pub struct ReadOnlyProcessBuffer { /* private fields */ }
Expand description

Read-only buffer shared by a userspace process

This struct is provided to capsules when a process allows a particular section of its memory to the kernel and gives the kernel read access to this memory.

It can be used to obtain a ReadableProcessSlice, which is based around a slice of Cells. This is because a userspace can allow overlapping sections of memory into different ReadableProcessSlice. Having at least one mutable Rust slice along with read-only slices to overlapping memory in Rust violates Rust’s aliasing rules. A slice of Cells avoids this issue by explicitly supporting interior mutability. Still, a memory barrier prior to switching to userspace is required, as the compiler is free to reorder reads and writes, even through Cells.


Construct a new ReadOnlyProcessBuffer over a given pointer and length.

Publicly accessible constructor, which requires the capabilities::ExternalProcessCapability capability. This is provided to allow implementations of the Process trait outside of the kernel crate.

Safety requirements

If the length is 0, an arbitrary pointer may be passed into ptr. It does not necessarily have to point to allocated memory, nor does it have to meet Rust’s pointer validity requirements. ReadOnlyProcessBuffer must ensure that all Rust slices with a length of 0 must be constructed over a valid (but not necessarily allocated) base pointer.

If the length is not 0, the memory region of [ptr; ptr + len) must be valid memory of the process of the given ProcessId. It must be allocated and and accessible over the entire lifetime of the ReadOnlyProcessBuffer. It must not point to memory outside of the process’ accessible memory range, or point (in part) to other processes or kernel memory. The ptr must meet Rust’s requirements for pointer validity, in particular it must have a minimum alignment of core::mem::align_of::<u8>() on the respective platform. It must point to memory mapped as readable and optionally writable and executable.

Trait Implementations

Returns the “default value” for a type. Read more

Length of the memory region. Read more

Pointer to the first byte of the userspace memory region. Read more

Applies a function to the (read only) process slice reference pointed to by the process buffer. Read more

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.