From f7afdc473794ab71d38475755be72dc95e361c31 Mon Sep 17 00:00:00 2001 From: Danilo Krummrich Date: Mon, 3 Nov 2025 20:06:49 +0100 Subject: rust: dma: make use of start_ptr() and start_ptr_mut() Using start_ptr() and start_ptr_mut() has the advantage that we inherit the requirements the a mutable or immutable reference from those methods. Hence, use them instead of self.cpu_addr. Reviewed-by: Alice Ryhl Link: https://patch.msgid.link/20251103190655.2326191-1-dakr@kernel.org [ Keep using self.cpu_addr in item_from_index(). - Danilo ] Signed-off-by: Danilo Krummrich --- rust/kernel/dma.rs | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'rust/kernel/dma.rs') diff --git a/rust/kernel/dma.rs b/rust/kernel/dma.rs index 4e0af3e1a3b9..ff2014cd39d1 100644 --- a/rust/kernel/dma.rs +++ b/rust/kernel/dma.rs @@ -505,7 +505,7 @@ impl CoherentAllocation { // data is also guaranteed by the safety requirements of the function. // - `offset + count` can't overflow since it is smaller than `self.count` and we've checked // that `self.count` won't overflow early in the constructor. - Ok(unsafe { core::slice::from_raw_parts(self.cpu_addr.add(offset), count) }) + Ok(unsafe { core::slice::from_raw_parts(self.start_ptr().add(offset), count) }) } /// Performs the same functionality as [`CoherentAllocation::as_slice`], except that a mutable @@ -525,7 +525,7 @@ impl CoherentAllocation { // data is also guaranteed by the safety requirements of the function. // - `offset + count` can't overflow since it is smaller than `self.count` and we've checked // that `self.count` won't overflow early in the constructor. - Ok(unsafe { core::slice::from_raw_parts_mut(self.cpu_addr.add(offset), count) }) + Ok(unsafe { core::slice::from_raw_parts_mut(self.start_ptr_mut().add(offset), count) }) } /// Writes data to the region starting from `offset`. `offset` is in units of `T`, not the @@ -557,7 +557,11 @@ impl CoherentAllocation { // - `offset + count` can't overflow since it is smaller than `self.count` and we've checked // that `self.count` won't overflow early in the constructor. unsafe { - core::ptr::copy_nonoverlapping(src.as_ptr(), self.cpu_addr.add(offset), src.len()) + core::ptr::copy_nonoverlapping( + src.as_ptr(), + self.start_ptr_mut().add(offset), + src.len(), + ) }; Ok(()) } @@ -637,7 +641,7 @@ impl Drop for CoherentAllocation { bindings::dma_free_attrs( self.dev.as_raw(), size, - self.cpu_addr.cast(), + self.start_ptr_mut().cast(), self.dma_handle, self.dma_attrs.as_raw(), ) -- cgit From ededb7bcdfdbcfbb7af93e3a543165a9553e1683 Mon Sep 17 00:00:00 2001 From: Danilo Krummrich Date: Mon, 3 Nov 2025 20:06:50 +0100 Subject: rust: dma: use NonNull instead of *mut T In struct CoherentAllocation, use NonNull instead of a raw *mut T for the CPU address; the CPU address of a valid CoherentAllocation won't ever be NULL. Reviewed-by: Alice Ryhl Link: https://patch.msgid.link/20251103190655.2326191-2-dakr@kernel.org Signed-off-by: Danilo Krummrich --- rust/kernel/dma.rs | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) (limited to 'rust/kernel/dma.rs') diff --git a/rust/kernel/dma.rs b/rust/kernel/dma.rs index ff2014cd39d1..84d3c67269e8 100644 --- a/rust/kernel/dma.rs +++ b/rust/kernel/dma.rs @@ -12,6 +12,7 @@ use crate::{ sync::aref::ARef, transmute::{AsBytes, FromBytes}, }; +use core::ptr::NonNull; /// DMA address type. /// @@ -358,7 +359,7 @@ pub struct CoherentAllocation { dev: ARef, dma_handle: DmaAddress, count: usize, - cpu_addr: *mut T, + cpu_addr: NonNull, dma_attrs: Attrs, } @@ -392,7 +393,7 @@ impl CoherentAllocation { .ok_or(EOVERFLOW)?; let mut dma_handle = 0; // SAFETY: Device pointer is guaranteed as valid by the type invariant on `Device`. - let ret = unsafe { + let addr = unsafe { bindings::dma_alloc_attrs( dev.as_raw(), size, @@ -401,9 +402,7 @@ impl CoherentAllocation { dma_attrs.as_raw(), ) }; - if ret.is_null() { - return Err(ENOMEM); - } + let addr = NonNull::new(addr).ok_or(ENOMEM)?; // INVARIANT: // - We just successfully allocated a coherent region which is accessible for // `count` elements, hence the cpu address is valid. We also hold a refcounted reference @@ -414,7 +413,7 @@ impl CoherentAllocation { dev: dev.into(), dma_handle, count, - cpu_addr: ret.cast::(), + cpu_addr: addr.cast(), dma_attrs, }) } @@ -446,13 +445,13 @@ impl CoherentAllocation { /// Returns the base address to the allocated region in the CPU's virtual address space. pub fn start_ptr(&self) -> *const T { - self.cpu_addr + self.cpu_addr.as_ptr() } /// Returns the base address to the allocated region in the CPU's virtual address space as /// a mutable pointer. pub fn start_ptr_mut(&mut self) -> *mut T { - self.cpu_addr + self.cpu_addr.as_ptr() } /// Returns a DMA handle which may be given to the device as the DMA address base of @@ -580,7 +579,7 @@ impl CoherentAllocation { // and we've just checked that the range and index is within bounds. // - `offset` can't overflow since it is smaller than `self.count` and we've checked // that `self.count` won't overflow early in the constructor. - Ok(unsafe { self.cpu_addr.add(offset) }) + Ok(unsafe { self.cpu_addr.as_ptr().add(offset) }) } /// Reads the value of `field` and ensures that its type is [`FromBytes`]. -- cgit