1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
// SPDX-License-Identifier: GPL-2.0
// Copyright (C) 2025 Google LLC.
use super::Writer;
use crate::prelude::*;
use crate::seq_file::SeqFile;
use crate::seq_print;
use core::fmt::{Display, Formatter, Result};
use core::marker::PhantomData;
#[cfg(CONFIG_DEBUG_FS)]
use core::ops::Deref;
/// # Invariant
///
/// `FileOps<T>` will always contain an `operations` which is safe to use for a file backed
/// off an inode which has a pointer to a `T` in its private data that is safe to convert
/// into a reference.
pub(super) struct FileOps<T> {
#[cfg(CONFIG_DEBUG_FS)]
operations: bindings::file_operations,
#[cfg(CONFIG_DEBUG_FS)]
mode: u16,
_phantom: PhantomData<T>,
}
impl<T> FileOps<T> {
/// # Safety
///
/// The caller asserts that the provided `operations` is safe to use for a file whose
/// inode has a pointer to `T` in its private data that is safe to convert into a reference.
const unsafe fn new(operations: bindings::file_operations, mode: u16) -> Self {
Self {
#[cfg(CONFIG_DEBUG_FS)]
operations,
#[cfg(CONFIG_DEBUG_FS)]
mode,
_phantom: PhantomData,
}
}
#[cfg(CONFIG_DEBUG_FS)]
pub(crate) const fn mode(&self) -> u16 {
self.mode
}
}
#[cfg(CONFIG_DEBUG_FS)]
impl<T> Deref for FileOps<T> {
type Target = bindings::file_operations;
fn deref(&self) -> &Self::Target {
&self.operations
}
}
struct WriterAdapter<T>(T);
impl<'a, T: Writer> Display for WriterAdapter<&'a T> {
fn fmt(&self, f: &mut Formatter<'_>) -> Result {
self.0.write(f)
}
}
/// Implements `open` for `file_operations` via `single_open` to fill out a `seq_file`.
///
/// # Safety
///
/// * `inode`'s private pointer must point to a value of type `T` which will outlive the `inode`
/// and will not have any unique references alias it during the call.
/// * `file` must point to a live, not-yet-initialized file object.
unsafe extern "C" fn writer_open<T: Writer + Sync>(
inode: *mut bindings::inode,
file: *mut bindings::file,
) -> c_int {
// SAFETY: The caller ensures that `inode` is a valid pointer.
let data = unsafe { (*inode).i_private };
// SAFETY:
// * `file` is acceptable by caller precondition.
// * `print_act` will be called on a `seq_file` with private data set to the third argument,
// so we meet its safety requirements.
// * The `data` pointer passed in the third argument is a valid `T` pointer that outlives
// this call by caller preconditions.
unsafe { bindings::single_open(file, Some(writer_act::<T>), data) }
}
/// Prints private data stashed in a seq_file to that seq file.
///
/// # Safety
///
/// `seq` must point to a live `seq_file` whose private data is a valid pointer to a `T` which may
/// not have any unique references alias it during the call.
unsafe extern "C" fn writer_act<T: Writer + Sync>(
seq: *mut bindings::seq_file,
_: *mut c_void,
) -> c_int {
// SAFETY: By caller precondition, this pointer is valid pointer to a `T`, and
// there are not and will not be any unique references until we are done.
let data = unsafe { &*((*seq).private.cast::<T>()) };
// SAFETY: By caller precondition, `seq_file` points to a live `seq_file`, so we can lift
// it.
let seq_file = unsafe { SeqFile::from_raw(seq) };
seq_print!(seq_file, "{}", WriterAdapter(data));
0
}
// Work around lack of generic const items.
pub(crate) trait ReadFile<T> {
const FILE_OPS: FileOps<T>;
}
impl<T: Writer + Sync> ReadFile<T> for T {
const FILE_OPS: FileOps<T> = {
let operations = bindings::file_operations {
read: Some(bindings::seq_read),
llseek: Some(bindings::seq_lseek),
release: Some(bindings::single_release),
open: Some(writer_open::<Self>),
// SAFETY: `file_operations` supports zeroes in all fields.
..unsafe { core::mem::zeroed() }
};
// SAFETY: `operations` is all stock `seq_file` implementations except for `writer_open`.
// `open`'s only requirement beyond what is provided to all open functions is that the
// inode's data pointer must point to a `T` that will outlive it, which matches the
// `FileOps` requirements.
unsafe { FileOps::new(operations, 0o400) }
};
}
|
