Home
last modified time | relevance | path

Searched full:safety (Results 1 – 25 of 356) sorted by relevance

12345678910>>...15

/linux/rust/kernel/
H A Dopp.rs43 // SAFETY: The requirements are satisfied by the existence of [`Device`] and its safety in new()
58 // SAFETY: The `ptr` is guaranteed by the C code to be valid. in table()
74 // SAFETY: The pointer was created via `dev_pm_opp_init_cpufreq_table`, and is only in drop()
183 // SAFETY: The requirements are satisfied by the existence of [`Device`] and its safety in new()
195 // SAFETY: The requirements are satisfied by the existence of [`Device`] and its safety in drop()
321 // SAFETY: This is the same token value returned by the C code via `dev_pm_opp_set_config`. in drop()
493 // SAFETY: The requirements are satisfied by the existence of [`Device`] and its safety in set()
514 /// SAFETY: Called from C. Inputs must be valid pointers.
523 // SAFETY: 'dev' is guaranteed by the C code to be valid. in config_clks()
527 // SAFETY: 'opp_table' is guaranteed by the C code to be valid. in config_clks()
[all …]
H A Dauxiliary.rs24 // SAFETY: A call to `unregister` for a given instance of `RegType` is guaranteed to be valid if
34 // SAFETY: It's safe to set the fields of `struct auxiliary_driver` on initialization. in register()
42 // SAFETY: `adrv` is guaranteed to be a valid `RegType`. in register()
49 // SAFETY: `adrv` is guaranteed to be a valid `RegType`. in unregister()
59 // SAFETY: The auxiliary bus only ever calls the probe callback with a valid pointer to a in probe_callback()
65 // SAFETY: `DeviceId` is a `#[repr(transparent)`] wrapper of `struct auxiliary_device_id` in probe_callback()
79 // SAFETY: The auxiliary bus only ever calls the probe callback with a valid pointer to a in remove_callback()
85 // SAFETY: `remove_callback` is only ever called after a successful call to in remove_callback()
114 // SAFETY: FFI type is valid to be zero-initialized. in new()
137 // SAFETY: `DeviceId` is a `#[repr(transparent)]` wrapper of `auxiliary_device_id` and does not add
[all …]
H A Dconfigfs.rs136 // SAFETY: We do not provide any operations on `Subsystem`.
139 // SAFETY: Ownership of `Subsystem` can safely be transferred to other threads.
156 // SAFETY: We initialized the required fields of `place.group` above. in new()
165 // SAFETY: `place.su_mutex` is valid for use as a mutex. in new()
180 // SAFETY: We initialized `this.subsystem` according to C API contract above. in new()
190 // SAFETY: We registered `self.subsystem` in the initializer returned by `Self::new`. in drop()
192 // SAFETY: We initialized the mutex in `Subsystem::new`. in drop()
202 /// # Safety
209 /// # Safety
216 /// # Safety
[all …]
H A Dmm.rs52 // SAFETY: It is safe to call `mmdrop` on another thread than where `mmgrab` was called.
54 // SAFETY: All methods on `Mm` can be called in parallel from several threads.
57 // SAFETY: By the type invariants, this type is always refcounted.
61 // SAFETY: The pointer is valid since self is a reference. in inc_ref()
67 // SAFETY: The caller is giving up their refcount. in dec_ref()
88 // SAFETY: It is safe to call `mmput` on another thread than where `mmget` was called.
90 // SAFETY: All methods on `MmWithUser` can be called in parallel from several threads.
93 // SAFETY: By the type invariants, this type is always refcounted.
97 // SAFETY: The pointer is valid since self is a reference. in inc_ref()
103 // SAFETY: The caller is giving up their refcount. in dec_ref()
[all …]
H A Dcpufreq.rs135 /// # Safety
141 // SAFETY: Guaranteed by the safety requirements of the function. in from_raw_mut()
158 // SAFETY: By the type invariant, the pointer stored in `self` is valid. in generic_verify()
176 /// # Safety
214 /// // SAFETY: Index is a valid entry in the table.
229 /// # Safety
235 // SAFETY: Guaranteed by the safety requirements of the function. in from_raw()
252 // SAFETY: By the type invariant, the pointer stored in `self` is valid and `index` is in freq()
253 // guaranteed to be valid by its safety requirements. in freq()
262 // SAFETY: By the type invariant, the pointer stored in `self` is valid and `index` is in flags()
[all …]
H A Drbtree.rs176 // SAFETY: An [`RBTree`] allows the same kinds of access to its values that a struct allows to its
180 // SAFETY: An [`RBTree`] allows the same kinds of access to its values that a struct allows to its
208 // SAFETY: by the invariants, all pointers are valid. in iter()
223 // SAFETY: by the invariants, all pointers are valid. in iter_mut()
248 // SAFETY: `self.root` is always a valid root node. in cursor_front_mut()
263 // SAFETY: `self.root` is always a valid root node. in cursor_front()
278 // SAFETY: `self.root` is always a valid root node. in cursor_back_mut()
293 // SAFETY: `self.root` is always a valid root node. in cursor_back()
363 // SAFETY: `raw_self` is a valid pointer to the `RBTree` (created from `self` above). in raw_entry()
367 // SAFETY: All links fields we create are in a `Node<K, V>`. in raw_entry()
[all …]
H A Ddevice.rs87 /// // SAFETY: `Device` is a transparent wrapper of a type that doesn't depend on `Device`'s
167 /// # Safety
176 // SAFETY: By the safety requirements ptr is valid in get_device()
182 /// # Safety
189 // CAST: By the safety requirements the caller is responsible to guarantee that the in as_bound()
193 // SAFETY: in as_bound()
203 // SAFETY: By the type invariants, `self.as_raw()` is a valid pointer to a `struct device`. in set_drvdata()
209 /// # Safety
215 // SAFETY: By the type invariants, `self.as_raw()` is a valid pointer to a `struct device`. in drvdata_obtain()
218 // SAFETY: in drvdata_obtain()
[all …]
H A Dxarray.rs67 // SAFETY: `ptr` came from `T::into_foreign`. in drop()
74 // SAFETY: `self.xa` is always valid by the type invariant. in drop()
95 // SAFETY: `xa` is valid while the closure is called. in new()
108 // SAFETY: `self.xa` is always valid by the type invariant. in iter()
113 // SAFETY: `self.xa` is always valid by the type invariant. in iter()
123 // SAFETY: `self.xa` is always valid by the type invariant. in try_lock()
136 // SAFETY: `self.xa` is always valid by the type invariant. in lock()
157 // SAFETY: in drop()
185 // SAFETY: `self.xa.xa` is always valid by the type invariant. in load()
194 // SAFETY: `ptr` came from `T::into_foreign`. in get()
[all …]
H A Dpid_namespace.rs32 /// # Safety
37 // SAFETY: The safety requirements guarantee the validity of the dereference, while the in from_ptr()
43 // SAFETY: Instances of `PidNamespace` are always reference-counted.
47 // SAFETY: The existence of a shared reference means that the refcount is nonzero. in inc_ref()
53 // SAFETY: The safety requirements guarantee that the refcount is non-zero. in dec_ref()
58 // SAFETY:
63 // SAFETY: It's OK to access `PidNamespace` through shared references from other threads because
H A Drevocable.rs73 // SAFETY: `Revocable` is `Send` if the wrapped object is also `Send`. This is because while the
78 // SAFETY: `Revocable` is `Sync` if the wrapped object is both `Send` and `Sync`. We require `Send`
120 // SAFETY: Since `self.is_available` is true, data is initialised and has to remain in try_access_with_guard()
133 /// adds an extra safety to make sure it doesn't happen.
146 /// # Safety
151 // SAFETY: By the safety requirement of this function it is guaranteed that in access()
156 /// # Safety
164 // SAFETY: Just an FFI call, there are no further requirements. in revoke_internal()
168 // SAFETY: We know `self.data` is valid because only one CPU can succeed the in revoke_internal()
184 /// # Safety
[all …]
/linux/Documentation/translations/zh_CN/rust/
H A Dcoding-guidelines.rst53 此外,就像文档一样,注释在句子的开头要大写,并以句号结束(即使是单句)。这包括 ``// SAFETY:``,
80 一种特殊的注释是 ``// SAFETY:`` 注释。这些注释必须出现在每个 ``unsafe`` 块之前,它们
85 // SAFETY: `p` is valid by the safety requirements.
88 ``// SAFETY:`` 注释不能与代码文档中的 ``# Safety`` 部分相混淆。 ``# Safety`` 部
90 ``// SAFETY:`` 注释显示了为什么一个(函数)调用者或(特性)实现者实际上尊重了
91 ``# Safety`` 部分或语言参考中的前提条件。
111 /// # Safety
127 // SAFETY: The safety contract must be upheld by the caller.
137 - 不安全的函数必须在 ``# Safety`` 部分记录其安全前提条件。
150 - 任何 ``unsafe`` 的代码块都必须在前面加上一个 ``// SAFETY:`` 的注释,描述里面
/linux/rust/kernel/debugfs/
H A Dfile_ops.rs30 /// # Safety
52 // SAFETY: `Adapter` asserts that `T` can be legally cast to `T::Inner`. in adapt()
76 /// # Safety
85 // SAFETY: The caller ensures that `inode` is a valid pointer. in writer_open()
87 // SAFETY: in writer_open()
90 // so we meet its safety requirements. in writer_open()
98 /// # Safety
106 // SAFETY: By caller precondition, this pointer is valid pointer to a `T`, and in writer_act()
109 // SAFETY: By caller precondition, `seq_file` points to a live `seq_file`, so we can lift in writer_act()
128 // SAFETY: `file_operations` supports zeroes in all fields.
[all …]
H A Dentry.rs23 // SAFETY: [`Entry`] is just a `dentry` under the hood, which the API promises can be transferred
27 // SAFETY: All the C functions we call on the `dentry` pointer are threadsafe.
36 // SAFETY: The invariants of this function's arguments ensure the safety of this call. in dynamic_dir()
49 /// # Safety
58 // SAFETY: The invariants of this function's arguments ensure the safety of this call. in dynamic_file()
89 // SAFETY: The invariants of this function's arguments ensure the safety of this call. in dir()
109 // SAFETY: The invariants of this function's arguments ensure the safety of this call. in file()
160 // SAFETY: `debugfs_remove` can take `NULL`, error values, and legal DebugFS dentries. in drop()
/linux/rust/kernel/sync/
H A Dlock.rs27 /// # Safety
49 /// # Safety
61 /// # Safety
69 /// # Safety
76 /// # Safety
83 /// # Safety
88 // SAFETY: The safety requirements ensure that the lock is initialised. in relock()
94 /// # Safety
122 // SAFETY: `Lock` can be transferred across thread boundaries iff the data it protects can.
125 // SAFETY: `Lock` serialises the interior mutability it provides, so it is `Sync` as long as the
[all …]
/linux/rust/kernel/alloc/
H A Dkbox.rs144 // SAFETY: All zeros is equivalent to `None` (option layout optimization guarantee:
148 // SAFETY: `Box` is `Send` if `T` is `Send` because the `Box` owns a `T`.
156 // SAFETY: `Box` is `Sync` if `T` is `Sync` because the `Box` owns a `T`.
171 /// # Safety
180 // INVARIANT: Validity of `raw` is guaranteed by the safety preconditions of this function. in from_raw()
181 // SAFETY: By the safety preconditions of this function, `raw` is not a NULL pointer. in from_raw()
196 /// // SAFETY: `ptr` comes from a previous call to `KBox::into_raw`.
212 // SAFETY: `Box::into_raw` always returns a properly aligned and dereferenceable pointer in leak()
227 /// # Safety
233 // SAFETY: `raw` comes from a previous call to `Box::into_raw`. By the safety requirements in assume_init()
[all …]
H A Dallocator.rs74 /// # Safety
76 /// This method has the same safety requirements as [`Allocator::realloc`].
104 // SAFETY: in call()
107 // - `ptr` is either NULL or valid by the safety requirements of this function. in call()
138 // SAFETY: `realloc` delegates to `ReallocFunc::call`, which guarantees that
155 // SAFETY: `ReallocFunc::call` has the same safety requirements as `Allocator::realloc`. in realloc()
173 /// // SAFETY: By the type invariant of `Box` the inner pointer of `vbox` is non-null.
176 /// // SAFETY:
181 /// // SAFETY: There is no concurrent read or write to the same page.
187 /// # Safety
[all …]
H A Dkvec.rs154 // SAFETY: `Vec` is `Send` if `T` is `Send` because `Vec` owns its elements.
162 // SAFETY: `Vec` is `Sync` if `T` is `Sync` because `Vec` owns its elements.
197 /// # Safety
205 // INVARIANT: By the safety requirements of this method this represents the exact number of in inc_len()
215 /// # Safety
224 // SAFETY: The memory after `self.len()` is guaranteed to contain `count` initialized in dec_len()
301 // SAFETY: in spare_capacity_mut()
307 // SAFETY: The memory between `self.len` and `self.capacity` is guaranteed to be allocated in spare_capacity_mut()
327 // SAFETY: The call to `reserve` was successful, so the capacity is at least one greater in push()
350 // SAFETY: The length is less than the capacity. in push_within_capacity()
[all …]
/linux/rust/kernel/list/
H A Dimpl_list_item_mod.rs13 /// # Safety
22 /// # Safety
38 // SAFETY: The implementation of `raw_get_list_links` only compiles if the field has the
49 // SAFETY: The caller promises that the pointer is not dangling. We know that this
62 /// # Safety
83 // SAFETY: The implementation of `raw_get_list_links` only compiles if the field has the
90 // SAFETY: The caller promises that the pointer is not dangling.
193 // SAFETY: See GUARANTEES comment on each method.
201 // SAFETY: The caller guarantees that `me` points at a valid value of type `Self`.
217 // SAFETY: `me` originates from the most recent call to `prepare_to_insert`, so it
[all …]
H A Darc.rs26 /// safety issues.
39 /// # Safety
46 /// # Safety
54 /// # Safety
101 // SAFETY: This field is structurally pinned as per the above assertion.
105 // SAFETY: The caller promises that there is no `ListArc`.
111 // SAFETY: The caller promises that there is no `ListArc` reference, and also
220 // SAFETY: We have a `UniqueArc`, so there is no `ListArc`. in from()
223 // SAFETY: We just called `on_create_list_arc_from_unique` on an arc without a `ListArc`, in from()
256 // SAFETY: We have a `UniqueArc`, so there is no `ListArc`. in pair_from_pin_unique()
[all …]
/linux/rust/pin-init/src/
H A D__internal.rs21 /// It is unsafe to create this type, since the closure needs to fulfill the same safety
25 // SAFETY: While constructing the `InitClosure`, the user promised that it upholds the
37 // SAFETY: While constructing the `InitClosure`, the user promised that it upholds the
52 /// # Safety
64 /// # Safety
82 /// # Safety
94 /// # Safety
119 // SAFETY: TODO.
124 // SAFETY: TODO.
149 // SAFETY: As we are being dropped, we only call this once. And since `self.is_init` is in drop()
[all …]
H A Dalloc.rs20 // SAFETY: All zeros is equivalent to `None` (option layout optimization guarantee:
39 // SAFETY: We delegate to `init` and only change the error type. in pin_init()
56 // SAFETY: We delegate to `init` and only change the error type. in init()
106 // SAFETY: the Arc has just been created and has no external references in try_pin_init()
110 // SAFETY: When init errors/panics, slot will get deallocated but not dropped, in try_pin_init()
113 // SAFETY: All fields have been initialized and this is the only `Arc` to that data. in try_pin_init()
124 // SAFETY: the Arc has just been created and has no external references in try_init()
128 // SAFETY: When init errors/panics, slot will get deallocated but not dropped, in try_init()
131 // SAFETY: All fields have been initialized. in try_init()
141 // SAFETY: When init errors/panics, slot will get deallocated but not dropped, in write_init()
[all …]
/linux/rust/kernel/sync/atomic/
H A Dpredefine.rs8 // SAFETY: `i32` has the same size and alignment with itself, and is round-trip transmutable to
14 // SAFETY: The wrapping add result of two `i32`s is a valid `i32`.
21 // SAFETY: `i64` has the same size and alignment with itself, and is round-trip transmutable to
27 // SAFETY: The wrapping add result of two `i64`s is a valid `i64`.
50 // SAFETY: `isize` has the same size and alignment with `isize_atomic_repr`, and is round-trip
56 // SAFETY: The wrapping add result of two `isize_atomic_repr`s is a valid `usize`.
63 // SAFETY: `u32` and `i32` has the same size and alignment, and `u32` is round-trip transmutable to
69 // SAFETY: The wrapping add result of two `i32`s is a valid `u32`.
76 // SAFETY: `u64` and `i64` has the same size and alignment, and `u64` is round-trip transmutable to
82 // SAFETY: The wrapping add result of two `i64`s is a valid `u64`.
[all …]
/linux/rust/kernel/io/
H A Dresource.rs39 // SAFETY: Safe as per the invariant of `Region`. in deref()
57 // SAFETY: Safe as per the invariant of `Region`. in drop()
62 // SAFETY: `Region` only holds a pointer to a C `struct resource`, which is safe to be used from
66 // SAFETY: `Region` only holds a pointer to a C `struct resource`, references to which are
81 /// # Safety
89 // SAFETY: Self is a transparent wrapper around `Opaque<bindings::resource>`. in from_raw()
105 // SAFETY: in request_region()
129 // SAFETY: Safe as per the invariants of `Resource`. in size()
136 // SAFETY: Safe as per the invariants of `Resource`. in start()
144 // SAFETY: Safe as per the invariants of `Resource`. in name()
[all …]
/linux/rust/kernel/mm/
H A Dvirt.rs44 /// # Safety
50 // SAFETY: The caller ensures that the invariants are satisfied for the duration of 'a. in from_raw()
63 // SAFETY: By the type invariants, this `vm_area_struct` is valid and we hold the mmap/vma in mm()
74 // SAFETY: By the type invariants, the caller holds at least the mmap read lock, so this in flags()
82 // SAFETY: By the type invariants, the caller holds at least the mmap read lock, so this in start()
90 // SAFETY: By the type invariants, the caller holds at least the mmap read lock, so this in end()
123 // SAFETY: By the type invariants, the caller has read access to this VMA, which is in zap_page_range_single()
140 // SAFETY: We just checked that `VM_MIXEDMAP` is set. All other requirements are in as_mixedmap_vma()
180 /// # Safety
186 // SAFETY: The caller ensures that the invariants are satisfied for the duration of 'a. in from_raw()
[all …]
/linux/rust/kernel/fs/
H A Dfile.rs185 // SAFETY: This file is known to not have any active `fdget_pos` calls that did not take the
189 // SAFETY: This file is known to not have any active `fdget_pos` calls that did not take the
193 // SAFETY: The type invariants guarantee that `File` is always ref-counted. This implementation
198 // SAFETY: The existence of a shared reference means that the refcount is nonzero. in inc_ref()
204 // SAFETY: To call this method, the caller passes us ownership of a normal refcount, so we in dec_ref()
229 // SAFETY: The type invariants guarantee that `LocalFile` is always ref-counted. This implementation
234 // SAFETY: The existence of a shared reference means that the refcount is nonzero. in inc_ref()
240 // SAFETY: To call this method, the caller passes us ownership of a normal refcount, so we in dec_ref()
258 // SAFETY: FFI call, there are no requirements on `fd`. in fget()
261 // SAFETY: `bindings::fget` created a refcount, and we pass ownership of it to the `ARef`. in fget()
[all …]

12345678910>>...15