Make FileOpenAdapter compatibility an unsafe requirement.

wedsonaf · wedsonaf · commit b6050dc7ddd8 · 2021-03-31T01:32:36.000+01:00
diff --git a/rust/kernel/chrdev.rs b/rust/kernel/chrdev.rs
@@ -114,7 +114,9 @@ impl<const N: usize> Registration<{ N }> {
         unsafe {
             bindings::cdev_init(
                 cdev,
-                &file_operations::FileOperationsVtable::<Self, T>::VTABLE,
+                // SAFETY: The adapter doesn't retrieve any state yet, so it's compatible with any
+                // registration.
+                file_operations::build_file_operations::<Self, T>(),
             );
             (*cdev).owner = this.this_module.0;
             let rc = bindings::cdev_add(cdev, inner.dev + inner.used as bindings::dev_t, 1);
@@ -134,6 +136,8 @@ impl<const N: usize> file_operations::FileOpenAdapter for Registration<{ N }> {
         _inode: *mut bindings::inode,
         _file: *mut bindings::file,
     ) -> *const Self::Arg {
+        // TODO: Update the SAFETY comment on the call to `build_file_operations` above once this
+        // is updated to retrieve state.
         &()
     }
 }
diff --git a/rust/kernel/file_operations.rs b/rust/kernel/file_operations.rs
@@ -15,6 +15,7 @@ use crate::c_types;
 use crate::error::{Error, KernelResult};
 use crate::sync::{Ref, RefCounted};
 use crate::user_ptr::{UserSlicePtr, UserSlicePtrReader, UserSlicePtrWriter};
+pub use file_operations_struct::build_file_operations;
 
 /// Wraps the kernel's `struct file`.
 ///
@@ -201,68 +202,82 @@ unsafe extern "C" fn fsync_callback<T: FileOperations>(
     }
 }
 
-pub(crate) struct FileOperationsVtable<A, T>(marker::PhantomData<A>, marker::PhantomData<T>);
-
-impl<A: FileOpenAdapter, T: FileOpener<A::Arg>> FileOperationsVtable<A, T> {
-    pub(crate) const VTABLE: bindings::file_operations = bindings::file_operations {
-        open: Some(open_callback::<A, T>),
-        release: Some(release_callback::<T>),
-        read: if T::TO_USE.read {
-            Some(read_callback::<T>)
-        } else {
-            None
-        },
-        write: if T::TO_USE.write {
-            Some(write_callback::<T>)
-        } else {
-            None
-        },
-        llseek: if T::TO_USE.seek {
-            Some(llseek_callback::<T>)
-        } else {
-            None
-        },
-
-        check_flags: None,
-        compat_ioctl: if T::TO_USE.compat_ioctl {
-            Some(compat_ioctl_callback::<T>)
-        } else {
-            None
-        },
-        copy_file_range: None,
-        fallocate: None,
-        fadvise: None,
-        fasync: None,
-        flock: None,
-        flush: None,
-        fsync: if T::TO_USE.fsync {
-            Some(fsync_callback::<T>)
-        } else {
-            None
-        },
-        get_unmapped_area: None,
-        iterate: None,
-        iterate_shared: None,
-        iopoll: None,
-        lock: None,
-        mmap: None,
-        mmap_supported_flags: 0,
-        owner: ptr::null_mut(),
-        poll: None,
-        read_iter: None,
-        remap_file_range: None,
-        sendpage: None,
-        setlease: None,
-        show_fdinfo: None,
-        splice_read: None,
-        splice_write: None,
-        unlocked_ioctl: if T::TO_USE.ioctl {
-            Some(unlocked_ioctl_callback::<T>)
-        } else {
-            None
-        },
-        write_iter: None,
-    };
+mod file_operations_struct {
+    use super::*;
+
+    struct FileOperationsVtable<A, T>(marker::PhantomData<A>, marker::PhantomData<T>);
+
+    impl<A: FileOpenAdapter, T: FileOpener<A::Arg>> FileOperationsVtable<A, T> {
+        const VTABLE: bindings::file_operations = bindings::file_operations {
+            open: Some(open_callback::<A, T>),
+            release: Some(release_callback::<T>),
+            read: if T::TO_USE.read {
+                Some(read_callback::<T>)
+            } else {
+                None
+            },
+            write: if T::TO_USE.write {
+                Some(write_callback::<T>)
+            } else {
+                None
+            },
+            llseek: if T::TO_USE.seek {
+                Some(llseek_callback::<T>)
+            } else {
+                None
+            },
+
+            check_flags: None,
+            compat_ioctl: if T::TO_USE.compat_ioctl {
+                Some(compat_ioctl_callback::<T>)
+            } else {
+                None
+            },
+            copy_file_range: None,
+            fallocate: None,
+            fadvise: None,
+            fasync: None,
+            flock: None,
+            flush: None,
+            fsync: if T::TO_USE.fsync {
+                Some(fsync_callback::<T>)
+            } else {
+                None
+            },
+            get_unmapped_area: None,
+            iterate: None,
+            iterate_shared: None,
+            iopoll: None,
+            lock: None,
+            mmap: None,
+            mmap_supported_flags: 0,
+            owner: ptr::null_mut(),
+            poll: None,
+            read_iter: None,
+            remap_file_range: None,
+            sendpage: None,
+            setlease: None,
+            show_fdinfo: None,
+            splice_read: None,
+            splice_write: None,
+            unlocked_ioctl: if T::TO_USE.ioctl {
+                Some(unlocked_ioctl_callback::<T>)
+            } else {
+                None
+            },
+            write_iter: None,
+        };
+    }
+
+    /// Builds an instance of the [`struct file_operations`] for the given file adapter and opener.
+    ///
+    /// # Safety
+    ///
+    /// The caller must ensure that the adapter is compatible with the way the device is registered.
+    pub const unsafe fn build_file_operations<A: FileOpenAdapter, T: FileOpener<A::Arg>>(
+    ) -> &'static bindings::file_operations {
+        &FileOperationsVtable::<A, T>::VTABLE
+    }
 }
 
 /// Represents which fields of [`struct file_operations`] should be populated with pointers.
diff --git a/rust/kernel/miscdev.rs b/rust/kernel/miscdev.rs
@@ -7,7 +7,7 @@
 //! Reference: <https://www.kernel.org/doc/html/latest/driver-api/misc_devices.html>
 
 use crate::error::{Error, KernelResult};
-use crate::file_operations::{FileOpenAdapter, FileOpener, FileOperationsVtable};
+use crate::file_operations::{build_file_operations, FileOpenAdapter, FileOpener};
 use crate::{bindings, c_types, CStr};
 use alloc::boxed::Box;
 use core::marker::PhantomPinned;
@@ -71,7 +71,8 @@ impl<T: Sync> Registration<T> {
             return Err(Error::EINVAL);
         }
 
-        this.mdev.fops = &FileOperationsVtable::<Self, F>::VTABLE;
+        // SAFETY: The adapter is compatible with `misc_register`.
+        this.mdev.fops = unsafe { build_file_operations::<Self, F>() };
         this.mdev.name = name.as_ptr() as *const c_types::c_char;
         this.mdev.minor = minor.unwrap_or(bindings::MISC_DYNAMIC_MINOR as i32);
 
