From nobody Sun Feb 8 19:40:06 2026 Received: from mail-dy1-f201.google.com (mail-dy1-f201.google.com [74.125.82.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A2F873BFE46 for ; Tue, 3 Feb 2026 15:46:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770133601; cv=none; b=ABltvYkJeqRZ5I62EMaVIGdicF014iRdczHf1LJr1lZTT98SpeXAFypCi9ttY+WeXLwz7vQHo3IWXwKFLV1oDKu2CtXJNrue9DMFkf0ED6dgchkLlmzSeoiZ5ENaSuFSNbQDW+/DwQF72bfg4uppKlieQ2y4acvPzQeweX3ChSs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770133601; c=relaxed/simple; bh=B6pUx1j5pFgygp5i69R4pVf7HKotofgGAbGCOoefnlg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=kxh8QaEtuHxqJ/OJT0vVdUL6AmTO2hhC84wpcPvtUkNmdfXfWXvn5T8DvRCsBt7PIM/LIGPSGnVs7iaN2KXNUx7mzcYD/nGlW/4Jw5m6oUH5Ip84jBTWJGmKBBj/4NwQezOnjo3GI1qigm12hM3rziEGnarNWOj5rEBB6DGGB60= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=y2uRjLBv; arc=none smtp.client-ip=74.125.82.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mmaurer.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="y2uRjLBv" Received: by mail-dy1-f201.google.com with SMTP id 5a478bee46e88-2b72b6fc371so11046462eec.0 for ; Tue, 03 Feb 2026 07:46:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1770133599; x=1770738399; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=3QkppxUftz38QVidHBNdTmT2F8VCX5EZWUQmqLBEfqQ=; b=y2uRjLBvfn8tU0Fib3HMepDwJoWScAED2Z8NPq3Gb/KgpISVXuSCYzTnz44Ub/2RsT D7U6ytX5exnDF/M5d7XJTOfIWO1jSLzkHCKJ760z/84PHHyNZ/xNXj+hldbCx7CVdEf6 bLTsvzBrKbsN3uczsLy3EEvMn7+YhLgQ2UHG8vcPTfGZWVVHkVqe/5Be3uRQgFo/CWrW 2iPF4pmBY0lK62lO+0QGAOD0CRipFxc7Wfjvd7ScQlgpmL53VrRbgkwa4gbqAiKTnbYY ceIbuvIvnTo/s9H4QcwXhX8bsXOzXT+mjWn1TBzC2aVWXFSNwZXizt4LLuN7ou3SJWMo HNqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770133599; x=1770738399; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=3QkppxUftz38QVidHBNdTmT2F8VCX5EZWUQmqLBEfqQ=; b=v2urIiiuXxyxXbfsB5nkhD+ICMniWZgZvk1AphIeCHBP8iY6zppgFb0W3AGMpHs1lp ootXGknxSEQUM7vcDlukxZKmHA0tB/4ZuaJpcUTYXdg3JJlyBZbiUkZqBygdhtqI7h32 4e5D4EYD/neCekoz/UkuGJsZLnIYajJV0D8bgEgLGRTkYDkUsYNqkXZWEgi2325pyT46 L216JntfL09f96FR2iAnzR1TnroFvtcqXyiJ5ISP5uApYV8XcimddVys8vNvcnHfT8kR n0YJGwwlh8A+NILzzL+cnMf+xbEu7HdcniaSyOQMk/+RlOM+mQsJb0P1pYwWsgr6Z0J8 csLA== X-Forwarded-Encrypted: i=1; AJvYcCU3nJhF+xEB6sr01NhEs4WgKQpgoR6xfP57BLZ6DL242LPO2aJ+7dKOIw1ZzgFth9Ejg+zmCZi40neM5Bk=@vger.kernel.org X-Gm-Message-State: AOJu0Yx2/LCP7jgHIrrpxoudaLRNyrqpSXAUJQ5St43ZkdVBl7tsrBiQ I/J0V6sy0f3tiwGCHnOFD+WJbcdPuSMHbYO2E4U5p4//yBNDDNiy65WuphCuKZbr/ptbpkugL7Y 7Ax8FyW0EdA== X-Received: from dydb13.prod.google.com ([2002:a05:7300:80cd:b0:2b6:b139:8515]) (user=mmaurer job=prod-delivery.src-stubby-dispatcher) by 2002:a05:7300:c8d:b0:2b7:f415:53da with SMTP id 5a478bee46e88-2b7f41562demr4507487eec.39.1770133598871; Tue, 03 Feb 2026 07:46:38 -0800 (PST) Date: Tue, 03 Feb 2026 15:46:31 +0000 In-Reply-To: <20260203-qcom-socinfo-v2-0-d6719db85637@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260203-qcom-socinfo-v2-0-d6719db85637@google.com> X-Developer-Key: i=mmaurer@google.com; a=ed25519; pk=2Ezhl7+fEjTOMVFpplDeak2AdQ8cjJieLRVJdNzrW+E= X-Developer-Signature: v=1; a=ed25519-sha256; t=1770133593; l=4973; i=mmaurer@google.com; s=20250429; h=from:subject:message-id; bh=B6pUx1j5pFgygp5i69R4pVf7HKotofgGAbGCOoefnlg=; b=fxAPn9jEKutvpJgCWN9uhdCYYPvpNSAPYUiC58vFHXa9srmJAEVvTYAI4ltyhlDhosBAKf3Rg E9oiUBNs6ZcCvvrOXXHz6bHCDz2FOMAAS2YvT7aTHhFBqLoubFyOfDq X-Mailer: b4 0.14.2 Message-ID: <20260203-qcom-socinfo-v2-2-d6719db85637@google.com> Subject: [PATCH v2 2/6] rust: io: Support copying arrays and slices From: Matthew Maurer To: Bjorn Andersson , Konrad Dybcio , Satya Durga Srinivasu Prabhala , Miguel Ojeda , Boqun Feng , Gary Guo , "=?utf-8?q?Bj=C3=B6rn_Roy_Baron?=" , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich , Daniel Almeida , Greg Kroah-Hartman , "Rafael J. Wysocki" , David Airlie , Simona Vetter , Michal Wilczynski , Dave Ertman , Ira Weiny , Leon Romanovsky Cc: Trilok Soni , linux-kernel@vger.kernel.org, linux-arm-msm@vger.kernel.org, rust-for-linux@vger.kernel.org, driver-core@lists.linux.dev, dri-devel@lists.freedesktop.org, linux-pwm@vger.kernel.org, Matthew Maurer Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Adds support for doing array copies of data in and out of IO regions. Fixed size arrays allow for compile-time bound checking, while slice arguments allow for dynamically checked copies. Signed-off-by: Matthew Maurer --- rust/kernel/io.rs | 72 +++++++++++++++++++++++++++++++++++++++++++++++++++= +++- 1 file changed, 71 insertions(+), 1 deletion(-) diff --git a/rust/kernel/io.rs b/rust/kernel/io.rs index 056a3ec71647b866a9a4b4c9abe9a0844f126930..6e74245eced2c267ba3b5b744ea= b3bc2db670e71 100644 --- a/rust/kernel/io.rs +++ b/rust/kernel/io.rs @@ -266,8 +266,9 @@ macro_rules! define_write { #[inline] const fn offset_valid(offset: usize, size: usize) -> bool { let type_size =3D core::mem::size_of::(); + let type_align =3D core::mem::align_of::(); if let Some(end) =3D offset.checked_add(type_size) { - end <=3D size && offset % type_size =3D=3D 0 + end <=3D size && offset % type_align =3D=3D 0 } else { false } @@ -323,6 +324,25 @@ fn io_addr(&self, offset: usize) -> Result { self.addr().checked_add(offset).ok_or(EINVAL) } =20 + /// Returns the absolute I/O address for a given `offset`, performing = runtime bounds checks + /// to ensure the entire range is available. + #[inline] + fn io_addr_range(&self, offset: usize, count: usize) -> Result { + if count !=3D 0 { + // These ranges are contiguous, so we can just check the first= and last elements. + let bytes =3D (count - 1) + .checked_mul(core::mem::size_of::()) + .ok_or(EINVAL)?; + let end =3D offset.checked_add(bytes).ok_or(EINVAL)?; + if !offset_valid::(offset, self.maxsize()) || !offset_valid= ::(end, self.maxsize()) + { + return Err(EINVAL); + } + } + + self.addr().checked_add(offset).ok_or(EINVAL) + } + /// Returns the absolute I/O address for a given `offset`, /// performing compile-time bound checks. // Always inline to optimize out error path of `build_assert`. @@ -605,4 +625,54 @@ pub unsafe fn from_raw(raw: &MmioRaw) -> &Self { pub try_write64_relaxed, call_mmio_write(writeq_relaxed) <- u64 ); + + /// Write a known size buffer to an offset known at compile time. + /// + /// Bound checks are performed at compile time, hence if the offset is= not known at compile + /// time, the build will fail, and the buffer size must be statically = known. + #[inline] + pub fn copy_from(&self, src: &[u8; N], offset: usize) { + let addr =3D self.io_addr_assert::<[u8; N]>(offset); + // SAFETY: By the type invariant `addr` is a valid address for MMI= O operations, and by the + // assertion it's valid for `N` bytes. + unsafe { bindings::memcpy_toio(addr as *mut c_void, src.as_ptr().c= ast(), N) } + } + + /// Write the contents of a slice to an offset. + /// + /// Bound checks are performed at runtime and will fail if the offset = (plus the slice size) is + /// out of bounds. + #[inline] + pub fn try_copy_from(&self, src: &[u8], offset: usize) -> Result<()> { + let addr =3D self.io_addr_range::(offset, src.len())?; + // SAFETY: By the type invariant `addr` is a valid address for MMI= O operations, and by the + // range check it's valid for `src.len()` bytes. + unsafe { bindings::memcpy_toio(addr as *mut c_void, src.as_ptr().c= ast(), src.len()) }; + Ok(()) + } + + /// Read a known size buffer from an offset known at compile time. + /// + /// Bound checks are performed at compile time, hence if the offset is= not known at compile + /// time, the build will fail, and the buffer size must be statically = known. + #[inline] + pub fn copy_to(&self, dst: &mut [u8; N], offset: usize= ) { + let addr =3D self.io_addr_assert::<[u8; N]>(offset); + // SAFETY: By the type invariant `addr` is a valid address for MMI= O operations, and by the + // assertion it's valid for `N` bytes. + unsafe { bindings::memcpy_fromio(dst.as_mut_ptr().cast(), addr as = *mut c_void, N) } + } + + /// Read into a slice from an offset. + /// + /// Bound checks are performed at runtime and will fail if the offset = (plus the slice size) is + /// out of bounds. + #[inline] + pub fn try_copy_to(&self, dst: &mut [u8], offset: usize) -> Result<()>= { + let addr =3D self.io_addr_range::(offset, dst.len())?; + // SAFETY: By the type invariant `addr` is a valid address for MMI= O operations, and by the + // range check, it's valid for `dst.len()` bytes. + unsafe { bindings::memcpy_fromio(dst.as_mut_ptr().cast(), addr as = *mut c_void, dst.len()) } + Ok(()) + } } --=20 2.53.0.rc2.204.g2597b5adb4-goog