| /linux/rust/kernel/ |
| H A D | opp.rs | 42 // SAFETY: The requirements are satisfied by the existence of [`Device`] and its safety in new()
57 // SAFETY: The `ptr` is guaranteed by the C code to be valid. in table()
73 // SAFETY: The pointer was created via `dev_pm_opp_init_cpufreq_table`, and is only in drop()
182 // SAFETY: The requirements are satisfied by the existence of [`Device`] and its safety in new()
194 // SAFETY: The requirements are satisfied by the existence of [`Device`] and its safety in drop()
320 // SAFETY: This is the same token value returned by the C code via `dev_pm_opp_set_config`. in drop()
499 // SAFETY: The requirements are satisfied by the existence of [`Device`] and its safety in set()
512 /// SAFETY: Called from C. Inputs must be valid pointers.
521 // SAFETY: 'dev' is guaranteed by the C code to be valid. in config_clks()
525 // SAFETY: 'opp_table' is guaranteed by the C code to be valid. in config_clks()
[all …]
|
| H A D | miscdevice.rs | 35 // SAFETY: All zeros is valid for this C type. in into_raw()
57 // SAFETY: It is allowed to call `misc_deregister` on a different thread from where you called
60 // SAFETY: All `&self` methods on this type are written to ensure that it is safe to call them in
69 // SAFETY: The initializer can write to the provided `slot`. in register()
72 // SAFETY: We just wrote the misc device options to the slot. The miscdevice will in register()
90 // SAFETY: This can only be called after a successful register(), which always in device()
102 // SAFETY: We know that the device is registered by the type invariants. in drop()
184 /// # Safety
189 // SAFETY: The pointers are valid and for a file being opened. in open()
195 // SAFETY: The open call of a file can access the private data. in open()
[all …]
|
| H A D | mm.rs | 51 // SAFETY: It is safe to call `mmdrop` on another thread than where `mmgrab` was called.
53 // SAFETY: All methods on `Mm` can be called in parallel from several threads.
56 // SAFETY: By the type invariants, this type is always refcounted. in inc_ref()
60 // SAFETY: The pointer is valid since self is a reference.
66 // SAFETY: The caller is giving up their refcount.
87 // SAFETY: It is safe to call `mmput` on another thread than where `mmget` was called.
89 // SAFETY: All methods on `MmWithUser` can be called in parallel from several threads.
92 // SAFETY: By the type invariants, this type is always refcounted. in inc_ref()
96 // SAFETY: The pointer is valid since self is a reference.
102 // SAFETY in dec_ref()
[all...] |
| H A D | auxiliary.rs | 25 // SAFETY: A call to `unregister` for a given instance of `RegType` is guaranteed to be valid if
35 // SAFETY: It's safe to set the fields of `struct auxiliary_driver` on initialization. in register()
43 // SAFETY: `adrv` is guaranteed to be a valid `RegType`. in register()
50 // SAFETY: `adrv` is guaranteed to be a valid `RegType`. in unregister()
60 // SAFETY: The auxiliary bus only ever calls the probe callback with a valid pointer to a in probe_callback()
66 // SAFETY: `DeviceId` is a `#[repr(transparent)`] wrapper of `struct auxiliary_device_id` in probe_callback()
74 // SAFETY: By the type invariant `adev.as_raw` returns a valid pointer to a in probe_callback()
87 // SAFETY: The auxiliary bus only ever calls the remove callback with a valid pointer to a in remove_callback()
91 // SAFETY: `remove_callback` is only ever called after a successful call to in remove_callback()
120 // SAFETY: FFI type is valid to be zero-initialized. in new()
[all …]
|
| H A D | configfs.rs | 136 // SAFETY: We do not provide any operations on `Subsystem`.
139 // SAFETY: Ownership of `Subsystem` can safely be transferred to other threads.
156 // SAFETY: We initialized the required fields of `place.group` above. in new()
165 // SAFETY: `place.su_mutex` is valid for use as a mutex. in new()
180 // SAFETY: We initialized `this.subsystem` according to C API contract above. in new()
190 // SAFETY: We registered `self.subsystem` in the initializer returned by `Self::new`. in drop()
192 // SAFETY: We initialized the mutex in `Subsystem::new`. in drop()
202 /// # Safety
209 /// # Safety
216 /// # Safety
[all …]
|
| H A D | cpumask.rs | 43 /// // SAFETY: The `ptr` is valid for writing and remains valid for the lifetime of the
57 /// # Safety
62 // SAFETY: Guaranteed by the safety requirements of the function. in as_mut_ref()
71 /// # Safety
76 // SAFETY: Guaranteed by the safety requirements of the function. in as_ref()
96 // SAFETY: By the type invariant, `self.as_raw` is a valid argument to `__cpumask_set_cpu`. in set()
107 // SAFETY: By the type invariant, `self.as_raw` is a valid argument to in clear()
117 // SAFETY: By the type invariant, `self.as_raw` is a valid argument to `cpumask_test_cpu`. in test()
126 // SAFETY: By the type invariant, `self.as_raw` is a valid argument to `cpumask_setall`. in setall()
135 // SAFETY: By the type invariant, `self.as_raw` is a valid argument to `cpumask_empty`. in empty()
[all …]
|
| H A D | pci.rs | 30 // SAFETY: A call to `unregister` for a given instance of `RegType` is guaranteed to be valid if
40 // SAFETY: It's safe to set the fields of `struct pci_driver` on initialization. in register()
48 // SAFETY: `pdrv` is guaranteed to be a valid `RegType`. in register()
55 // SAFETY: `pdrv` is guaranteed to be a valid `RegType`. in unregister()
65 // SAFETY: The PCI bus only ever calls the probe callback with a valid pointer to a in probe_callback()
71 // SAFETY: `DeviceId` is a `#[repr(transparent)` wrapper of `struct pci_device_id` and in probe_callback()
79 // SAFETY: By the type invariant `pdev.as_raw` returns a valid pointer to a in probe_callback()
90 // SAFETY: The PCI bus only ever calls the remove callback with a valid pointer to a in remove_callback()
94 // SAFETY: `remove_callback` is only ever called after a successful call to in remove_callback()
164 // SAFETY:
[all …]
|
| H A D | cpufreq.rs | 136 /// # Safety
142 // SAFETY: Guaranteed by the safety requirements of the function. in from_raw_mut()
159 // SAFETY: By the type invariant, the pointer stored in `self` is valid. in generic_verify()
177 /// # Safety
215 /// // SAFETY: Index is a valid entry in the table.
230 /// # Safety
236 // SAFETY: Guaranteed by the safety requirements of the function. in from_raw()
253 // SAFETY: By the type invariant, the pointer stored in `self` is valid and `index` is in freq()
254 // guaranteed to be valid by its safety requirements. in freq()
263 // SAFETY: By the type invariant, the pointer stored in `self` is valid and `index` is in flags()
[all …]
|
| H A D | task.rs | 37 // SAFETY: This expression creates a temporary value that is dropped at the end of the
43 // `begin_new_exec()` is responsible for safety.
98 // SAFETY: By design, the only way to access a `Task` is via the `current` function or via an
104 // SAFETY: It's OK to access `Task` through shared references from other threads because we're
162 // SAFETY: Getting the current pointer is always safe. in current_raw()
171 /// # Safety
185 // SAFETY: The returned reference borrows from this `TaskRef`, so it cannot outlive in current()
207 // SAFETY: The group leader of a task never changes after initialization, so reading this in group_leader()
211 // SAFETY: The lifetime of the returned task reference is tied to the lifetime of `self`, in group_leader()
219 // SAFETY: The pid of a task never changes after initialization, so reading this field is in pid()
[all …]
|
| H A D | platform.rs | 25 // SAFETY: A call to `unregister` for a given instance of `RegType` is guaranteed to be valid if
40 // SAFETY: It's safe to set the fields of `struct platform_driver` on initialization. in register()
48 // SAFETY: `pdrv` is guaranteed to be a valid `RegType`. in register()
53 // SAFETY: `pdrv` is guaranteed to be a valid `RegType`. in unregister()
60 // SAFETY: The platform bus only ever calls the probe callback with a valid pointer to a in probe_callback()
70 // SAFETY: By the type invariant `pdev.as_raw` returns a valid pointer to a in probe_callback()
81 // SAFETY: `pdev` is a valid pointer to a `struct platform_device`. in remove_callback()
84 // SAFETY: `remove_callback` is only ever called after a successful call to in remove_callback()
193 // SAFETY: `Device` is a transparent wrapper of a type that doesn't depend on `Device`'s generic
198 // SAFETY: Instances of `Device` are always reference-counted.
[all …]
|
| H A D | workqueue.rs | 158 // SAFETY: Accesses to workqueues used by [`Queue`] are thread-safe.
160 // SAFETY: Accesses to workqueues used by [`Queue`] are thread-safe.
166 /// # Safety
171 // SAFETY: The `Queue` type is `#[repr(transparent)]`, so the pointer cast is valid. The in from_raw()
187 // SAFETY: We only return `false` if the `work_struct` is already in a workqueue. The other in enqueue()
239 // SAFETY: The `func` field is not structurally pinned. in project()
267 /// # Safety
287 /// # Safety
311 /// # Safety
321 /// # Safety
[all …]
|
| H A D | xarray.rs | 66 // SAFETY: `ptr` came from `T::into_foreign`. in drop()
73 // SAFETY: `self.xa` is always valid by the type invariant. in drop()
94 // SAFETY: `xa` is valid while the closure is called. in new()
107 // SAFETY: `self.xa` is always valid by the type invariant. in iter()
112 // SAFETY: `self.xa` is always valid by the type invariant. in iter()
122 // SAFETY: `self.xa` is always valid by the type invariant. in try_lock()
135 // SAFETY: `self.xa` is always valid by the type invariant. in lock()
156 // SAFETY: in drop()
184 // SAFETY: `self.xa.xa` is always valid by the type invariant. in load()
193 // SAFETY: `ptr` came from `T::into_foreign`. in get()
[all …]
|
| H A D | rbtree.rs | 176 // SAFETY: An [`RBTree`] allows the same kinds of access to its values that a struct allows to its
180 // SAFETY: An [`RBTree`] allows the same kinds of access to its values that a struct allows to its
202 // SAFETY: by the invariants, all pointers are valid. in iter()
217 // SAFETY: by the invariants, all pointers are valid. in iter_mut()
242 // SAFETY: `self.root` is always a valid root node in cursor_front()
257 // SAFETY: `self.root` is always a valid root node in cursor_back()
327 // SAFETY: `raw_self` is a valid pointer to the `RBTree` (created from `self` above). in raw_entry()
331 // SAFETY: All links fields we create are in a `Node<K, V>`. in raw_entry()
334 // SAFETY: `node` is a non-null node so it is valid by the type invariants. in raw_entry()
336 // SAFETY: `curr` is a non-null node so it is valid by the type invariants. in raw_entry()
[all …]
|
| H A D | device.rs | 50 /// # Safety
59 // SAFETY: By the safety requirements ptr is valid in get_device()
73 // SAFETY: in parent()
81 // SAFETY: in parent()
91 /// # Safety
98 // SAFETY: Guaranteed by the safety requirements of the function. in as_ref()
108 // SAFETY: `klevel` is null-terminated, uses one of the kernel constants. in pr_emerg()
118 // SAFETY: `klevel` is null-terminated, uses one of the kernel constants. in pr_alert()
128 // SAFETY: `klevel` is null-terminated, uses one of the kernel constants. in pr_crit()
138 // SAFETY: `klevel` is null-terminated, uses one of the kernel constants. in pr_err()
[all …]
|
| /linux/rust/kernel/alloc/ |
| H A D | kbox.rs | 141 // SAFETY: All zeros is equivalent to `None` (option layout optimization guarantee:
145 // SAFETY: `Box` is `Send` if `T` is `Send` because the `Box` owns a `T`.
153 // SAFETY: `Box` is `Sync` if `T` is `Sync` because the `Box` owns a `T`.
168 /// # Safety
177 // INVARIANT: Validity of `raw` is guaranteed by the safety preconditions of this function. in from_raw()
178 // SAFETY: By the safety preconditions of this function, `raw` is not a NULL pointer. in from_raw()
193 /// // SAFETY: `ptr` comes from a previous call to `KBox::into_raw`.
209 // SAFETY: `Box::into_raw` always returns a properly aligned and dereferenceable pointer in leak()
224 /// # Safety
230 // SAFETY: `raw` comes from a previous call to `Box::into_raw`. By the safety requirements in assume_init()
[all …]
|
| /linux/rust/kernel/drm/gem/ |
| H A D | mod.rs | 49 /// # Safety
57 // SAFETY: All gem objects are refcounted.
60 // SAFETY: The existence of a shared reference guarantees that the refcount is non-zero. in inc_ref()
65 // SAFETY: We either hold the only refcount on `obj`, or one of many - meaning that no one in dec_ref()
70 // SAFETY: in dec_ref()
71 // - The safety requirements guarantee that the refcount is non-zero. in dec_ref()
87 // SAFETY: `open_callback` is only ever called with a valid pointer to a `struct drm_file`. in open_callback()
91 // SAFETY: `open_callback` is specified in the AllocOps structure for `Object<T>`, ensuring that in open_callback()
107 // SAFETY: `open_callback` is only ever called with a valid pointer to a `struct drm_file`. in close_callback()
111 // SAFETY: `close_callback` is specified in the AllocOps structure for `Object<T>`, ensuring in close_callback()
[all …]
|
| /linux/Documentation/translations/zh_CN/rust/ |
| H A D | coding-guidelines.rst | 53 此外,就像文档一样,注释在句子的开头要大写,并以句号结束(即使是单句)。这包括 ``// SAFETY:``,
80 一种特殊的注释是 ``// SAFETY:`` 注释。这些注释必须出现在每个 ``unsafe`` 块之前,它们
85 // SAFETY: `p` is valid by the safety requirements.
88 ``// SAFETY:`` 注释不能与代码文档中的 ``# Safety`` 部分相混淆。 ``# Safety`` 部
90 ``// SAFETY:`` 注释显示了为什么一个(函数)调用者或(特性)实现者实际上尊重了
91 ``# Safety`` 部分或语言参考中的前提条件。
111 /// # Safety
127 // SAFETY: The safety contract must be upheld by the caller.
137 - 不安全的函数必须在 ``# Safety`` 部分记录其安全前提条件。
150 - 任何 ``unsafe`` 的代码块都必须在前面加上一个 ``// SAFETY:`` 的注释,描述里面
|
| /linux/rust/kernel/drm/ |
| H A D | device.rs | 99 // SAFETY: in new()
113 // SAFETY: `raw_drm` is a valid pointer to `Self`. in new()
116 // SAFETY: in new()
120 // SAFETY: `__drm_dev_alloc()` was successful, hence `raw_drm` must be valid and the in new()
125 // SAFETY: The reference count is one, and now we take ownership of that reference as a in new()
134 /// # Safety
140 // SAFETY: By the safety requirements of this function `ptr` is a valid pointer to a in from_drm_device()
147 /// # Safety
158 // SAFETY: By the safety requirements of this function `ptr` is a valid pointer to a in as_ref()
162 // SAFETY: `ptr` is valid by the safety requirements of this function. in as_ref()
[all …]
|
| /linux/rust/kernel/list/ |
| H A D | impl_list_item_mod.rs | 15 /// # Safety
26 /// # Safety
35 // SAFETY: The caller promises that the pointer is valid. The implementer promises that the in raw_get_list_links()
49 // SAFETY: The implementation of `raw_get_list_links` only compiles if the field has the
61 // SAFETY: The caller promises that the pointer is not dangling. We know that this
73 /// # Safety
91 // SAFETY: The implementation of `raw_get_list_links` only compiles if the field has the
104 // SAFETY: The caller promises that the pointer is not dangling.
127 // SAFETY: See GUARANTEES comment on each method.
135 // SAFETY: The caller guarantees that `me` points at a valid value of type `Self`.
[all …]
|
| /linux/rust/kernel/sync/ |
| H A D | arc.rs | 154 /// # Safety
160 // SAFETY: The caller guarantees that the pointer is valid. in container_of()
162 // SAFETY: We're computing the layout of a real struct that existed when compiling this in container_of()
173 // SAFETY: The pointer is in-bounds of an allocation both before and after offsetting the in container_of()
178 // SAFETY: The pointer can't be null since you can't have an `ArcInner<T>` value at the null in container_of()
193 // SAFETY: It is safe to send `Arc<T>` to another thread when the underlying `T` is `Sync` because
199 // SAFETY: It is safe to send `&Arc<T>` to another thread when the underlying `T` is `Sync`
231 // SAFETY: There are no safety requirements for this FFI call. in new()
239 // SAFETY: We just created `inner` with a reference count of 1, which is owned by the new in new()
248 /// # Safety
[all …]
|
| /linux/rust/kernel/time/hrtimer/ |
| H A D | pin_mut.rs | 19 // SAFETY: We cancel the timer when the handle is dropped. The implementation of
28 // SAFETY: As we got `self_ptr` from a reference above, it must point to in cancel()
32 // SAFETY: As `timer_ptr` is derived from a reference, it must point to in cancel()
47 // SAFETY: We capture the lifetime of `Self` when we create a
58 // SAFETY: in start()
64 // SAFETY: in start()
88 // SAFETY: By the safety requirement of this function, `timer_ptr` in run()
92 // SAFETY: in run()
93 // - By the safety requirement of this function, `timer_ptr` in run()
95 // - As per the safety requirements of the trait `HrTimerHandle`, the in run()
[all …]
|
| H A D | pin.rs | 21 // SAFETY: We cancel the timer when the handle is dropped. The implementation of
30 // SAFETY: As we got `self_ptr` from a reference above, it must point to in cancel()
34 // SAFETY: As `timer_ptr` is derived from a reference, it must point to in cancel()
49 // SAFETY: We capture the lifetime of `Self` when we create a `PinHrTimerHandle`,
63 // SAFETY: in start()
84 // SAFETY: By the safety requirement of this function, `timer_ptr` in run()
88 // SAFETY: in run()
89 // - By the safety requirement of this function, `timer_ptr` in run()
91 // - As per the safety requirements of the trait `HrTimerHandle`, the in run()
98 // SAFETY: `receiver_ref` only exists as pinned, so it is safe to pin it in run()
|
| /linux/rust/kernel/net/ |
| H A D | phy.rs | 79 /// # Safety
89 // SAFETY: by the function requirements the pointer is valid and we have unique access for in from_raw()
97 // SAFETY: The struct invariant ensures that we may access in phy_id()
105 // SAFETY: The struct invariant ensures that we may access in state()
130 // SAFETY: The struct invariant ensures that we may access in is_link_up()
142 // SAFETY: The struct invariant ensures that we may access in is_autoneg_enabled()
155 // SAFETY: The struct invariant ensures that we may access in is_autoneg_completed()
164 // SAFETY: The struct invariant ensures that we may access in set_speed()
177 // SAFETY: The struct invariant ensures that we may access in set_duplex()
196 // SAFETY in read_paged()
[all...] |
| /linux/rust/pin-init/src/ |
| H A D | alloc.rs | 20 // SAFETY: All zeros is equivalent to `None` (option layout optimization guarantee:
39 // SAFETY: We delegate to `init` and only change the error type. in pin_init()
56 // SAFETY: We delegate to `init` and only change the error type. in init()
106 // SAFETY: the Arc has just been created and has no external references in try_pin_init()
110 // SAFETY: When init errors/panics, slot will get deallocated but not dropped, in try_pin_init()
113 // SAFETY: All fields have been initialized and this is the only `Arc` to that data. in try_pin_init()
124 // SAFETY: the Arc has just been created and has no external references in try_init()
128 // SAFETY: When init errors/panics, slot will get deallocated but not dropped, in try_init()
131 // SAFETY: All fields have been initialized. in try_init()
141 // SAFETY: When init errors/panics, slot will get deallocated but not dropped, in write_init()
[all …]
|
| /linux/rust/kernel/time/ |
| H A D | hrtimer.rs | 105 // SAFETY: Ownership of an `HrTimer` can be moved to other threads and
109 // SAFETY: Timer operations are locked on the C side, so it is safe to operate
122 // SAFETY: By design of `pin_init!`, `place` is a pointer to a in new()
144 /// # Safety
148 // SAFETY: The field projection to `timer` does not go out of bounds, in raw_get()
170 /// # Safety
174 // SAFETY: `this` points to an allocation of at least `HrTimer` size. in raw_cancel()
179 // SAFETY: `c_timer_ptr` is initialized and valid. Synchronization is in raw_cancel()
217 /// # Safety
225 /// # Safety
[all …]
|