Home
last modified time | relevance | path

Searched full:safety (Results 1 – 25 of 387) sorted by relevance

12345678910>>...16

/linux/drivers/android/binder/
H A Dpage_range.rs49 // SAFETY: The shrinker and list_lru are thread safe.
51 // SAFETY: The shrinker and list_lru are thread safe.
57 /// # Safety
70 // SAFETY: These fields are not yet used, so it's okay to zero them. in register()
76 // SAFETY: The field is not yet used, so we can initialize it. in register()
82 // SAFETY: The `name` points at a valid c string. in register()
85 // SAFETY: We initialized it, so its okay to destroy it. in register()
90 // SAFETY: We're about to register the shrinker, and these are the fields we need to in register()
98 // SAFETY: The new shrinker has been fully initialized, so we can register it. in register()
101 // SAFETY in register()
[all...]
H A Drust_binder_main.rs288 // SAFETY: We call register in `init`.
295 // SAFETY: The module initializer never runs twice, so we only call this once. in init()
300 // SAFETY: The module is being loaded, so we can initialize binderfs. in init()
310 // SAFETY: Used only to insert C bindings types into globals, which is safe.
317 // SAFETY: All zeroes is safe for the `file_operations` type.
334 /// # Safety
340 // SAFETY: The caller will always provide a valid c string here. in rust_binder_new_context()
348 /// # Safety
353 // SAFETY: The caller ensures that the `device` pointer came from a previous call to in rust_binder_remove_context()
361 /// # Safety
[all …]
H A Dtrace.rs42 // SAFETY: Always safe to call. in trace_ioctl()
48 // SAFETY: Always safe to call. in trace_ioctl_done()
53 // SAFETY: Always safe to call. in trace_read_done()
58 // SAFETY: Always safe to call. in trace_write_done()
64 // SAFETY: Always safe to call. in trace_wait_for_work()
74 // SAFETY: The raw transaction is valid for the duration of this call. The thread pointer is in trace_transaction()
81 // SAFETY: The raw transaction is valid for the duration of this call. in trace_transaction_received()
87 // SAFETY: This function is always safe to call. in trace_transaction_fd_send()
92 // SAFETY: This function is always safe to call. in trace_transaction_fd_recv()
98 // SAFETY: This function is always safe to call. in trace_command()
[all …]
/linux/rust/kernel/
H A Dopp.rs43 // SAFETY: The requirements are satisfied by the existence of [`Device`] and its safety in new()
58 // SAFETY: The `ptr` is guaranteed by the C code to be valid. in table()
74 // SAFETY: The pointer was created via `dev_pm_opp_init_cpufreq_table`, and is only in drop()
183 // SAFETY: The requirements are satisfied by the existence of [`Device`] and its safety in new()
195 // SAFETY: The requirements are satisfied by the existence of [`Device`] and its safety in drop()
321 // SAFETY: This is the same token value returned by the C code via `dev_pm_opp_set_config`. in drop()
493 // SAFETY in set()
[all...]
H A Dauxiliary.rs43 // SAFETY:
54 // SAFETY: A call to `unregister` for a given instance of `DriverType` is guaranteed to be valid if in register()
62 // SAFETY: It's safe to set the fields of `struct auxiliary_driver` on initialization. in register()
70 // SAFETY: `adrv` is guaranteed to be a valid `DriverType`. in unregister()
77 // SAFETY: `adrv` is guaranteed to be a valid `DriverType`. in probe_callback()
87 // SAFETY: The auxiliary bus only ever calls the probe callback with a valid pointer to a in probe_callback()
93 // SAFETY: `DeviceId` is a `#[repr(transparent)`] wrapper of `struct auxiliary_device_id` in probe_callback()
107 // SAFETY: The auxiliary bus only ever calls the probe callback with a valid pointer to a in remove_callback()
113 // SAFETY: `remove_callback` is only ever called after a successful call to in remove_callback()
162 // SAFETY
[all...]
H A Dusb.rs37 // SAFETY:
48 // SAFETY: A call to `unregister` for a given instance of `DriverType` is guaranteed to be valid if
56 // SAFETY: It's safe to set the fields of `struct usb_driver` on initialization. in register()
64 // SAFETY: `udrv` is guaranteed to be a valid `DriverType`. in register()
71 // SAFETY: `udrv` is guaranteed to be a valid `DriverType`.
81 // SAFETY: The USB core only ever calls the probe callback with a valid pointer to a in probe_callback()
88 // SAFETY: `DeviceId` is a `#[repr(transparent)]` wrapper of `struct usb_device_id` and in probe_callback()
102 // SAFETY: The USB core only ever calls the disconnect callback with a valid pointer to a
110 // SAFETY: `disconnect_callback` is only ever called after a successful call to in disconnect_callback()
133 // SAFETY in from_id()
[all...]
H A Dconfigfs.rs135 // SAFETY: We do not provide any operations on `Subsystem`.
138 // SAFETY: Ownership of `Subsystem` can safely be transferred to other threads.
155 // SAFETY: We initialized the required fields of `place.group` above. in new()
164 // SAFETY: `place.su_mutex` is valid for use as a mutex. in new()
179 // SAFETY: We initialized `this.subsystem` according to C API contract above. in new()
189 // SAFETY: We registered `self.subsystem` in the initializer returned by `Self::new`. in drop()
191 // SAFETY: We initialized the mutex in `Subsystem::new`. in drop()
201 /// # Safety
208 /// # Safety
215 /// # Safety
[all...]
H A Dmm.rs52 // SAFETY: It is safe to call `mmdrop` on another thread than where `mmgrab` was called.
54 // SAFETY: All methods on `Mm` can be called in parallel from several threads.
57 // SAFETY: By the type invariants, this type is always refcounted.
61 // SAFETY: The pointer is valid since self is a reference. in inc_ref()
67 // SAFETY: The caller is giving up their refcount. in dec_ref()
88 // SAFETY: It is safe to call `mmput` on another thread than where `mmget` was called.
90 // SAFETY: All methods on `MmWithUser` can be called in parallel from several threads.
93 // SAFETY: By the type invariants, this type is always refcounted.
97 // SAFETY: The pointer is valid since self is a reference. in inc_ref()
103 // SAFETY: The caller is giving up their refcount. in dec_ref()
[all …]
H A Dcpufreq.rs135 /// # Safety
141 // SAFETY: Guaranteed by the safety requirements of the function. in from_raw_mut()
158 // SAFETY: By the type invariant, the pointer stored in `self` is valid. in generic_verify()
176 /// # Safety
214 /// // SAFETY: Index is a valid entry in the table.
229 /// # Safety
235 // SAFETY: Guaranteed by the safety requirements of the function. in from_raw()
252 // SAFETY in freq()
[all...]
H A Dscatterlist.rs56 // SAFETY: `SGEntry` can be sent to any task.
59 // SAFETY: `SGEntry` has no interior mutability and can be accessed concurrently.
65 /// # Safety
71 // SAFETY: The safety requirements of this function guarantee that `ptr` is a valid pointer in from_raw()
87 // SAFETY: `self.as_raw()` is a valid pointer to a `struct scatterlist`. in dma_address()
95 // SAFETY: `self.as_raw()` is a valid pointer to a `struct scatterlist`. in dma_len()
105 // SAFETY: `Borrowed` can be sent to any task.
108 // SAFETY: `Borrowed` has no interior mutability and can be accessed concurrently.
138 /// # Safety
[all...]
H A Di2c.rs59 // SAFETY: `DeviceId` is a `#[repr(transparent)]` wrapper of `i2c_device_id` and does not add
65 // SAFETY: `DRIVER_DATA_OFFSET` is the offset to the `driver_data` field.
94 // SAFETY:
105 // SAFETY: A call to `unregister` for a given instance of `DriverType` is guaranteed to be valid if
133 // SAFETY: It's safe to set the fields of `struct i2c_client` on initialization. in register()
144 // SAFETY: `idrv` is guaranteed to be a valid `DriverType`. in register()
149 // SAFETY: `idrv` is guaranteed to be a valid `DriverType`. in unregister()
156 // SAFETY: The I2C bus only ever calls the probe callback with a valid pointer to a in probe_callback()
174 // SAFETY: `idev` is a valid pointer to a `struct i2c_client`. in remove_callback()
177 // SAFETY in remove_callback()
[all...]
H A Dpci.rs60 // SAFETY:
71 // SAFETY: A call to `unregister` for a given instance of `DriverType` is guaranteed to be valid if
79 // SAFETY: It's safe to set the fields of `struct pci_driver` on initialization. in register()
87 // SAFETY: `pdrv` is guaranteed to be a valid `DriverType`. in register()
94 // SAFETY: `pdrv` is guaranteed to be a valid `DriverType`. in unregister()
104 // SAFETY: The PCI bus only ever calls the probe callback with a valid pointer to a in probe_callback()
110 // SAFETY: `DeviceId` is a `#[repr(transparent)]` wrapper of `struct pci_device_id` and in probe_callback()
124 // SAFETY: The PCI bus only ever calls the remove callback with a valid pointer to a in remove_callback()
130 // SAFETY: `remove_callback` is only ever called after a successful call to in remove_callback()
227 // SAFETY
[all...]
H A Dplatform.rs46 // SAFETY:
57 // SAFETY: A call to `unregister` for a given instance of `DriverType` is guaranteed to be valid if
75 // SAFETY: It's safe to set the fields of `struct platform_driver` on initialization. in register()
84 // SAFETY: `pdrv` is guaranteed to be a valid `DriverType`. in register()
91 // SAFETY: `pdrv` is guaranteed to be a valid `DriverType`. in unregister()
98 // SAFETY: The platform bus only ever calls the probe callback with a valid pointer to a in probe_callback()
114 // SAFETY: The platform bus only ever calls the remove callback with a valid pointer to a in remove_callback()
120 // SAFETY: `remove_callback` is only ever called after a successful call to in remove_callback()
274 // SAFETY: `self.as_raw()` returns a valid pointer to a `struct platform_device`. in resource_by_index()
283 // SAFETY
[all...]
H A Dtask.rs37 // SAFETY: This expression creates a temporary value that is dropped at the end of the
43 // `begin_new_exec()` is responsible for safety.
98 // SAFETY: By design, the only way to access a `Task` is via the `current` function or via an
104 // SAFETY: It's OK to access `Task` through shared references from other threads because we're
162 // SAFETY: Getting the current pointer is always safe. in current_raw()
171 /// # Safety
186 // SAFETY: The returned reference borrows from this `TaskRef`, so it cannot outlive in current()
208 // SAFETY: The pid of a task never changes after initialization, so reading this field is in pid()
216 // SAFETY: It's always safe to call `task_uid` on a valid task. in uid()
223 // SAFETY: It's always safe to call `task_euid` on a valid task. in euid()
[all …]
H A Ddevice.rs92 /// // SAFETY: `Device` is a transparent wrapper of a type that doesn't depend on `Device`'s
171 /// # Safety
180 // SAFETY: By the safety requirements ptr is valid
186 /// # Safety in get_device()
193 // CAST: By the safety requirements the caller is responsible to guarantee that the
197 // SAFETY: in as_bound()
209 // SAFETY: By the type invariants, `self.as_raw()` is a valid pointer to a `struct device`. in set_type_id()
217 /// # Safety in set_type_id()
222 // SAFETY in set_type_id()
[all...]
H A Drbtree.rs176 // SAFETY: An [`RBTree`] allows the same kinds of access to its values that a struct allows to its
180 // SAFETY: An [`RBTree`] allows the same kinds of access to its values that a struct allows to its
208 // SAFETY: by the invariants, all pointers are valid. in iter()
223 // SAFETY: by the invariants, all pointers are valid. in iter_mut()
248 // SAFETY: `self.root` is always a valid root node. in cursor_front_mut()
263 // SAFETY: `self.root` is always a valid root node. in cursor_front()
278 // SAFETY: `self.root` is always a valid root node. in cursor_back_mut()
293 // SAFETY: `self.root` is always a valid root node. in cursor_back()
363 // SAFETY: `raw_self` is a valid pointer to the `RBTree` (created from `self` above). in raw_entry()
367 // SAFETY in raw_entry()
[all...]
/linux/rust/kernel/drm/
H A Ddevice.rs223 // SAFETY: in deref()
237 // SAFETY: `raw_drm` is a valid pointer to `Self`, given that `__drm_dev_alloc` was in dec_ref()
241 // SAFETY: `raw_drm` is a valid pointer to `Self`. in dec_ref()
244 // SAFETY:
248 // SAFETY: `__drm_dev_alloc()` was successful, hence `drm_dev` must be valid and the in as_ref()
253 // SAFETY: `drm_dev` is still private to this function.
256 // SAFETY: The reference count is one, and now we take ownership of that reference as a
295 /// # Safety
299 // SAFETY: By the safety requirement in work_container_of()
[all...]
/linux/rust/kernel/debugfs/
H A Dfile_ops.rs40 /// # Safety in new()
62 // SAFETY: `Adapter` asserts that `T` can be legally cast to `T::Inner`. in deref()
86 /// # Safety in writer_open()
95 // SAFETY: The caller ensures that `inode` is a valid pointer. in writer_open()
97 // SAFETY:
100 // so we meet its safety requirements.
108 /// # Safety in writer_act()
116 // SAFETY: By caller precondition, this pointer is valid pointer to a `T`, and
119 // SAFETY: By caller precondition, `seq_file` points to a live `seq_file`, so we can lift
140 // SAFETY
[all...]
/linux/rust/kernel/drm/gem/
H A Dmod.rs49 // SAFETY: All GEM objects are refcounted.
56 // SAFETY: The existence of a shared reference guarantees that the refcount is
62 // SAFETY: `obj` is a valid pointer to an `Object<T>`.
65 // SAFETY: The safety requirements guarantee that the refcount is non-zero.
119 /// # Safety in open_callback()
131 // SAFETY: `open_callback` is only ever called with a valid pointer to a `struct drm_file`. in open_callback()
134 // SAFETY: in close_callback()
151 // SAFETY: `open_callback` is only ever called with a valid pointer to a `struct drm_file`.
154 // SAFETY in from_raw()
[all...]
H A Dshmem.rs82 // SAFETY: All GEM objects are thread-safe.
85 // SAFETY: All GEM objects are thread-safe.
105 // SAFETY: `drm_gem_shmem_vm_ops` is a valid, static const on the C side.
134 // SAFETY: `obj.as_raw()` is guaranteed to be valid by the initialization above. in new()
137 // SAFETY: The arguments are all valid via the type invariants. in new()
140 // SAFETY: We never move out of `self`. in new()
143 // SAFETY: We're taking over the owned refcount from `drm_gem_shmem_init`. in new()
148 // SAFETY: We have yet to expose the new gem object outside of this function, so it is in new()
153 // SAFETY: We have yet to expose this object outside of this function, so we're guaranteed in dev()
163 // SAFETY in free_callback()
[all...]
/linux/rust/kernel/sync/
H A Dlock.rs27 /// # Safety
49 /// # Safety
61 /// # Safety
69 /// # Safety
76 /// # Safety
83 /// # Safety
88 // SAFETY: The safety requirements ensure that the lock is initialised. in relock()
94 /// # Safety
122 // SAFETY
[all...]
/linux/rust/kernel/alloc/
H A Dkbox.rs142 // SAFETY: All zeros is equivalent to `None` (option layout optimization guarantee:
146 // SAFETY: `Box` is `Send` if `T` is `Send` because the `Box` owns a `T`.
154 // SAFETY: `Box` is `Sync` if `T` is `Sync` because the `Box` owns a `T`.
169 /// # Safety
178 // INVARIANT: Validity of `raw` is guaranteed by the safety preconditions of this function.
179 // SAFETY: By the safety preconditions of this function, `raw` is not a NULL pointer. in from_raw()
194 /// // SAFETY: `ptr` comes from a previous call to `KBox::into_raw`.
210 // SAFETY: `Box::into_raw` always returns a properly aligned and dereferenceable pointer
225 /// # Safety
[all...]
H A Dallocator.rs85 /// # Safety in call()
87 /// This method has the same safety requirements as [`Allocator::realloc`]. in call()
115 // SAFETY: in call()
118 // - `ptr` is either NULL or valid by the safety requirements of this function. in call()
149 // SAFETY: `realloc` delegates to `ReallocFunc::call`, which guarantees that in realloc()
166 // SAFETY: `ReallocFunc::call` has the same safety requirements as `Allocator::realloc`.
187 /// // SAFETY: By the type invariant of `Box` the inner pointer of `vbox` is non-null.
190 /// // SAFETY:
195 /// // SAFETY in to_page()
[all...]
/linux/rust/pin-init/src/
H A D__internal.rs70 /// # Safety
82 /// # Safety
95 /// # Safety in make_closure()
126 // SAFETY: TODO. in make_closure()
151 // SAFETY: As we are being dropped, we only call this once. And since `self.is_init` is
174 // SAFETY: We never move out of `this`.
177 // the memory (this is a safety guarantee of `Pin`).
180 // SAFETY: `this.is_init` was true and therefore `this.value` is initialized.
183 // SAFETY: The memory slot is valid and this type ensures that it will stay pinned. in uninit()
187 // SAFETY in uninit()
[all...]
/linux/rust/kernel/list/
H A Dimpl_list_item_mod.rs13 /// # Safety
22 /// # Safety
39 // SAFETY: The implementation of `raw_get_list_links` only compiles if the field has the
50 // SAFETY: The caller promises that the pointer is not dangling. We know that this
63 /// # Safety
85 // SAFETY: The implementation of `raw_get_list_links` only compiles if the field has the
89 // SAFETY: TODO.
94 // SAFETY: The caller promises that the pointer is not dangling.
197 // SAFETY: See GUARANTEES comment on each method.
205 // SAFETY
[all...]

12345678910>>...16