Commit 0c559323 authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'rust-fixes-6.12' of https://github.com/Rust-for-Linux/linux

Pull Rust fixes from Miguel Ojeda:
 "Toolchain and infrastructure:

   - Fix/improve a couple 'depends on' on the newly added CFI/KASAN
     suppport to avoid build errors/warnings

   - Fix ARCH_SLAB_MINALIGN multiple definition error for RISC-V under
     !CONFIG_MMU

   - Clean upcoming (Rust 1.83.0) Clippy warnings

  'kernel' crate:

   - 'sync' module: fix soundness issue by requiring 'T: Sync' for
     'LockedBy::access'; and fix helpers build error under PREEMPT_RT

   - Fix trivial sorting issue ('rustfmtcheck') on the v6.12 Rust merge"

* tag 'rust-fixes-6.12' of https://github.com/Rust-for-Linux/linux:
  rust: kunit: use C-string literals to clean warning
  cfi: encode cfi normalized integers + kasan/gcov bug in Kconfig
  rust: KASAN+RETHUNK requires rustc 1.83.0
  rust: cfi: fix `patchable-function-entry` starting version
  rust: mutex: fix __mutex_init() usage in case of PREEMPT_RT
  rust: fix `ARCH_SLAB_MINALIGN` multiple definition error
  rust: sync: require `T: Sync` for `LockedBy::access`
  rust: kernel: sort Rust modules
parents 263a25de 05cef2c4
...@@ -838,7 +838,7 @@ config CFI_CLANG ...@@ -838,7 +838,7 @@ config CFI_CLANG
config CFI_ICALL_NORMALIZE_INTEGERS config CFI_ICALL_NORMALIZE_INTEGERS
bool "Normalize CFI tags for integers" bool "Normalize CFI tags for integers"
depends on CFI_CLANG depends on CFI_CLANG
depends on $(cc-option,-fsanitize=kcfi -fsanitize-cfi-icall-experimental-normalize-integers) depends on HAVE_CFI_ICALL_NORMALIZE_INTEGERS
help help
This option normalizes the CFI tags for integer types so that all This option normalizes the CFI tags for integer types so that all
integer types of the same size and signedness receive the same CFI integer types of the same size and signedness receive the same CFI
...@@ -851,6 +851,22 @@ config CFI_ICALL_NORMALIZE_INTEGERS ...@@ -851,6 +851,22 @@ config CFI_ICALL_NORMALIZE_INTEGERS
This option is necessary for using CFI with Rust. If unsure, say N. This option is necessary for using CFI with Rust. If unsure, say N.
config HAVE_CFI_ICALL_NORMALIZE_INTEGERS
def_bool !GCOV_KERNEL && !KASAN
depends on CFI_CLANG
depends on $(cc-option,-fsanitize=kcfi -fsanitize-cfi-icall-experimental-normalize-integers)
help
Is CFI_ICALL_NORMALIZE_INTEGERS supported with the set of compilers
currently in use?
This option defaults to false if GCOV or KASAN is enabled, as there is
an LLVM bug that makes normalized integers tags incompatible with
KASAN and GCOV. Kconfig currently does not have the infrastructure to
detect whether your rustc compiler contains the fix for this bug, so
it is assumed that it doesn't. If your compiler has the fix, you can
explicitly enable this option in your config file. The Kconfig logic
needed to detect this will be added in a future kernel release.
config CFI_PERMISSIVE config CFI_PERMISSIVE
bool "Use CFI in permissive mode" bool "Use CFI in permissive mode"
depends on CFI_CLANG depends on CFI_CLANG
......
...@@ -1946,10 +1946,11 @@ config RUST ...@@ -1946,10 +1946,11 @@ config RUST
depends on !GCC_PLUGIN_RANDSTRUCT depends on !GCC_PLUGIN_RANDSTRUCT
depends on !RANDSTRUCT depends on !RANDSTRUCT
depends on !DEBUG_INFO_BTF || PAHOLE_HAS_LANG_EXCLUDE depends on !DEBUG_INFO_BTF || PAHOLE_HAS_LANG_EXCLUDE
depends on !CFI_CLANG || RUSTC_VERSION >= 107900 && $(cc-option,-fsanitize=kcfi -fsanitize-cfi-icall-experimental-normalize-integers) depends on !CFI_CLANG || RUSTC_VERSION >= 107900 && HAVE_CFI_ICALL_NORMALIZE_INTEGERS
select CFI_ICALL_NORMALIZE_INTEGERS if CFI_CLANG select CFI_ICALL_NORMALIZE_INTEGERS if CFI_CLANG
depends on !CALL_PADDING || RUSTC_VERSION >= 108000 depends on !CALL_PADDING || RUSTC_VERSION >= 108100
depends on !KASAN_SW_TAGS depends on !KASAN_SW_TAGS
depends on !(MITIGATION_RETHUNK && KASAN) || RUSTC_VERSION >= 108300
help help
Enables Rust support in the kernel. Enables Rust support in the kernel.
......
...@@ -24,3 +24,8 @@ ...@@ -24,3 +24,8 @@
# These functions use the `__preserve_most` calling convention, which neither bindgen # These functions use the `__preserve_most` calling convention, which neither bindgen
# nor Rust currently understand, and which Clang currently declares to be unstable. # nor Rust currently understand, and which Clang currently declares to be unstable.
--blocklist-function __list_.*_report --blocklist-function __list_.*_report
# These constants are sometimes not recognized by bindgen depending on config.
# We use const helpers to aid bindgen, to avoid conflicts when constants are
# recognized, block generation of the non-helper constants.
--blocklist-item ARCH_SLAB_MINALIGN
...@@ -7,3 +7,9 @@ void rust_helper_mutex_lock(struct mutex *lock) ...@@ -7,3 +7,9 @@ void rust_helper_mutex_lock(struct mutex *lock)
{ {
mutex_lock(lock); mutex_lock(lock);
} }
void rust_helper___mutex_init(struct mutex *mutex, const char *name,
struct lock_class_key *key)
{
__mutex_init(mutex, name, key);
}
...@@ -18,7 +18,7 @@ pub fn err(args: fmt::Arguments<'_>) { ...@@ -18,7 +18,7 @@ pub fn err(args: fmt::Arguments<'_>) {
#[cfg(CONFIG_PRINTK)] #[cfg(CONFIG_PRINTK)]
unsafe { unsafe {
bindings::_printk( bindings::_printk(
b"\x013%pA\0".as_ptr() as _, c"\x013%pA".as_ptr() as _,
&args as *const _ as *const c_void, &args as *const _ as *const c_void,
); );
} }
...@@ -34,7 +34,7 @@ pub fn info(args: fmt::Arguments<'_>) { ...@@ -34,7 +34,7 @@ pub fn info(args: fmt::Arguments<'_>) {
#[cfg(CONFIG_PRINTK)] #[cfg(CONFIG_PRINTK)]
unsafe { unsafe {
bindings::_printk( bindings::_printk(
b"\x016%pA\0".as_ptr() as _, c"\x016%pA".as_ptr() as _,
&args as *const _ as *const c_void, &args as *const _ as *const c_void,
); );
} }
......
...@@ -44,8 +44,8 @@ ...@@ -44,8 +44,8 @@
pub mod page; pub mod page;
pub mod prelude; pub mod prelude;
pub mod print; pub mod print;
pub mod sizes;
pub mod rbtree; pub mod rbtree;
pub mod sizes;
mod static_assert; mod static_assert;
#[doc(hidden)] #[doc(hidden)]
pub mod std_vendor; pub mod std_vendor;
......
...@@ -83,8 +83,12 @@ pub struct LockedBy<T: ?Sized, U: ?Sized> { ...@@ -83,8 +83,12 @@ pub struct LockedBy<T: ?Sized, U: ?Sized> {
// SAFETY: `LockedBy` can be transferred across thread boundaries iff the data it protects can. // SAFETY: `LockedBy` can be transferred across thread boundaries iff the data it protects can.
unsafe impl<T: ?Sized + Send, U: ?Sized> Send for LockedBy<T, U> {} unsafe impl<T: ?Sized + Send, U: ?Sized> Send for LockedBy<T, U> {}
// SAFETY: `LockedBy` serialises the interior mutability it provides, so it is `Sync` as long as the // SAFETY: If `T` is not `Sync`, then parallel shared access to this `LockedBy` allows you to use
// data it protects is `Send`. // `access_mut` to hand out `&mut T` on one thread at the time. The requirement that `T: Send` is
// sufficient to allow that.
//
// If `T` is `Sync`, then the `access` method also becomes available, which allows you to obtain
// several `&T` from several threads at once. However, this is okay as `T` is `Sync`.
unsafe impl<T: ?Sized + Send, U: ?Sized> Sync for LockedBy<T, U> {} unsafe impl<T: ?Sized + Send, U: ?Sized> Sync for LockedBy<T, U> {}
impl<T, U> LockedBy<T, U> { impl<T, U> LockedBy<T, U> {
...@@ -118,7 +122,10 @@ impl<T: ?Sized, U> LockedBy<T, U> { ...@@ -118,7 +122,10 @@ impl<T: ?Sized, U> LockedBy<T, U> {
/// ///
/// Panics if `owner` is different from the data protected by the lock used in /// Panics if `owner` is different from the data protected by the lock used in
/// [`new`](LockedBy::new). /// [`new`](LockedBy::new).
pub fn access<'a>(&'a self, owner: &'a U) -> &'a T { pub fn access<'a>(&'a self, owner: &'a U) -> &'a T
where
T: Sync,
{
build_assert!( build_assert!(
size_of::<U>() > 0, size_of::<U>() > 0,
"`U` cannot be a ZST because `owner` wouldn't be unique" "`U` cannot be a ZST because `owner` wouldn't be unique"
...@@ -127,7 +134,10 @@ pub fn access<'a>(&'a self, owner: &'a U) -> &'a T { ...@@ -127,7 +134,10 @@ pub fn access<'a>(&'a self, owner: &'a U) -> &'a T {
panic!("mismatched owners"); panic!("mismatched owners");
} }
// SAFETY: `owner` is evidence that the owner is locked. // SAFETY: `owner` is evidence that there are only shared references to the owner for the
// duration of 'a, so it's not possible to use `Self::access_mut` to obtain a mutable
// reference to the inner value that aliases with this shared reference. The type is `Sync`
// so there are no other requirements.
unsafe { &*self.data.get() } unsafe { &*self.data.get() }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment