SAFETY: We initialized the required fields of `place.group` above. in new()
165 // SAFETY: `place.su_mutex` is valid for use as a mutex. in new()
180 // SAFETY: We initialized `this.subsystem` according to C API contract above. in new()
190 // SAFETY: We registered `self.subsystem` in the initializer returned by `Self::new`. in drop()
192 // SAFETY: We initialized the mutex in `Subsystem::new`. in drop()
202 /// # Safety
209 /// # Safety
216 /// # Safety
[all...] |
| H A D | cpumask.rs | 40 /// // SAFETY: The `ptr` is valid for writing and remains valid for the lifetime of the
54 /// # Safety
59 // SAFETY: Guaranteed by the safety requirements of the function. in as_mut_ref()
68 /// # Safety
73 // SAFETY: Guaranteed by the safety requirements of the function. in as_ref()
93 // SAFETY: By the type invariant, `self.as_raw` is a valid argument to `__cpumask_set_cpu`. in set()
104 // SAFETY: By the type invariant, `self.as_raw` is a valid argument to in clear()
114 // SAFETY in test()
[all...] |
| H A D | mm.rs | 52 // SAFETY: It is safe to call `mmdrop` on another thread than where `mmgrab` was called.
54 // SAFETY: All methods on `Mm` can be called in parallel from several threads.
57 // SAFETY: By the type invariants, this type is always refcounted.
61 // SAFETY: The pointer is valid since self is a reference. in inc_ref()
67 // SAFETY: The caller is giving up their refcount. in dec_ref()
88 // SAFETY: It is safe to call `mmput` on another thread than where `mmget` was called.
90 // SAFETY: All methods on `MmWithUser` can be called in parallel from several threads.
93 // SAFETY: By the type invariants, this type is always refcounted.
97 // SAFETY: The pointer is valid since self is a reference. in inc_ref()
103 // SAFETY: The caller is giving up their refcount. in dec_ref()
[all …]
|
| H A D | cpufreq.rs | 135 /// # Safety
141 // SAFETY: Guaranteed by the safety requirements of the function. in from_raw_mut()
158 // SAFETY: By the type invariant, the pointer stored in `self` is valid. in generic_verify()
176 /// # Safety
214 /// // SAFETY: Index is a valid entry in the table.
229 /// # Safety
235 // SAFETY: Guaranteed by the safety requirements of the function. in from_raw()
252 // SAFETY: By the type invariant, the pointer stored in `self` is valid and `index` is in freq()
253 // guaranteed to be valid by its safety requirements. in freq()
262 // SAFETY: By the type invariant, the pointer stored in `self` is valid and `index` is in flags()
[all …]
|
| H A D | pci.rs | 34 // SAFETY: A call to `unregister` for a given instance of `RegType` is guaranteed to be valid if in register()
44 // SAFETY: It's safe to set the fields of `struct pci_driver` on initialization. in register()
52 // SAFETY: `pdrv` is guaranteed to be a valid `RegType`.
59 // SAFETY: `pdrv` is guaranteed to be a valid `RegType`.
69 // SAFETY: The PCI bus only ever calls the probe callback with a valid pointer to a in probe_callback()
75 // SAFETY: `DeviceId` is a `#[repr(transparent)]` wrapper of `struct pci_device_id` and in probe_callback()
89 // SAFETY: The PCI bus only ever calls the remove callback with a valid pointer to a in remove_callback()
95 // SAFETY: `remove_callback` is only ever called after a successful call to in remove_callback()
192 // SAFETY: `DeviceId` is a `#[repr(transparent)]` wrapper of `pci_device_id` and does not add
198 // SAFETY
[all...] |
| H A D | workqueue.rs | 244 // SAFETY: Accesses to workqueues used by [`Queue`] are thread-safe.
246 // SAFETY: Accesses to workqueues used by [`Queue`] are thread-safe.
252 /// # Safety
257 // SAFETY: The `Queue` type is `#[repr(transparent)]`, so the pointer cast is valid. The in from_raw()
273 // SAFETY: We only return `false` if the `work_struct` is already in a workqueue. The other in enqueue()
306 // SAFETY: We only return `false` if the `work_struct` is already in a workqueue. The other in enqueue_delayed()
311 // this closure, and the safety requirements of `RawDelayedWorkItem` expands this in enqueue_delayed()
382 /// # Safety
402 /// # Safety
418 /// # Safety in __enqueue()
[all...] |
| H A D | task.rs | 38 // SAFETY: This expression creates a temporary value that is dropped at the end of the
44 // `begin_new_exec()` is responsible for safety.
99 // SAFETY: By design, the only way to access a `Task` is via the `current` function or via an
105 // SAFETY: It's OK to access `Task` through shared references from other threads because we're
163 // SAFETY: Getting the current pointer is always safe. in current_raw()
172 /// # Safety
187 // SAFETY: The returned reference borrows from this `TaskRef`, so it cannot outlive in current()
209 // SAFETY: The group leader of a task never changes after initialization, so reading this in group_leader()
213 // SAFETY: The lifetime of the returned task reference is tied to the lifetime of `self`, in group_leader()
221 // SAFETY in pid()
[all...] |
| H A D | platform.rs | 28 // SAFETY: A call to `unregister` for a given instance of `RegType` is guaranteed to be valid if
48 // SAFETY: It's safe to set the fields of `struct platform_driver` on initialization. in register()
57 // SAFETY: `pdrv` is guaranteed to be a valid `RegType`. in register()
62 // SAFETY: `pdrv` is guaranteed to be a valid `RegType`. in unregister()
69 // SAFETY: The platform bus only ever calls the probe callback with a valid pointer to a in probe_callback()
85 // SAFETY: The platform bus only ever calls the remove callback with a valid pointer to a in remove_callback()
91 // SAFETY: `remove_callback` is only ever called after a successful call to in remove_callback()
234 // SAFETY: `self.as_raw()` returns a valid pointer to a `struct platform_device`. in resource_by_index()
243 // SAFETY: `resource` is a valid pointer to a `struct resource` as in resource_by_index()
250 // SAFETY in resource_by_name()
[all...] |
| H A D | cred.rs | 30 // SAFETY:
35 // SAFETY: It's OK to access `Credential` through shared references from other threads because
42 /// # Safety
48 // SAFETY: The safety requirements guarantee the validity of the dereference, while the in from_ptr()
63 // SAFETY: The invariants of this type ensures that the pointer is valid.
71 // SAFETY: By the type invariant, we know that `self.0` is valid. Furthermore, the `euid`
78 // SAFETY: The type invariants guarantee that `Credential` is always ref-counted. in inc_ref()
82 // SAFETY: The existence of a shared reference means that the refcount is nonzero. in dec_ref()
88 // SAFETY
[all...] |
| /linux/rust/kernel/drm/ |
| H A D | device.rs | 103 // SAFETY: in new()
117 // SAFETY: `raw_drm` is a valid pointer to `Self`. in new()
120 // SAFETY: in new()
124 // SAFETY: `raw_drm` is a valid pointer to `Self`, given that `__drm_dev_alloc` was in new()
128 // SAFETY: `__drm_dev_alloc()` was successful, hence `drm_dev` must be valid and the in new()
133 // SAFETY: The reference count is one, and now we take ownership of that reference as a in new()
142 /// # Safety
146 // SAFETY: By the safety requirements of this function `ptr` is a valid pointer to a in from_drm_device()
151 /// # Safety
[all...] |
| /linux/rust/kernel/drm/gem/ |
| H A D | mod.rs | 50 /// # Safety
58 // SAFETY: All gem objects are refcounted.
61 // SAFETY: The existence of a shared reference guarantees that the refcount is non-zero. in inc_ref()
66 // SAFETY: We either hold the only refcount on `obj`, or one of many - meaning that no one in dec_ref()
71 // SAFETY: in dec_ref()
72 // - The safety requirements guarantee that the refcount is non-zero. in dec_ref()
82 // SAFETY: `open_callback` is only ever called with a valid pointer to a `struct drm_file`.
85 // SAFETY: `open_callback` is specified in the AllocOps structure for `DriverObject<T>`, in open_callback()
99 // SAFETY: `open_callback` is only ever called with a valid pointer to a `struct drm_file`. in open_callback()
102 // SAFETY in open_callback()
[all...] |
| /linux/Documentation/translations/zh_CN/rust/ |
| H A D | coding-guidelines.rst | 53 此外,就像文档一样,注释在句子的开头要大写,并以句号结束(即使是单句)。这包括 ``// SAFETY:``,
80 一种特殊的注释是 ``// SAFETY:`` 注释。这些注释必须出现在每个 ``unsafe`` 块之前,它们
85 // SAFETY: `p` is valid by the safety requirements.
88 ``// SAFETY:`` 注释不能与代码文档中的 ``# Safety`` 部分相混淆。 ``# Safety`` 部
90 ``// SAFETY:`` 注释显示了为什么一个(函数)调用者或(特性)实现者实际上尊重了
91 ``# Safety`` 部分或语言参考中的前提条件。
111 /// # Safety
127 // SAFETY: The safety contract must be upheld by the caller.
137 - 不安全的函数必须在 ``# Safety`` 部分记录其安全前提条件。
150 - 任何 ``unsafe`` 的代码块都必须在前面加上一个 ``// SAFETY:`` 的注释,描述里面
|
| /linux/rust/kernel/sync/ |
| H A D | lock.rs | 27 /// # Safety
49 /// # Safety
61 /// # Safety
69 /// # Safety
76 /// # Safety
83 /// # Safety
88 // SAFETY: The safety requirements ensure that the lock is initialised. in relock()
94 /// # Safety
121 // SAFETY: `Lock` can be transferred across thread boundaries iff the data it protects can.
124 // SAFETY: `Lock` serialises the interior mutability it provides, so it is `Sync` as long as the
[all …]
|
| H A D | arc.rs | 155 /// # Safety
161 // SAFETY: The caller guarantees that the pointer is valid. in container_of()
163 // SAFETY: We're computing the layout of a real struct that existed when compiling this in container_of()
174 // SAFETY: The pointer is in-bounds of an allocation both before and after offsetting the in container_of()
179 // SAFETY: The pointer can't be null since you can't have an `ArcInner<T>` value at the null in container_of()
194 // SAFETY: It is safe to send `Arc<T>` to another thread when the underlying `T` is `Sync` because
200 // SAFETY: It is safe to send `&Arc<T>` to another thread when the underlying `T` is `Sync`
239 // SAFETY: We just created `inner` with a reference count of 1, which is owned by the new in new()
248 /// # Safety
253 // INVARIANT: By the safety requirement in from_inner()
[all...] |
| /linux/rust/kernel/alloc/ |
| H A D | kbox.rs | 144 // SAFETY: All zeros is equivalent to `None` (option layout optimization guarantee:
148 // SAFETY: `Box` is `Send` if `T` is `Send` because the `Box` owns a `T`.
156 // SAFETY: `Box` is `Sync` if `T` is `Sync` because the `Box` owns a `T`.
171 /// # Safety
180 // INVARIANT: Validity of `raw` is guaranteed by the safety preconditions of this function. in from_raw()
181 // SAFETY: By the safety preconditions of this function, `raw` is not a NULL pointer. in from_raw()
196 /// // SAFETY: `ptr` comes from a previous call to `KBox::into_raw`.
212 // SAFETY: `Box::into_raw` always returns a properly aligned and dereferenceable pointer in leak()
227 /// # Safety
233 // SAFETY: `raw` comes from a previous call to `Box::into_raw`. By the safety requirements in assume_init()
[all …]
|
| /linux/rust/kernel/block/mq/ |
| H A D | request.rs | 61 /// # Safety
69 // INVARIANT: By the safety requirements of this function, invariants are upheld. in aref_from_raw()
70 // SAFETY: By the safety requirement of this function, we own a in aref_from_raw()
81 /// # Safety
86 // SAFETY: By type invariant, `self.0` is a valid `struct request` and in start_unchecked()
127 // SAFETY: By type invariant, `this.0` was a valid `struct request`. The in end_ok()
150 // SAFETY: By type invariant, `self.0` is a valid `struct request` in wrapper_ptr()
152 // SAFETY: We released a refcount above that we can reclaim here. in wrapper_ptr()
161 /// # Safety in wrapper_ref()
[all...] |
| H A D | operations.rs | 72 /// # Safety
89 // SAFETY: `bd.rq` is valid as required by the safety requirement for in queue_rq_callback()
96 // SAFETY: in queue_rq_callback()
98 // - By the safety requirements of this function, `request` is a valid in queue_rq_callback()
104 // SAFETY: `hctx` is valid as required by this function. in queue_rq_callback()
107 // SAFETY: `queue.queuedata` was created by `GenDiskBuilder::build` with in queue_rq_callback()
113 // SAFETY: We have exclusive access and we just set the refcount above.
119 // SAFETY: `bd` is valid as required by the safety requiremen
[all...] |
| /linux/rust/kernel/time/hrtimer/ |
| H A D | pin_mut.rs | 19 // SAFETY: We cancel the timer when the handle is dropped. The implementation of
28 // SAFETY: As we got `self_ptr` from a reference above, it must point to in cancel()
32 // SAFETY: As `timer_ptr` is derived from a reference, it must point to in cancel()
47 // SAFETY: We capture the lifetime of `Self` when we create a
62 // SAFETY: in start()
68 // SAFETY: in start()
92 // SAFETY: By the safety requirement of this function, `timer_ptr` in run()
96 // SAFETY: in run()
97 // - By the safety requiremen in run()
[all...] |
| H A D | pin.rs | 22 // SAFETY: We cancel the timer when the handle is dropped. The implementation of
31 // SAFETY: As we got `self_ptr` from a reference above, it must point to in cancel()
35 // SAFETY: As `timer_ptr` is derived from a reference, it must point to in cancel()
50 // SAFETY: We capture the lifetime of `Self` when we create a `PinHrTimerHandle`,
68 // SAFETY: in start()
89 // SAFETY: By the safety requirement of this function, `timer_ptr` in run()
93 // SAFETY: in run()
94 // - By the safety requirement of this function, `timer_ptr` in run()
96 // - As per the safety requirement in run()
[all...] |
| /linux/rust/kernel/list/ |
| H A D | impl_list_item_mod.rs | 13 /// # Safety
22 /// # Safety
38 // SAFETY: The implementation of `raw_get_list_links` only compiles if the field has the
49 // SAFETY: The caller promises that the pointer is not dangling. We know that this
62 /// # Safety
83 // SAFETY: The implementation of `raw_get_list_links` only compiles if the field has the
90 // SAFETY: The caller promises that the pointer is not dangling.
193 // SAFETY: See GUARANTEES comment on each method.
201 // SAFETY: The caller guarantees that `me` points at a valid value of type `Self`.
217 // SAFETY: `me` originates from the most recent call to `prepare_to_insert`, so it
[all …]
|
| /linux/rust/pin-init/src/ |
| H A D | __internal.rs | 21 /// It is unsafe to create this type, since the closure needs to fulfill the same safety
25 // SAFETY: While constructing the `InitClosure`, the user promised that it upholds the
37 // SAFETY: While constructing the `InitClosure`, the user promised that it upholds the
52 /// # Safety
64 /// # Safety
82 /// # Safety
94 /// # Safety
119 // SAFETY: TODO.
124 // SAFETY: TODO.
149 // SAFETY: As we are being dropped, we only call this once. And since `self.is_init` is in drop()
[all …]
|
| /linux/rust/kernel/net/ |
| H A D | phy.rs | 79 /// # Safety
89 // SAFETY: by the function requirements the pointer is valid and we have unique access for in from_raw()
97 // SAFETY: The struct invariant ensures that we may access in phy_id()
105 // SAFETY: The struct invariant ensures that we may access in state()
130 // SAFETY: The struct invariant ensures that we may access in is_link_up()
142 // SAFETY: The struct invariant ensures that we may access in is_autoneg_enabled()
155 // SAFETY: The struct invariant ensures that we may access in is_autoneg_completed()
164 // SAFETY: The struct invariant ensures that we may access in set_speed()
177 // SAFETY: The struct invariant ensures that we may access in set_duplex()
196 // SAFETY in read_paged()
[all...] |