pub struct ReadOnlyProcessBuffer { /* private fields */ }
Expand description
Read-only buffer shared by a userspace process.
This struct is provided to capsules when a process allow
s a
particular section of its memory to the kernel and gives the
kernel read access to this memory.
It can be used to obtain a ReadableProcessSlice
, which is
based around a slice of Cell
s. This is because a userspace can
allow
overlapping sections of memory into different
ReadableProcessSlice
. Having at least one mutable Rust slice
along with read-only slices to overlapping memory in Rust violates
Rust’s aliasing rules. A slice of Cell
s avoids this issue by
explicitly supporting interior mutability. Still, a memory barrier
prior to switching to userspace is required, as the compiler is
free to reorder reads and writes, even through Cell
s.
Implementations§
Source§impl ReadOnlyProcessBuffer
impl ReadOnlyProcessBuffer
Sourcepub unsafe fn new_external(
ptr: *const u8,
len: usize,
process_id: ProcessId,
_cap: &dyn ExternalProcessCapability,
) -> Self
pub unsafe fn new_external( ptr: *const u8, len: usize, process_id: ProcessId, _cap: &dyn ExternalProcessCapability, ) -> Self
Construct a new ReadOnlyProcessBuffer
over a given pointer
and length.
Publicly accessible constructor, which requires the
capabilities::ExternalProcessCapability
capability. This
is provided to allow implementations of the
Process
trait outside of the
kernel
crate.
§Safety requirements
If the length is 0
, an arbitrary pointer may be passed into
ptr
. It does not necessarily have to point to allocated
memory, nor does it have to meet Rust’s pointer validity
requirements.
ReadOnlyProcessBuffer
must ensure that all Rust slices
with a length of 0
must be constructed over a valid (but not
necessarily allocated) base pointer.
If the length is not 0
, the memory region of [ptr; ptr + len)
must be valid memory of the process of the given
ProcessId
. It must be allocated and and accessible over
the entire lifetime of the ReadOnlyProcessBuffer
. It must
not point to memory outside of the process’ accessible memory
range, or point (in part) to other processes or kernel
memory. The ptr
must meet Rust’s requirements for pointer
validity,
in particular it must have a minimum alignment of
core::mem::align_of::<u8>()
on the respective platform. It
must point to memory mapped as readable and optionally
writable and executable.