Struct kernel::grant::EnteredGrantKernelManagedLayout

source ·
struct EnteredGrantKernelManagedLayout<'a> {
    process: &'a dyn Process,
    grant_num: usize,
    counters_ptr: *mut usize,
    upcalls_array: *mut SavedUpcall,
    allow_ro_array: *mut SavedAllowRo,
    allow_rw_array: *mut SavedAllowRw,
}
Expand description

Helper that calculated offsets within the kernel owned memory (i.e. the non-T part of grant).

Example layout of full grant belonging to a single app and driver:

0x003FFC8  ┌────────────────────────────────────┐
           │   T                                |
0x003FFxx  ├  ───────────────────────── ┐ K     |
           │   Padding (ensure T aligns)| e     |
0x003FF44  ├  ───────────────────────── | r     |
           │   SavedAllowRwN            | n     |
           │   ...                      | e     | G
           │   SavedAllowRw1            | l     | r
           │   SavedAllowRw0            |       | a
0x003FF44  ├  ───────────────────────── | O     | n
           │   SavedAllowRoN            | w     | t
           │   ...                      | n     |
           │   SavedAllowRo1            | e     | M
           │   SavedAllowRo0            | d     | e
0x003FF30  ├  ───────────────────────── |       | m
           │   SavedUpcallN             | D     | o
           │   ...                      | a     | r
           │   SavedUpcall1             | t     | y
           │   SavedUpcall0             | a     |
0x003FF24  ├  ───────────────────────── |       |
           │   Counters (usize)         |       |
0x003FF20  └────────────────────────────────────┘

The counters structure is composed as:

0             1             2             3         bytes
|-------------|-------------|-------------|-------------|
| # Upcalls   | # RO Allows | # RW Allows | [unused]    |
|-------------|-------------|-------------|-------------|

This type is created whenever a grant is entered, and is responsible for ensuring that the grant is closed when it is no longer used. On Drop, we leave the grant. This protects against calling grant.enter() without calling the corresponding grant.leave(), perhaps due to accidentally using the ? operator.

Fields§

§process: &'a dyn Process

Leaving a grant is handled through the process implementation, so must keep a reference to the relevant process.

§grant_num: usize

The grant number of the entered grant that we want to ensure we leave properly.

§counters_ptr: *mut usize

The location of the counters structure for the grant.

§upcalls_array: *mut SavedUpcall

Pointer to the array of saved upcalls.

§allow_ro_array: *mut SavedAllowRo

Pointer to the array of saved read-only allows.

§allow_rw_array: *mut SavedAllowRw

Pointer to the array of saved read-write allows.

Implementations§

source§

impl<'a> EnteredGrantKernelManagedLayout<'a>

source

unsafe fn read_from_base( base_ptr: NonNull<u8>, process: &'a dyn Process, grant_num: usize, ) -> Self

Reads the specified pointer as the base of the kernel owned grant region that has previously been initialized.

§Safety

The incoming base pointer must be well aligned and already contain initialized data in the expected form. There must not be any other EnteredGrantKernelManagedLayout for the given base_ptr at the same time, otherwise multiple mutable references to the same upcall/allow slices could be created.

source

unsafe fn initialize_from_counts( base_ptr: NonNull<u8>, upcalls_num_val: UpcallItems, allow_ro_num_val: AllowRoItems, allow_rw_num_val: AllowRwItems, process: &'a dyn Process, grant_num: usize, ) -> Self

Creates a layout from the specified pointer and lengths of arrays and initializes the kernel owned portion of the layout.

§Safety

The incoming base pointer must be well aligned and reference enough memory to hold the entire kernel managed grant structure. There must not be any other EnteredGrantKernelManagedLayout for the given base_ptr at the same time, otherwise multiple mutable references to the same upcall/allow slices could be created.

source

fn grant_size( upcalls_num: UpcallItems, allow_ro_num: AllowRoItems, allow_rw_num: AllowRwItems, grant_t_size: GrantDataSize, grant_t_align: GrantDataAlign, ) -> usize

Returns the entire grant size including the kernel owned memory, padding, and data for T. Requires that grant_t_align be a power of 2, which is guaranteed from align_of rust calls.

source

fn grant_align(grant_t_align: GrantDataAlign) -> usize

Returns the alignment of the entire grant region based on the alignment of data T.

source

unsafe fn offset_of_grant_data_t( base_ptr: NonNull<u8>, grant_size: usize, grant_t_size: GrantDataSize, ) -> NonNull<u8>

Returns the offset for the grant data t within the entire grant region.

§Safety

The caller must ensure that the specified base pointer is aligned to at least the alignment of T and points to a grant that is of size grant_size bytes.

source

fn get_counter_offset(&self, offset_bits: usize) -> usize

Read an 8 bit value from the counter field offset by the specified number of bits. This is a helper function for reading the counter field.

source

fn get_upcalls_number(&self) -> usize

Return the number of upcalls stored by the core kernel for this grant.

source

fn get_allow_ro_number(&self) -> usize

Return the number of read-only allow buffers stored by the core kernel for this grant.

source

fn get_allow_rw_number(&self) -> usize

Return the number of read-write allow buffers stored by the core kernel for this grant.

source

fn get_upcalls_slice(&mut self) -> &mut [SavedUpcall]

Return mutable access to the slice of stored upcalls for this grant. This is necessary for storing a new upcall.

source

fn get_allow_ro_slice(&mut self) -> &mut [SavedAllowRo]

Return mutable access to the slice of stored read-only allow buffers for this grant. This is necessary for storing a new read-only allow.

source

fn get_allow_rw_slice(&mut self) -> &mut [SavedAllowRw]

Return mutable access to the slice of stored read-write allow buffers for this grant. This is necessary for storing a new read-write allow.

source

fn get_resource_slices( &self, ) -> (&[SavedUpcall], &[SavedAllowRo], &[SavedAllowRw])

Return slices to the kernel managed upcalls and allow buffers. This permits using upcalls and allow buffers when a capsule is accessing a grant.

Trait Implementations§

source§

impl Drop for EnteredGrantKernelManagedLayout<'_>

source§

fn drop(&mut self)

Executes the destructor for this type. Read more

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.