Struct ReadWriteProcessBuffer

pub struct ReadWriteProcessBuffer { /* private fields */ }

Read-writable buffer shared by a userspace process.

This struct is provided to capsules when a process allows a particular section of its memory to the kernel and gives the kernel read and write access to this memory.

It can be used to obtain a WriteableProcessSlice, which is based around a slice of Cells. This is because a userspace can allow overlapping sections of memory into different WriteableProcessSlice. Having at least one mutable Rust slice along with read-only or other mutable slices to overlapping memory in Rust violates Rust’s aliasing rules. A slice of Cells avoids this issue by explicitly supporting interior mutability. Still, a memory barrier prior to switching to userspace is required, as the compiler is free to reorder reads and writes, even through Cells.

Implementations

impl ReadWriteProcessBuffer

pub unsafe fn new_external( ptr: *mut u8, len: usize, process_id: ProcessId, _cap: &dyn ExternalProcessCapability, ) -> Self

Construct a new ReadWriteProcessBuffer over a given pointer and length.

Publicly accessible constructor, which requires the capabilities::ExternalProcessCapability capability. This is provided to allow implementations of the Process trait outside of the kernel crate.

Safety requirements

If the length is 0, an arbitrary pointer may be passed into ptr. It does not necessarily have to point to allocated memory, nor does it have to meet Rust’s pointer validity requirements. ReadWriteProcessBuffer must ensure that all Rust slices with a length of 0 must be constructed over a valid (but not necessarily allocated) base pointer.

If the length is not 0, the memory region of [ptr; ptr + len) must be valid memory of the process of the given ProcessId. It must be allocated and and accessible over the entire lifetime of the ReadWriteProcessBuffer. It must not point to memory outside of the process’ accessible memory range, or point (in part) to other processes or kernel memory. The ptr must meet Rust’s requirements for pointer validity, in particular it must have a minimum alignment of core::mem::align_of::<u8>() on the respective platform. It must point to memory mapped as readable and optionally writable and executable.

pub const fn const_default() -> Self

This is a const version of Default::default with the same semantics.

Having a const initializer allows initializing a fixed-size array with default values without the struct being marked Copy as such:

use kernel::processbuffer::ReadWriteProcessBuffer;
const DEFAULT_RWPROCBUF_VAL: ReadWriteProcessBuffer
    = ReadWriteProcessBuffer::const_default();
let my_array = [DEFAULT_RWPROCBUF_VAL; 12];

Trait Implementations

impl Default for ReadWriteProcessBuffer

fn default() -> Self

Returns the “default value” for a type.

impl ReadableProcessBuffer for ReadWriteProcessBuffer

fn len(&self) -> usize

Return the length of the buffer in bytes.

fn ptr(&self) -> *const u8

Return the pointer to the start of the buffer.

fn enter<F, R>(&self, fun: F) -> Result<R, Error>

where F: FnOnce(&ReadableProcessSlice) -> R,

Access the contents of the buffer in a closure.

This verifies the process is still valid before accessing the underlying memory.

impl WriteableProcessBuffer for ReadWriteProcessBuffer

fn mut_enter<F, R>(&self, fun: F) -> Result<R, Error>

where F: FnOnce(&WriteableProcessSlice) -> R,

Applies a function to the mutable process slice reference pointed to by the ReadWriteProcessBuffer.