base: define ioctls as consts rather than functions

For ioctl numbers that do not require any parameters, make ioctl_io_nr
and related macros generate a constant rather than a function with no
parameters. This makes the code that uses these constants more idiomatic
and also allows using the constants in match statements (see an example
in virtio/fs/passthrough.rs).

BUG=None
TEST=tools/dev_container tools/presubmit

Change-Id: Id52817528d770c5dbbe2ce7928c9f31a15c83d83
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5648647
Reviewed-by: Noah Gold <nkgold@google.com>
Reviewed-by: Frederick Mayle <fmayle@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
This commit is contained in:
Daniel Verkamp 2024-06-24 15:42:40 -07:00 committed by crosvm LUCI
parent 4d3a90a9a5
commit b06d296a1b
29 changed files with 316 additions and 352 deletions

View file

@ -26,15 +26,13 @@ macro_rules! ioctl_expr {
}; };
} }
/// Raw macro to declare a function that returns an ioctl number. /// Raw macro to declare a constant or a function that returns an ioctl number.
#[macro_export] #[macro_export]
macro_rules! ioctl_ioc_nr { macro_rules! ioctl_ioc_nr {
($name:ident, $dir:expr, $ty:expr, $nr:expr, $size:expr) => { ($name:ident, $dir:expr, $ty:expr, $nr:expr, $size:expr) => {
#[allow(non_snake_case)] #[allow(non_snake_case)]
/// Generates ioctl request number. /// Constant ioctl request number.
pub const fn $name() -> $crate::linux::IoctlNr { pub const $name: $crate::linux::IoctlNr = $crate::ioctl_expr!($dir, $ty, $nr, $size);
$crate::ioctl_expr!($dir, $ty, $nr, $size)
}
}; };
($name:ident, $dir:expr, $ty:expr, $nr:expr, $size:expr, $($v:ident),+) => { ($name:ident, $dir:expr, $ty:expr, $nr:expr, $size:expr, $($v:ident),+) => {
#[allow(non_snake_case)] #[allow(non_snake_case)]
@ -233,10 +231,10 @@ mod tests {
#[test] #[test]
fn ioctl_macros() { fn ioctl_macros() {
assert_eq!(0x0000af01, VHOST_SET_OWNER()); assert_eq!(0x0000af01, VHOST_SET_OWNER);
assert_eq!(0x800454cf, TUNGETFEATURES()); assert_eq!(0x800454cf, TUNGETFEATURES);
assert_eq!(0x400454d9, TUNSETQUEUE()); assert_eq!(0x400454d9, TUNSETQUEUE);
assert_eq!(0xc004af12, VHOST_GET_VRING_BASE()); assert_eq!(0xc004af12, VHOST_GET_VRING_BASE);
assert_eq!(0x80804522, EVIOCGBIT(2)); assert_eq!(0x80804522, EVIOCGBIT(2));
assert_eq!(0x00004509, FAKE_IOCTL_2_ARG(3, 5)); assert_eq!(0x00004509, FAKE_IOCTL_2_ARG(3, 5));

View file

@ -263,7 +263,7 @@ pub fn discard_block<F: AsRawDescriptor>(file: &F, offset: u64, len: u64) -> Res
// - ioctl(BLKDISCARD) does not hold the descriptor after the call. // - ioctl(BLKDISCARD) does not hold the descriptor after the call.
// - ioctl(BLKDISCARD) does not break the file descriptor. // - ioctl(BLKDISCARD) does not break the file descriptor.
// - ioctl(BLKDISCARD) does not modify the given range. // - ioctl(BLKDISCARD) does not modify the given range.
syscall!(unsafe { libc::ioctl(file.as_raw_descriptor(), BLKDISCARD(), &range) }).map(|_| ()) syscall!(unsafe { libc::ioctl(file.as_raw_descriptor(), BLKDISCARD, &range) }).map(|_| ())
} }
/// A trait used to abstract types that provide a process id that can be operated on. /// A trait used to abstract types that provide a process id that can be operated on.

View file

@ -12,7 +12,6 @@ use std::ptr::null_mut;
use winapi::um::errhandlingapi::GetLastError; use winapi::um::errhandlingapi::GetLastError;
use winapi::um::ioapiset::DeviceIoControl; use winapi::um::ioapiset::DeviceIoControl;
pub use winapi::um::winioctl::CTL_CODE;
pub use winapi::um::winioctl::FILE_ANY_ACCESS; pub use winapi::um::winioctl::FILE_ANY_ACCESS;
pub use winapi::um::winioctl::METHOD_BUFFERED; pub use winapi::um::winioctl::METHOD_BUFFERED;
@ -29,7 +28,7 @@ macro_rules! device_io_control_expr {
// just use that for now. However, we may need to support more // just use that for now. However, we may need to support more
// options later. // options later.
($dtype:expr, $code:expr) => { ($dtype:expr, $code:expr) => {
$crate::windows::CTL_CODE( $crate::windows::ctl_code(
$dtype, $dtype,
$code, $code,
$crate::windows::METHOD_BUFFERED, $crate::windows::METHOD_BUFFERED,
@ -43,9 +42,7 @@ macro_rules! device_io_control_expr {
macro_rules! ioctl_ioc_nr { macro_rules! ioctl_ioc_nr {
($name:ident, $dtype:expr, $code:expr) => { ($name:ident, $dtype:expr, $code:expr) => {
#[allow(non_snake_case)] #[allow(non_snake_case)]
pub fn $name() -> ::std::os::raw::c_ulong { pub const $name: ::std::os::raw::c_ulong = $crate::device_io_control_expr!($dtype, $code);
$crate::device_io_control_expr!($dtype, $code)
}
}; };
($name:ident, $dtype:expr, $code:expr, $($v:ident),+) => { ($name:ident, $dtype:expr, $code:expr, $($v:ident),+) => {
#[allow(non_snake_case)] #[allow(non_snake_case)]
@ -128,6 +125,14 @@ macro_rules! ioctl_iowr_nr {
pub type IoctlNr = c_ulong; pub type IoctlNr = c_ulong;
/// Constructs an I/O control code.
///
/// Shifts control code components into the appropriate bitfield locations:
/// <https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/defining-i-o-control-codes>
pub const fn ctl_code(device_type: u32, function: u32, method: u32, access: u32) -> IoctlNr {
(device_type << 16) | (access << 14) | (function << 2) | method
}
/// Run an ioctl with no arguments. /// Run an ioctl with no arguments.
// (colindr) b/144457461 : This will probably not be used on windows. // (colindr) b/144457461 : This will probably not be used on windows.
// It's only used on linux for the ioctls that override the exit code to // It's only used on linux for the ioctls that override the exit code to

View file

@ -107,14 +107,14 @@ impl KvmKernelIrqChip {
// SAFETY: // SAFETY:
// Safe because we allocated the struct that's being passed in // Safe because we allocated the struct that's being passed in
let ret = unsafe { ioctl_with_ref(&vgic, KVM_SET_DEVICE_ATTR(), &cpu_redist_attr) }; let ret = unsafe { ioctl_with_ref(&vgic, KVM_SET_DEVICE_ATTR, &cpu_redist_attr) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
// SAFETY: // SAFETY:
// Safe because we allocated the struct that's being passed in // Safe because we allocated the struct that's being passed in
let ret = unsafe { ioctl_with_ref(&vgic, KVM_SET_DEVICE_ATTR(), &dist_attr) }; let ret = unsafe { ioctl_with_ref(&vgic, KVM_SET_DEVICE_ATTR, &dist_attr) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -130,7 +130,7 @@ impl KvmKernelIrqChip {
}; };
// SAFETY: // SAFETY:
// Safe because we allocated the struct that's being passed in // Safe because we allocated the struct that's being passed in
let ret = unsafe { ioctl_with_ref(&vgic, KVM_SET_DEVICE_ATTR(), &nr_irqs_attr) }; let ret = unsafe { ioctl_with_ref(&vgic, KVM_SET_DEVICE_ATTR, &nr_irqs_attr) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -183,7 +183,7 @@ impl IrqChipAArch64 for KvmKernelIrqChip {
// SAFETY: // SAFETY:
// Safe because we allocated the struct that's being passed in // Safe because we allocated the struct that's being passed in
let ret = unsafe { ioctl_with_ref(&self.vgic, KVM_SET_DEVICE_ATTR(), &init_gic_attr) }; let ret = unsafe { ioctl_with_ref(&self.vgic, KVM_SET_DEVICE_ATTR, &init_gic_attr) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }

View file

@ -81,7 +81,7 @@ impl AiaDescriptor {
// Safe because we allocated the struct that's being passed in, and raw_aia_mode is pointing // Safe because we allocated the struct that's being passed in, and raw_aia_mode is pointing
// to a uniquely owned local, mutable variable. // to a uniquely owned local, mutable variable.
let ret = unsafe { ioctl_with_ref(self, KVM_SET_DEVICE_ATTR(), &init_attr) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_DEVICE_ATTR, &init_attr) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -101,7 +101,7 @@ impl AiaDescriptor {
// Safe because we allocated the struct that's being passed in, and raw_num_ids is pointing // Safe because we allocated the struct that's being passed in, and raw_num_ids is pointing
// to a uniquely owned local, mutable variable. // to a uniquely owned local, mutable variable.
let ret = unsafe { ioctl_with_ref(self, KVM_GET_DEVICE_ATTR(), &aia_num_ids_attr) }; let ret = unsafe { ioctl_with_ref(self, KVM_GET_DEVICE_ATTR, &aia_num_ids_attr) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -119,7 +119,7 @@ impl AiaDescriptor {
}; };
// Safe because we allocated the struct that's being passed in, and raw_aia_mode is pointing // Safe because we allocated the struct that's being passed in, and raw_aia_mode is pointing
// to a uniquely owned local, mutable variable. // to a uniquely owned local, mutable variable.
let ret = unsafe { ioctl_with_ref(self, KVM_GET_DEVICE_ATTR(), &aia_mode_attr) }; let ret = unsafe { ioctl_with_ref(self, KVM_GET_DEVICE_ATTR, &aia_mode_attr) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -136,7 +136,7 @@ impl AiaDescriptor {
}; };
// Safe because we allocated the struct that's being passed in, and raw_aia_mode is pointing // Safe because we allocated the struct that's being passed in, and raw_aia_mode is pointing
// to a uniquely owned local, mutable variable. // to a uniquely owned local, mutable variable.
let ret = unsafe { ioctl_with_ref(self, KVM_SET_DEVICE_ATTR(), &kvm_attr) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_DEVICE_ATTR, &kvm_attr) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -153,7 +153,7 @@ impl AiaDescriptor {
}; };
// Safe because we allocated the struct that's being passed in, and raw_aia_mode is pointing // Safe because we allocated the struct that's being passed in, and raw_aia_mode is pointing
// to a uniquely owned local, mutable variable. // to a uniquely owned local, mutable variable.
let ret = unsafe { ioctl_with_ref(self, KVM_SET_DEVICE_ATTR(), &kvm_attr) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_DEVICE_ATTR, &kvm_attr) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -172,7 +172,7 @@ impl AiaDescriptor {
}; };
// Safe because we allocated the struct that's being passed in, and raw_aplic_addr is // Safe because we allocated the struct that's being passed in, and raw_aplic_addr is
// pointing to a uniquely owned local, mutable variable. // pointing to a uniquely owned local, mutable variable.
let ret = unsafe { ioctl_with_ref(self, KVM_SET_DEVICE_ATTR(), &kvm_attr) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_DEVICE_ATTR, &kvm_attr) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -187,7 +187,7 @@ impl AiaDescriptor {
}; };
// Safe because we allocated the struct that's being passed in, and raw_imsic_addr is // Safe because we allocated the struct that's being passed in, and raw_imsic_addr is
// pointing to a uniquely owned local, mutable variable. // pointing to a uniquely owned local, mutable variable.
let ret = unsafe { ioctl_with_ref(self, KVM_SET_DEVICE_ATTR(), &kvm_attr) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_DEVICE_ATTR, &kvm_attr) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }

View file

@ -35,7 +35,7 @@ pub fn verify_is_fido_device(hidraw: &File) -> Result<()> {
unsafe { unsafe {
let ret = handle_eintr_errno!(base::ioctl_with_mut_ref( let ret = handle_eintr_errno!(base::ioctl_with_mut_ref(
hidraw, hidraw,
HIDIOCGRDESCSIZE(), HIDIOCGRDESCSIZE,
&mut desc_size &mut desc_size
)); ));
if ret < 0 || (desc_size as usize) < constants::HID_REPORT_DESC_HEADER.len() { if ret < 0 || (desc_size as usize) < constants::HID_REPORT_DESC_HEADER.len() {
@ -55,7 +55,7 @@ pub fn verify_is_fido_device(hidraw: &File) -> Result<()> {
unsafe { unsafe {
let ret = handle_eintr_errno!(base::ioctl_with_mut_ref( let ret = handle_eintr_errno!(base::ioctl_with_mut_ref(
hidraw, hidraw,
HIDIOCGRDESC(), HIDIOCGRDESC,
&mut descriptor &mut descriptor
)); ));
if ret < 0 { if ret < 0 {

View file

@ -219,13 +219,8 @@ impl KvmVfioPviommu {
// SAFETY: // SAFETY:
// Safe as we are the owner of vfio_dev_attr, which is valid. // Safe as we are the owner of vfio_dev_attr, which is valid.
let ret = unsafe { let ret =
ioctl_with_ref( unsafe { ioctl_with_ref(kvm_vfio_file, kvm_sys::KVM_SET_DEVICE_ATTR, &vfio_dev_attr) };
kvm_vfio_file,
kvm_sys::KVM_SET_DEVICE_ATTR(),
&vfio_dev_attr,
)
};
if ret < 0 { if ret < 0 {
Err(VfioError::KvmSetDeviceAttr(get_error())) Err(VfioError::KvmSetDeviceAttr(get_error()))
@ -283,13 +278,8 @@ impl KvmVfioPviommu {
// SAFETY: // SAFETY:
// Safe as we are the owner of vfio_dev_attr, which is valid. // Safe as we are the owner of vfio_dev_attr, which is valid.
let ret = unsafe { let ret =
ioctl_with_ref( unsafe { ioctl_with_ref(kvm_vfio_file, kvm_sys::KVM_SET_DEVICE_ATTR, &vfio_dev_attr) };
kvm_vfio_file,
kvm_sys::KVM_SET_DEVICE_ATTR(),
&vfio_dev_attr,
)
};
if ret < 0 { if ret < 0 {
Err(VfioError::KvmSetDeviceAttr(get_error())) Err(VfioError::KvmSetDeviceAttr(get_error()))
@ -348,7 +338,7 @@ impl VfioContainer {
pub fn new_from_container(container: File) -> Result<Self> { pub fn new_from_container(container: File) -> Result<Self> {
// SAFETY: // SAFETY:
// Safe as file is vfio container descriptor and ioctl is defined by kernel. // Safe as file is vfio container descriptor and ioctl is defined by kernel.
let version = unsafe { ioctl(&container, VFIO_GET_API_VERSION()) }; let version = unsafe { ioctl(&container, VFIO_GET_API_VERSION) };
if version as u8 != VFIO_API_VERSION { if version as u8 != VFIO_API_VERSION {
return Err(VfioError::VfioApiVersion); return Err(VfioError::VfioApiVersion);
} }
@ -367,14 +357,14 @@ impl VfioContainer {
fn check_extension(&self, val: IommuType) -> bool { fn check_extension(&self, val: IommuType) -> bool {
// SAFETY: // SAFETY:
// Safe as file is vfio container and make sure val is valid. // Safe as file is vfio container and make sure val is valid.
let ret = unsafe { ioctl_with_val(self, VFIO_CHECK_EXTENSION(), val as c_ulong) }; let ret = unsafe { ioctl_with_val(self, VFIO_CHECK_EXTENSION, val as c_ulong) };
ret != 0 ret != 0
} }
fn set_iommu(&mut self, val: IommuType) -> i32 { fn set_iommu(&mut self, val: IommuType) -> i32 {
// SAFETY: // SAFETY:
// Safe as file is vfio container and make sure val is valid. // Safe as file is vfio container and make sure val is valid.
unsafe { ioctl_with_val(self, VFIO_SET_IOMMU(), val as c_ulong) } unsafe { ioctl_with_val(self, VFIO_SET_IOMMU, val as c_ulong) }
} }
fn set_iommu_checked(&mut self, val: IommuType) -> Result<()> { fn set_iommu_checked(&mut self, val: IommuType) -> Result<()> {
@ -431,7 +421,7 @@ impl VfioContainer {
dma_map.flags |= VFIO_DMA_MAP_FLAG_WRITE; dma_map.flags |= VFIO_DMA_MAP_FLAG_WRITE;
} }
let ret = ioctl_with_ref(self, VFIO_IOMMU_MAP_DMA(), &dma_map); let ret = ioctl_with_ref(self, VFIO_IOMMU_MAP_DMA, &dma_map);
if ret != 0 { if ret != 0 {
return Err(VfioError::IommuDmaMap(get_error())); return Err(VfioError::IommuDmaMap(get_error()));
} }
@ -463,7 +453,7 @@ impl VfioContainer {
// SAFETY: // SAFETY:
// Safe as file is vfio container, dma_unmap is constructed by us, and // Safe as file is vfio container, dma_unmap is constructed by us, and
// we check the return value // we check the return value
let ret = unsafe { ioctl_with_mut_ref(self, VFIO_IOMMU_UNMAP_DMA(), &mut dma_unmap) }; let ret = unsafe { ioctl_with_mut_ref(self, VFIO_IOMMU_UNMAP_DMA, &mut dma_unmap) };
if ret != 0 || dma_unmap.size != size { if ret != 0 || dma_unmap.size != size {
return Err(VfioError::IommuDmaUnmap(get_error())); return Err(VfioError::IommuDmaUnmap(get_error()));
} }
@ -494,7 +484,7 @@ impl VfioContainer {
// SAFETY: // SAFETY:
// Safe as file is vfio container, iommu_info has valid values, // Safe as file is vfio container, iommu_info has valid values,
// and we check the return value // and we check the return value
let ret = unsafe { ioctl_with_mut_ref(self, VFIO_IOMMU_GET_INFO(), &mut iommu_info) }; let ret = unsafe { ioctl_with_mut_ref(self, VFIO_IOMMU_GET_INFO, &mut iommu_info) };
if ret != 0 || (iommu_info.flags & VFIO_IOMMU_INFO_PGSIZES) == 0 { if ret != 0 || (iommu_info.flags & VFIO_IOMMU_INFO_PGSIZES) == 0 {
return Err(VfioError::IommuGetInfo(get_error())); return Err(VfioError::IommuGetInfo(get_error()));
} }
@ -526,7 +516,7 @@ impl VfioContainer {
// SAFETY: // SAFETY:
// Safe as file is vfio container, iommu_info_argsz has valid values, // Safe as file is vfio container, iommu_info_argsz has valid values,
// and we check the return value // and we check the return value
let ret = unsafe { ioctl_with_mut_ref(self, VFIO_IOMMU_GET_INFO(), &mut iommu_info_argsz) }; let ret = unsafe { ioctl_with_mut_ref(self, VFIO_IOMMU_GET_INFO, &mut iommu_info_argsz) };
if ret != 0 { if ret != 0 {
return Err(VfioError::IommuGetInfo(get_error())); return Err(VfioError::IommuGetInfo(get_error()));
} }
@ -543,7 +533,7 @@ impl VfioContainer {
// SAFETY: // SAFETY:
// Safe as file is vfio container, iommu_info has valid values, // Safe as file is vfio container, iommu_info has valid values,
// and we check the return value // and we check the return value
unsafe { ioctl_with_mut_ptr(self, VFIO_IOMMU_GET_INFO(), iommu_info.as_mut_ptr()) }; unsafe { ioctl_with_mut_ptr(self, VFIO_IOMMU_GET_INFO, iommu_info.as_mut_ptr()) };
if ret != 0 { if ret != 0 {
return Err(VfioError::IommuGetInfo(get_error())); return Err(VfioError::IommuGetInfo(get_error()));
} }
@ -745,7 +735,7 @@ impl VfioGroup {
let mut ret = let mut ret =
// SAFETY: // SAFETY:
// Safe as we are the owner of group_file and group_status which are valid value. // Safe as we are the owner of group_file and group_status which are valid value.
unsafe { ioctl_with_mut_ref(&group_file, VFIO_GROUP_GET_STATUS(), &mut group_status) }; unsafe { ioctl_with_mut_ref(&group_file, VFIO_GROUP_GET_STATUS, &mut group_status) };
if ret < 0 { if ret < 0 {
return Err(VfioError::GetGroupStatus(get_error())); return Err(VfioError::GetGroupStatus(get_error()));
} }
@ -761,7 +751,7 @@ impl VfioGroup {
ret = unsafe { ret = unsafe {
ioctl_with_ref( ioctl_with_ref(
&group_file, &group_file,
VFIO_GROUP_SET_CONTAINER(), VFIO_GROUP_SET_CONTAINER,
&container_raw_descriptor, &container_raw_descriptor,
) )
}; };
@ -817,11 +807,7 @@ impl VfioGroup {
// Safe as we are the owner of vfio_dev_descriptor and vfio_dev_attr which are valid value, // Safe as we are the owner of vfio_dev_descriptor and vfio_dev_attr which are valid value,
// and we verify the return value. // and we verify the return value.
if 0 != unsafe { if 0 != unsafe {
ioctl_with_ref( ioctl_with_ref(kvm_vfio_file, kvm_sys::KVM_SET_DEVICE_ATTR, &vfio_dev_attr)
kvm_vfio_file,
kvm_sys::KVM_SET_DEVICE_ATTR(),
&vfio_dev_attr,
)
} { } {
return Err(VfioError::KvmSetDeviceAttr(get_error())); return Err(VfioError::KvmSetDeviceAttr(get_error()));
} }
@ -835,7 +821,7 @@ impl VfioGroup {
// SAFETY: // SAFETY:
// Safe as we are the owner of self and path_ptr which are valid value. // Safe as we are the owner of self and path_ptr which are valid value.
let ret = unsafe { ioctl_with_ptr(self, VFIO_GROUP_GET_DEVICE_FD(), path_ptr) }; let ret = unsafe { ioctl_with_ptr(self, VFIO_GROUP_GET_DEVICE_FD, path_ptr) };
if ret < 0 { if ret < 0 {
return Err(VfioError::GroupGetDeviceFD(get_error())); return Err(VfioError::GroupGetDeviceFD(get_error()));
} }
@ -1168,7 +1154,7 @@ impl VfioDevice {
device_feature[0].flags = VFIO_DEVICE_FEATURE_SET | VFIO_DEVICE_FEATURE_LOW_POWER_ENTRY; device_feature[0].flags = VFIO_DEVICE_FEATURE_SET | VFIO_DEVICE_FEATURE_LOW_POWER_ENTRY;
// SAFETY: // SAFETY:
// Safe as we are the owner of self and power_management which are valid value // Safe as we are the owner of self and power_management which are valid value
let ret = unsafe { ioctl_with_ref(&self.dev, VFIO_DEVICE_FEATURE(), &device_feature[0]) }; let ret = unsafe { ioctl_with_ref(&self.dev, VFIO_DEVICE_FEATURE, &device_feature[0]) };
if ret < 0 { if ret < 0 {
Err(VfioError::VfioPmLowPowerEnter(get_error())) Err(VfioError::VfioPmLowPowerEnter(get_error()))
} else { } else {
@ -1200,7 +1186,7 @@ impl VfioDevice {
} }
// SAFETY: // SAFETY:
// Safe as we are the owner of self and power_management which are valid value // Safe as we are the owner of self and power_management which are valid value
let ret = unsafe { ioctl_with_ref(&self.dev, VFIO_DEVICE_FEATURE(), &device_feature[0]) }; let ret = unsafe { ioctl_with_ref(&self.dev, VFIO_DEVICE_FEATURE, &device_feature[0]) };
if ret < 0 { if ret < 0 {
Err(VfioError::VfioPmLowPowerEnter(get_error())) Err(VfioError::VfioPmLowPowerEnter(get_error()))
} else { } else {
@ -1215,7 +1201,7 @@ impl VfioDevice {
device_feature[0].flags = VFIO_DEVICE_FEATURE_SET | VFIO_DEVICE_FEATURE_LOW_POWER_EXIT; device_feature[0].flags = VFIO_DEVICE_FEATURE_SET | VFIO_DEVICE_FEATURE_LOW_POWER_EXIT;
// SAFETY: // SAFETY:
// Safe as we are the owner of self and power_management which are valid value // Safe as we are the owner of self and power_management which are valid value
let ret = unsafe { ioctl_with_ref(&self.dev, VFIO_DEVICE_FEATURE(), &device_feature[0]) }; let ret = unsafe { ioctl_with_ref(&self.dev, VFIO_DEVICE_FEATURE, &device_feature[0]) };
if ret < 0 { if ret < 0 {
Err(VfioError::VfioPmLowPowerExit(get_error())) Err(VfioError::VfioPmLowPowerExit(get_error()))
} else { } else {
@ -1236,7 +1222,7 @@ impl VfioDevice {
} }
// SAFETY: // SAFETY:
// Safe as we are the owner of self and dsm which are valid value // Safe as we are the owner of self and dsm which are valid value
let ret = unsafe { ioctl_with_mut_ref(&self.dev, VFIO_DEVICE_ACPI_DSM(), &mut dsm[0]) }; let ret = unsafe { ioctl_with_mut_ref(&self.dev, VFIO_DEVICE_ACPI_DSM, &mut dsm[0]) };
if ret < 0 { if ret < 0 {
Err(VfioError::VfioAcpiDsm(get_error())) Err(VfioError::VfioAcpiDsm(get_error()))
} else { } else {
@ -1270,7 +1256,7 @@ impl VfioDevice {
// SAFETY: // SAFETY:
// Safe as we are the owner of self and irq_set which are valid value // Safe as we are the owner of self and irq_set which are valid value
let ret = unsafe { ioctl_with_ref(&self.dev, VFIO_DEVICE_SET_IRQS(), &irq_set[0]) }; let ret = unsafe { ioctl_with_ref(&self.dev, VFIO_DEVICE_SET_IRQS, &irq_set[0]) };
if ret < 0 { if ret < 0 {
Err(VfioError::VfioAcpiNotificationEnable(get_error())) Err(VfioError::VfioAcpiNotificationEnable(get_error()))
} else { } else {
@ -1289,7 +1275,7 @@ impl VfioDevice {
// SAFETY: // SAFETY:
// Safe as we are the owner of self and irq_set which are valid value // Safe as we are the owner of self and irq_set which are valid value
let ret = unsafe { ioctl_with_ref(&self.dev, VFIO_DEVICE_SET_IRQS(), &irq_set[0]) }; let ret = unsafe { ioctl_with_ref(&self.dev, VFIO_DEVICE_SET_IRQS, &irq_set[0]) };
if ret < 0 { if ret < 0 {
Err(VfioError::VfioAcpiNotificationDisable(get_error())) Err(VfioError::VfioAcpiNotificationDisable(get_error()))
} else { } else {
@ -1316,7 +1302,7 @@ impl VfioDevice {
// SAFETY: // SAFETY:
// Safe as we are the owner of self and irq_set which are valid value // Safe as we are the owner of self and irq_set which are valid value
let ret = unsafe { ioctl_with_ref(&self.dev, VFIO_DEVICE_SET_IRQS(), &irq_set[0]) }; let ret = unsafe { ioctl_with_ref(&self.dev, VFIO_DEVICE_SET_IRQS, &irq_set[0]) };
if ret < 0 { if ret < 0 {
Err(VfioError::VfioAcpiNotificationTest(get_error())) Err(VfioError::VfioAcpiNotificationTest(get_error()))
} else { } else {
@ -1363,7 +1349,7 @@ impl VfioDevice {
// SAFETY: // SAFETY:
// Safe as we are the owner of self and irq_set which are valid value // Safe as we are the owner of self and irq_set which are valid value
let ret = unsafe { ioctl_with_ref(&self.dev, VFIO_DEVICE_SET_IRQS(), &irq_set[0]) }; let ret = unsafe { ioctl_with_ref(&self.dev, VFIO_DEVICE_SET_IRQS, &irq_set[0]) };
if ret < 0 { if ret < 0 {
Err(VfioError::VfioIrqEnable(get_error())) Err(VfioError::VfioIrqEnable(get_error()))
} else { } else {
@ -1400,7 +1386,7 @@ impl VfioDevice {
// SAFETY: // SAFETY:
// Safe as we are the owner of self and irq_set which are valid value // Safe as we are the owner of self and irq_set which are valid value
let ret = unsafe { ioctl_with_ref(&self.dev, VFIO_DEVICE_SET_IRQS(), &irq_set[0]) }; let ret = unsafe { ioctl_with_ref(&self.dev, VFIO_DEVICE_SET_IRQS, &irq_set[0]) };
if ret < 0 { if ret < 0 {
Err(VfioError::VfioIrqEnable(get_error())) Err(VfioError::VfioIrqEnable(get_error()))
} else { } else {
@ -1419,7 +1405,7 @@ impl VfioDevice {
// SAFETY: // SAFETY:
// Safe as we are the owner of self and irq_set which are valid value // Safe as we are the owner of self and irq_set which are valid value
let ret = unsafe { ioctl_with_ref(&self.dev, VFIO_DEVICE_SET_IRQS(), &irq_set[0]) }; let ret = unsafe { ioctl_with_ref(&self.dev, VFIO_DEVICE_SET_IRQS, &irq_set[0]) };
if ret < 0 { if ret < 0 {
Err(VfioError::VfioIrqDisable(get_error())) Err(VfioError::VfioIrqDisable(get_error()))
} else { } else {
@ -1438,7 +1424,7 @@ impl VfioDevice {
// SAFETY: // SAFETY:
// Safe as we are the owner of self and irq_set which are valid value // Safe as we are the owner of self and irq_set which are valid value
let ret = unsafe { ioctl_with_ref(&self.dev, VFIO_DEVICE_SET_IRQS(), &irq_set[0]) }; let ret = unsafe { ioctl_with_ref(&self.dev, VFIO_DEVICE_SET_IRQS, &irq_set[0]) };
if ret < 0 { if ret < 0 {
Err(VfioError::VfioIrqUnmask(get_error())) Err(VfioError::VfioIrqUnmask(get_error()))
} else { } else {
@ -1457,7 +1443,7 @@ impl VfioDevice {
// SAFETY: // SAFETY:
// Safe as we are the owner of self and irq_set which are valid value // Safe as we are the owner of self and irq_set which are valid value
let ret = unsafe { ioctl_with_ref(&self.dev, VFIO_DEVICE_SET_IRQS(), &irq_set[0]) }; let ret = unsafe { ioctl_with_ref(&self.dev, VFIO_DEVICE_SET_IRQS, &irq_set[0]) };
if ret < 0 { if ret < 0 {
Err(VfioError::VfioIrqMask(get_error())) Err(VfioError::VfioIrqMask(get_error()))
} else { } else {
@ -1478,7 +1464,7 @@ impl VfioDevice {
// SAFETY: // SAFETY:
// Safe as we are the owner of device_file and dev_info which are valid value, // Safe as we are the owner of device_file and dev_info which are valid value,
// and we verify the return value. // and we verify the return value.
let ret = unsafe { ioctl_with_mut_ref(device_file, VFIO_DEVICE_GET_INFO(), &mut dev_info) }; let ret = unsafe { ioctl_with_mut_ref(device_file, VFIO_DEVICE_GET_INFO, &mut dev_info) };
if ret < 0 { if ret < 0 {
return Err(VfioError::VfioDeviceGetInfo(get_error())); return Err(VfioError::VfioDeviceGetInfo(get_error()));
} }
@ -1517,11 +1503,7 @@ impl VfioDevice {
// Safe as we are the owner of dev and irq_info which are valid value, // Safe as we are the owner of dev and irq_info which are valid value,
// and we verify the return value. // and we verify the return value.
let ret = unsafe { let ret = unsafe {
ioctl_with_mut_ref( ioctl_with_mut_ref(self.device_file(), VFIO_DEVICE_GET_IRQ_INFO, &mut irq_info)
self.device_file(),
VFIO_DEVICE_GET_IRQ_INFO(),
&mut irq_info,
)
}; };
if ret < 0 || irq_info.count != 1 { if ret < 0 || irq_info.count != 1 {
return Err(VfioError::VfioDeviceGetInfo(get_error())); return Err(VfioError::VfioDeviceGetInfo(get_error()));
@ -1553,7 +1535,7 @@ impl VfioDevice {
// SAFETY: // SAFETY:
// Safe as we are the owner of dev and reg_info which are valid value, // Safe as we are the owner of dev and reg_info which are valid value,
// and we verify the return value. // and we verify the return value.
unsafe { ioctl_with_mut_ref(dev, VFIO_DEVICE_GET_REGION_INFO(), &mut reg_info) }; unsafe { ioctl_with_mut_ref(dev, VFIO_DEVICE_GET_REGION_INFO, &mut reg_info) };
if ret < 0 { if ret < 0 {
continue; continue;
} }
@ -1576,7 +1558,7 @@ impl VfioDevice {
let ret = unsafe { let ret = unsafe {
ioctl_with_mut_ref( ioctl_with_mut_ref(
dev, dev,
VFIO_DEVICE_GET_REGION_INFO(), VFIO_DEVICE_GET_REGION_INFO,
&mut (region_with_cap[0].region_info), &mut (region_with_cap[0].region_info),
) )
}; };

View file

@ -41,6 +41,7 @@ use base::unix::FileFlags;
use base::warn; use base::warn;
use base::AsRawDescriptor; use base::AsRawDescriptor;
use base::FromRawDescriptor; use base::FromRawDescriptor;
use base::IoctlNr;
use base::Protection; use base::Protection;
use base::RawDescriptor; use base::RawDescriptor;
use fuse::filesystem::Context; use fuse::filesystem::Context;
@ -1317,7 +1318,7 @@ impl PassthroughFs {
let res = let res =
// SAFETY: the kernel will only write to `arg` and we check the return value. // SAFETY: the kernel will only write to `arg` and we check the return value.
unsafe { ioctl_with_mut_ptr(&*data, FS_IOC_GET_ENCRYPTION_POLICY_EX(), &mut arg) }; unsafe { ioctl_with_mut_ptr(&*data, FS_IOC_GET_ENCRYPTION_POLICY_EX, &mut arg) };
if res < 0 { if res < 0 {
Ok(IoctlReply::Done(Err(io::Error::last_os_error()))) Ok(IoctlReply::Done(Err(io::Error::last_os_error())))
} else { } else {
@ -1336,7 +1337,7 @@ impl PassthroughFs {
let mut buf = MaybeUninit::<fsxattr>::zeroed(); let mut buf = MaybeUninit::<fsxattr>::zeroed();
// SAFETY: the kernel will only write to `buf` and we check the return value. // SAFETY: the kernel will only write to `buf` and we check the return value.
let res = unsafe { ioctl_with_mut_ptr(&*data, FS_IOC_FSGETXATTR(), buf.as_mut_ptr()) }; let res = unsafe { ioctl_with_mut_ptr(&*data, FS_IOC_FSGETXATTR, buf.as_mut_ptr()) };
if res < 0 { if res < 0 {
Ok(IoctlReply::Done(Err(io::Error::last_os_error()))) Ok(IoctlReply::Done(Err(io::Error::last_os_error())))
} else { } else {
@ -1372,7 +1373,7 @@ impl PassthroughFs {
// Get the current fsxattr. // Get the current fsxattr.
let mut buf = MaybeUninit::<fsxattr>::zeroed(); let mut buf = MaybeUninit::<fsxattr>::zeroed();
// SAFETY: the kernel will only write to `buf` and we check the return value. // SAFETY: the kernel will only write to `buf` and we check the return value.
let res = unsafe { ioctl_with_mut_ptr(&*data, FS_IOC_FSGETXATTR(), buf.as_mut_ptr()) }; let res = unsafe { ioctl_with_mut_ptr(&*data, FS_IOC_FSGETXATTR, buf.as_mut_ptr()) };
if res < 0 { if res < 0 {
return Ok(IoctlReply::Done(Err(io::Error::last_os_error()))); return Ok(IoctlReply::Done(Err(io::Error::last_os_error())));
} }
@ -1411,7 +1412,7 @@ impl PassthroughFs {
} }
// SAFETY: this doesn't modify any memory and we check the return value. // SAFETY: this doesn't modify any memory and we check the return value.
let res = unsafe { ioctl_with_ptr(&*data, FS_IOC_FSSETXATTR(), &in_attr) }; let res = unsafe { ioctl_with_ptr(&*data, FS_IOC_FSSETXATTR, &in_attr) };
if res < 0 { if res < 0 {
Ok(IoctlReply::Done(Err(io::Error::last_os_error()))) Ok(IoctlReply::Done(Err(io::Error::last_os_error())))
} else { } else {
@ -1430,7 +1431,7 @@ impl PassthroughFs {
let mut flags: c_int = 0; let mut flags: c_int = 0;
// SAFETY: the kernel will only write to `flags` and we check the return value. // SAFETY: the kernel will only write to `flags` and we check the return value.
let res = unsafe { ioctl_with_mut_ptr(&*data, FS_IOC_GETFLAGS(), &mut flags) }; let res = unsafe { ioctl_with_mut_ptr(&*data, FS_IOC_GETFLAGS, &mut flags) };
if res < 0 { if res < 0 {
Ok(IoctlReply::Done(Err(io::Error::last_os_error()))) Ok(IoctlReply::Done(Err(io::Error::last_os_error())))
} else { } else {
@ -1464,7 +1465,7 @@ impl PassthroughFs {
// Get the current flag. // Get the current flag.
let mut buf = MaybeUninit::<c_int>::zeroed(); let mut buf = MaybeUninit::<c_int>::zeroed();
// SAFETY: the kernel will only write to `buf` and we check the return value. // SAFETY: the kernel will only write to `buf` and we check the return value.
let res = unsafe { ioctl_with_mut_ptr(&*data, FS_IOC_GETFLAGS(), buf.as_mut_ptr()) }; let res = unsafe { ioctl_with_mut_ptr(&*data, FS_IOC_GETFLAGS, buf.as_mut_ptr()) };
if res < 0 { if res < 0 {
return Ok(IoctlReply::Done(Err(io::Error::last_os_error()))); return Ok(IoctlReply::Done(Err(io::Error::last_os_error())));
} }
@ -1502,7 +1503,7 @@ impl PassthroughFs {
} }
// SAFETY: this doesn't modify any memory and we check the return value. // SAFETY: this doesn't modify any memory and we check the return value.
let res = unsafe { ioctl_with_ptr(&*data, FS_IOC_SETFLAGS(), &in_flags) }; let res = unsafe { ioctl_with_ptr(&*data, FS_IOC_SETFLAGS, &in_flags) };
if res < 0 { if res < 0 {
Ok(IoctlReply::Done(Err(io::Error::last_os_error()))) Ok(IoctlReply::Done(Err(io::Error::last_os_error())))
} else { } else {
@ -1599,7 +1600,7 @@ impl PassthroughFs {
} }
// SAFETY: this doesn't modify any memory and we check the return value. // SAFETY: this doesn't modify any memory and we check the return value.
let res = unsafe { ioctl_with_ptr(&*data, FS_IOC_ENABLE_VERITY(), &arg) }; let res = unsafe { ioctl_with_ptr(&*data, FS_IOC_ENABLE_VERITY, &arg) };
if res < 0 { if res < 0 {
Ok(IoctlReply::Done(Err(io::Error::last_os_error()))) Ok(IoctlReply::Done(Err(io::Error::last_os_error())))
} else { } else {
@ -1643,7 +1644,7 @@ impl PassthroughFs {
}; };
// SAFETY: this will only modify `buf` and we check the return value. // SAFETY: this will only modify `buf` and we check the return value.
let res = unsafe { ioctl_with_mut_ptr(&*data, FS_IOC_MEASURE_VERITY(), buf.as_mut_ptr()) }; let res = unsafe { ioctl_with_mut_ptr(&*data, FS_IOC_MEASURE_VERITY, buf.as_mut_ptr()) };
if res < 0 { if res < 0 {
Ok(IoctlReply::Done(Err(io::Error::last_os_error()))) Ok(IoctlReply::Done(Err(io::Error::last_os_error())))
} else { } else {
@ -3173,60 +3174,44 @@ impl FileSystem for PassthroughFs {
) -> io::Result<IoctlReply> { ) -> io::Result<IoctlReply> {
let _trace = fs_trace!(self.tag, "ioctl", inode, handle, cmd, in_size, out_size); let _trace = fs_trace!(self.tag, "ioctl", inode, handle, cmd, in_size, out_size);
const GET_ENCRYPTION_POLICY_EX: u32 = FS_IOC_GET_ENCRYPTION_POLICY_EX() as u32; match cmd as IoctlNr {
const GET_FSXATTR: u32 = FS_IOC_FSGETXATTR() as u32; FS_IOC_GET_ENCRYPTION_POLICY_EX => self.get_encryption_policy_ex(inode, handle, r),
const SET_FSXATTR: u32 = FS_IOC_FSSETXATTR() as u32; FS_IOC_FSGETXATTR => {
const GET_FLAGS32: u32 = FS_IOC32_GETFLAGS() as u32;
const SET_FLAGS32: u32 = FS_IOC32_SETFLAGS() as u32;
const GET_FLAGS64: u32 = FS_IOC64_GETFLAGS() as u32;
const SET_FLAGS64: u32 = FS_IOC64_SETFLAGS() as u32;
const ENABLE_VERITY: u32 = FS_IOC_ENABLE_VERITY() as u32;
const MEASURE_VERITY: u32 = FS_IOC_MEASURE_VERITY() as u32;
// The following is ARCVM-specific ioctl
// Refer go/remove-mount-passthrough-fuse for more design details
#[cfg(feature = "arc_quota")]
const SET_PERMISSION: u32 = FS_IOC_SETPERMISSION() as u32;
#[cfg(feature = "arc_quota")]
const SETPATHXATTR: u32 = FS_IOC_SETPATHXATTR() as u32;
match cmd {
GET_ENCRYPTION_POLICY_EX => self.get_encryption_policy_ex(inode, handle, r),
GET_FSXATTR => {
if out_size < size_of::<fsxattr>() as u32 { if out_size < size_of::<fsxattr>() as u32 {
Err(io::Error::from_raw_os_error(libc::ENOMEM)) Err(io::Error::from_raw_os_error(libc::ENOMEM))
} else { } else {
self.get_fsxattr(inode, handle) self.get_fsxattr(inode, handle)
} }
} }
SET_FSXATTR => { FS_IOC_FSSETXATTR => {
if in_size < size_of::<fsxattr>() as u32 { if in_size < size_of::<fsxattr>() as u32 {
Err(io::Error::from_raw_os_error(libc::EINVAL)) Err(io::Error::from_raw_os_error(libc::EINVAL))
} else { } else {
self.set_fsxattr(ctx, inode, handle, r) self.set_fsxattr(ctx, inode, handle, r)
} }
} }
GET_FLAGS32 | GET_FLAGS64 => { FS_IOC32_GETFLAGS | FS_IOC64_GETFLAGS => {
if out_size < size_of::<c_int>() as u32 { if out_size < size_of::<c_int>() as u32 {
Err(io::Error::from_raw_os_error(libc::ENOMEM)) Err(io::Error::from_raw_os_error(libc::ENOMEM))
} else { } else {
self.get_flags(inode, handle) self.get_flags(inode, handle)
} }
} }
SET_FLAGS32 | SET_FLAGS64 => { FS_IOC32_SETFLAGS | FS_IOC64_SETFLAGS => {
if in_size < size_of::<c_int>() as u32 { if in_size < size_of::<c_int>() as u32 {
Err(io::Error::from_raw_os_error(libc::ENOMEM)) Err(io::Error::from_raw_os_error(libc::ENOMEM))
} else { } else {
self.set_flags(ctx, inode, handle, r) self.set_flags(ctx, inode, handle, r)
} }
} }
ENABLE_VERITY => { FS_IOC_ENABLE_VERITY => {
if in_size < size_of::<fsverity_enable_arg>() as u32 { if in_size < size_of::<fsverity_enable_arg>() as u32 {
Err(io::Error::from_raw_os_error(libc::ENOMEM)) Err(io::Error::from_raw_os_error(libc::ENOMEM))
} else { } else {
self.enable_verity(inode, handle, r) self.enable_verity(inode, handle, r)
} }
} }
MEASURE_VERITY => { FS_IOC_MEASURE_VERITY => {
if in_size < size_of::<fsverity_digest>() as u32 if in_size < size_of::<fsverity_digest>() as u32
|| out_size < size_of::<fsverity_digest>() as u32 || out_size < size_of::<fsverity_digest>() as u32
{ {
@ -3235,8 +3220,10 @@ impl FileSystem for PassthroughFs {
self.measure_verity(inode, handle, r, out_size) self.measure_verity(inode, handle, r, out_size)
} }
} }
// The following is ARCVM-specific ioctl
// Refer go/remove-mount-passthrough-fuse for more design details
#[cfg(feature = "arc_quota")] #[cfg(feature = "arc_quota")]
SET_PERMISSION => { FS_IOC_SETPERMISSION => {
if in_size == 0 { if in_size == 0 {
Err(io::Error::from_raw_os_error(libc::EINVAL)) Err(io::Error::from_raw_os_error(libc::EINVAL))
} else { } else {
@ -3244,7 +3231,7 @@ impl FileSystem for PassthroughFs {
} }
} }
#[cfg(feature = "arc_quota")] #[cfg(feature = "arc_quota")]
SETPATHXATTR => { FS_IOC_SETPATHXATTR => {
if in_size == 0 { if in_size == 0 {
Err(io::Error::from_raw_os_error(libc::EINVAL)) Err(io::Error::from_raw_os_error(libc::EINVAL))
} else { } else {

View file

@ -119,7 +119,7 @@ pub fn device_ids<T: AsRawDescriptor>(descriptor: &T) -> Result<virtio_input_dev
// SAFETY: // SAFETY:
// Safe because the kernel won't write more than size of evdev_id and we check the return // Safe because the kernel won't write more than size of evdev_id and we check the return
// value // value
unsafe { ioctl_with_mut_ref(descriptor, EVIOCGID(), &mut dev_id) } unsafe { ioctl_with_mut_ref(descriptor, EVIOCGID, &mut dev_id) }
}; };
if len < 0 { if len < 0 {
return Err(InputError::EvdevIdError(errno())); return Err(InputError::EvdevIdError(errno()));
@ -139,7 +139,7 @@ pub fn name<T: AsRawDescriptor>(descriptor: &T) -> Result<Vec<u8>> {
// SAFETY: // SAFETY:
// Safe because the kernel won't write more than size of evdev_buffer and we check the // Safe because the kernel won't write more than size of evdev_buffer and we check the
// return value // return value
unsafe { ioctl_with_mut_ref(descriptor, EVIOCGNAME(), &mut name) } unsafe { ioctl_with_mut_ref(descriptor, EVIOCGNAME, &mut name) }
}; };
if len < 0 { if len < 0 {
return Err(InputError::EvdevNameError(errno())); return Err(InputError::EvdevNameError(errno()));
@ -154,7 +154,7 @@ pub fn serial_name<T: AsRawDescriptor>(descriptor: &T) -> Result<Vec<u8>> {
// SAFETY: // SAFETY:
// Safe because the kernel won't write more than size of evdev_buffer and we check the // Safe because the kernel won't write more than size of evdev_buffer and we check the
// return value // return value
unsafe { ioctl_with_mut_ref(descriptor, EVIOCGUNIQ(), &mut uniq) } unsafe { ioctl_with_mut_ref(descriptor, EVIOCGUNIQ, &mut uniq) }
}; };
if len < 0 { if len < 0 {
return Err(InputError::EvdevSerialError(errno())); return Err(InputError::EvdevSerialError(errno()));
@ -169,7 +169,7 @@ pub fn properties<T: AsRawDescriptor>(descriptor: &T) -> Result<virtio_input_bit
// SAFETY: // SAFETY:
// Safe because the kernel won't write more than size of evdev_buffer and we check the // Safe because the kernel won't write more than size of evdev_buffer and we check the
// return value // return value
unsafe { ioctl_with_mut_ref(descriptor, EVIOCGPROP(), &mut props) } unsafe { ioctl_with_mut_ref(descriptor, EVIOCGPROP, &mut props) }
}; };
if len < 0 { if len < 0 {
return Err(InputError::EvdevPropertiesError(errno())); return Err(InputError::EvdevPropertiesError(errno()));
@ -245,7 +245,7 @@ pub fn grab_evdev<T: AsRawDescriptor>(descriptor: &mut T) -> Result<()> {
let ret = { let ret = {
// SAFETY: // SAFETY:
// Safe because the kernel only read the value of the ptr and we check the return value // Safe because the kernel only read the value of the ptr and we check the return value
unsafe { ioctl_with_ref(descriptor, EVIOCGRAB(), &val) } unsafe { ioctl_with_ref(descriptor, EVIOCGRAB, &val) }
}; };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
@ -259,7 +259,7 @@ pub fn ungrab_evdev<T: AsRawDescriptor>(descriptor: &mut T) -> Result<()> {
// SAFETY: // SAFETY:
// Safe because the kernel only reads the value of the ptr (doesn't dereference) and // Safe because the kernel only reads the value of the ptr (doesn't dereference) and
// we check the return value // we check the return value
unsafe { ioctl_with_ptr(descriptor, EVIOCGRAB(), null::<u32>()) } unsafe { ioctl_with_ptr(descriptor, EVIOCGRAB, null::<u32>()) }
}; };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())

View file

@ -234,7 +234,7 @@ fn is_fence(f: &File) -> bool {
let info = sync_file_info::default(); let info = sync_file_info::default();
// SAFETY: // SAFETY:
// Safe as f is a valid file // Safe as f is a valid file
unsafe { ioctl_with_ref(f, SYNC_IOC_FILE_INFO(), &info) == 0 } unsafe { ioctl_with_ref(f, SYNC_IOC_FILE_INFO, &info) == 0 }
} }
#[cfg(feature = "minigbm")] #[cfg(feature = "minigbm")]
@ -918,7 +918,7 @@ impl WlVfd {
}; };
// SAFETY: // SAFETY:
// Safe as descriptor is a valid dmabuf and incorrect flags will return an error. // Safe as descriptor is a valid dmabuf and incorrect flags will return an error.
if unsafe { ioctl_with_ref(descriptor, DMA_BUF_IOCTL_SYNC(), &sync) } < 0 { if unsafe { ioctl_with_ref(descriptor, DMA_BUF_IOCTL_SYNC, &sync) } < 0 {
return Err(WlError::DmabufSync(io::Error::last_os_error())); return Err(WlError::DmabufSync(io::Error::last_os_error()));
} }

View file

@ -49,7 +49,7 @@ fn setup_tap_device(tap_name: &[u8], ip_addr: Ipv4Addr, netmask: Ipv4Addr, mac_a
let tap = Tap::new_with_name(tap_name, true, false).unwrap(); let tap = Tap::new_with_name(tap_name, true, false).unwrap();
// SAFETY: // SAFETY:
// ioctl is safe since we call it with a valid tap fd and check the return value. // ioctl is safe since we call it with a valid tap fd and check the return value.
let ret = unsafe { ioctl_with_val(&tap, net_sys::TUNSETPERSIST(), 1) }; let ret = unsafe { ioctl_with_val(&tap, net_sys::TUNSETPERSIST, 1) };
if ret < 0 { if ret < 0 {
panic!("Failed to persist tap interface"); panic!("Failed to persist tap interface");
} }

View file

@ -82,13 +82,8 @@ impl Geniezone {
pub fn get_guest_phys_addr_bits(&self) -> u8 { pub fn get_guest_phys_addr_bits(&self) -> u8 {
// SAFETY: // SAFETY:
// Safe because we know self is a real geniezone fd // Safe because we know self is a real geniezone fd
match unsafe { match unsafe { ioctl_with_val(self, GZVM_CHECK_EXTENSION, GZVM_CAP_ARM_VM_IPA_SIZE.into()) }
ioctl_with_val( {
self,
GZVM_CHECK_EXTENSION(),
GZVM_CAP_ARM_VM_IPA_SIZE.into(),
)
} {
// Default physical address size is 40 bits if the extension is not supported. // Default physical address size is 40 bits if the extension is not supported.
ret if ret <= 0 => 40, ret if ret <= 0 => 40,
ipa => ipa as u8, ipa => ipa as u8,
@ -198,7 +193,7 @@ impl VmAArch64 for GeniezoneVm {
// SAFETY: // SAFETY:
// Safe because we allocated the struct and we know the kernel will modify exactly the size // Safe because we allocated the struct and we know the kernel will modify exactly the size
// of the struct. // of the struct.
let ret = unsafe { ioctl_with_ref(self, GZVM_SET_DTB_CONFIG(), &dtb_config) }; let ret = unsafe { ioctl_with_ref(self, GZVM_SET_DTB_CONFIG, &dtb_config) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -226,7 +221,7 @@ impl GeniezoneVcpu {
// SAFETY: // SAFETY:
// Safe because we allocated the struct and we know the kernel will read exactly the size of // Safe because we allocated the struct and we know the kernel will read exactly the size of
// the struct. // the struct.
let ret = unsafe { ioctl_with_ref(self, GZVM_SET_ONE_REG(), &onereg) }; let ret = unsafe { ioctl_with_ref(self, GZVM_SET_ONE_REG, &onereg) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -255,7 +250,7 @@ impl GeniezoneVcpu {
// SAFETY: // SAFETY:
// Safe because we allocated the struct and we know the kernel will read exactly the size of // Safe because we allocated the struct and we know the kernel will read exactly the size of
// the struct. // the struct.
let ret = unsafe { ioctl_with_ref(self, GZVM_GET_ONE_REG(), &onereg) }; let ret = unsafe { ioctl_with_ref(self, GZVM_GET_ONE_REG, &onereg) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -476,7 +471,7 @@ unsafe fn set_user_memory_region(
userspace_addr: userspace_addr as u64, userspace_addr: userspace_addr as u64,
}; };
let ret = ioctl_with_ref(descriptor, GZVM_SET_USER_MEMORY_REGION(), &region); let ret = ioctl_with_ref(descriptor, GZVM_SET_USER_MEMORY_REGION, &region);
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -575,7 +570,7 @@ impl GeniezoneVm {
// SAFETY: // SAFETY:
// Safe because we know gzvm is a real gzvm fd as this module is the only one that can make // Safe because we know gzvm is a real gzvm fd as this module is the only one that can make
// gzvm objects. // gzvm objects.
let ret = unsafe { ioctl(geniezone, GZVM_CREATE_VM()) }; let ret = unsafe { ioctl(geniezone, GZVM_CREATE_VM) };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
} }
@ -622,7 +617,7 @@ impl GeniezoneVm {
let fd = let fd =
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd and we verify the return result. // Safe because we know that our file is a VM fd and we verify the return result.
unsafe { ioctl_with_val(self, GZVM_CREATE_VCPU(), c_ulong::try_from(id).unwrap()) }; unsafe { ioctl_with_val(self, GZVM_CREATE_VCPU, c_ulong::try_from(id).unwrap()) };
if fd < 0 { if fd < 0 {
return errno_result(); return errno_result();
@ -652,7 +647,7 @@ impl GeniezoneVm {
pub fn create_irq_chip(&self) -> Result<()> { pub fn create_irq_chip(&self) -> Result<()> {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd and we verify the return result. // Safe because we know that our file is a VM fd and we verify the return result.
let ret = unsafe { ioctl(self, GZVM_CREATE_IRQCHIP()) }; let ret = unsafe { ioctl(self, GZVM_CREATE_IRQCHIP) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -669,7 +664,7 @@ impl GeniezoneVm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only read the // Safe because we know that our file is a VM fd, we know the kernel will only read the
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, GZVM_IRQ_LINE(), &irq_level) }; let ret = unsafe { ioctl_with_ref(self, GZVM_IRQ_LINE, &irq_level) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -699,7 +694,7 @@ impl GeniezoneVm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only read the // Safe because we know that our file is a VM fd, we know the kernel will only read the
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, GZVM_IRQFD(), &irqfd) }; let ret = unsafe { ioctl_with_ref(self, GZVM_IRQFD, &irqfd) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -722,7 +717,7 @@ impl GeniezoneVm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only read the // Safe because we know that our file is a VM fd, we know the kernel will only read the
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, GZVM_IRQFD(), &irqfd) }; let ret = unsafe { ioctl_with_ref(self, GZVM_IRQFD, &irqfd) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -780,7 +775,7 @@ impl GeniezoneVm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only read the // Safe because we know that our file is a VM fd, we know the kernel will only read the
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, GZVM_IOEVENTFD(), &ioeventfd) }; let ret = unsafe { ioctl_with_ref(self, GZVM_IOEVENTFD, &ioeventfd) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -795,7 +790,7 @@ impl GeniezoneVm {
// Safe because we know that our file is a GZVM fd, and if the cap is invalid GZVM assumes // Safe because we know that our file is a GZVM fd, and if the cap is invalid GZVM assumes
// it's an unavailable extension and returns 0. // it's an unavailable extension and returns 0.
unsafe { unsafe {
ioctl_with_ref(self, GZVM_CHECK_EXTENSION(), &cap); ioctl_with_ref(self, GZVM_CHECK_EXTENSION, &cap);
} }
cap == 1 cap == 1
} }
@ -819,7 +814,7 @@ impl GeniezoneVm {
}; };
// Safe because we allocated the struct and we know the kernel will read exactly the size of // Safe because we allocated the struct and we know the kernel will read exactly the size of
// the struct, and because we assume the caller has allocated the args appropriately. // the struct, and because we assume the caller has allocated the args appropriately.
let ret = ioctl_with_ref(self, GZVM_ENABLE_CAP(), &gzvm_cap); let ret = ioctl_with_ref(self, GZVM_ENABLE_CAP, &gzvm_cap);
if ret == 0 { if ret == 0 {
Ok(gzvm_cap) Ok(gzvm_cap)
} else { } else {
@ -831,7 +826,7 @@ impl GeniezoneVm {
// SAFETY: // SAFETY:
// Safe because we allocated the struct and we know the kernel will modify exactly the size // Safe because we allocated the struct and we know the kernel will modify exactly the size
// of the struct and the return value is checked. // of the struct and the return value is checked.
let ret = unsafe { base::ioctl_with_ref(self, GZVM_CREATE_DEVICE(), &dev) }; let ret = unsafe { base::ioctl_with_ref(self, GZVM_CREATE_DEVICE, &dev) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -1143,7 +1138,7 @@ impl Vcpu for GeniezoneVcpu {
fn run(&mut self) -> Result<VcpuExit> { fn run(&mut self) -> Result<VcpuExit> {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VCPU fd and we verify the return result. // Safe because we know that our file is a VCPU fd and we verify the return result.
let ret = unsafe { ioctl_with_val(self, GZVM_RUN(), self.run_mmap.as_ptr() as u64) }; let ret = unsafe { ioctl_with_val(self, GZVM_RUN, self.run_mmap.as_ptr() as u64) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }

View file

@ -127,7 +127,7 @@ unsafe fn android_lend_user_memory_region(
userspace_addr: userspace_addr as u64, userspace_addr: userspace_addr as u64,
}; };
let ret = ioctl_with_ref(vm, GH_VM_ANDROID_LEND_USER_MEM(), &region); let ret = ioctl_with_ref(vm, GH_VM_ANDROID_LEND_USER_MEM, &region);
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -163,7 +163,7 @@ unsafe fn set_user_memory_region(
userspace_addr: userspace_addr as u64, userspace_addr: userspace_addr as u64,
}; };
let ret = ioctl_with_ref(vm, GH_VM_SET_USER_MEM_REGION(), &region); let ret = ioctl_with_ref(vm, GH_VM_SET_USER_MEM_REGION, &region);
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -199,7 +199,7 @@ impl GunyahVm {
// SAFETY: // SAFETY:
// Safe because we know gunyah is a real gunyah fd as this module is the only one that can // Safe because we know gunyah is a real gunyah fd as this module is the only one that can
// make Gunyah objects. // make Gunyah objects.
let ret = unsafe { ioctl_with_val(gh, GH_CREATE_VM(), 0 as c_ulong) }; let ret = unsafe { ioctl_with_val(gh, GH_CREATE_VM, 0 as c_ulong) };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
} }
@ -273,7 +273,7 @@ impl GunyahVm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd and we verify the return result. // Safe because we know that our file is a VM fd and we verify the return result.
let fd = unsafe { ioctl_with_ref(self, GH_VM_ADD_FUNCTION(), &function_desc) }; let fd = unsafe { ioctl_with_ref(self, GH_VM_ADD_FUNCTION, &function_desc) };
if fd < 0 { if fd < 0 {
return errno_result(); return errno_result();
} }
@ -285,7 +285,7 @@ impl GunyahVm {
// SAFETY: // SAFETY:
// Safe because we know this is a Gunyah VCPU // Safe because we know this is a Gunyah VCPU
let res = unsafe { ioctl(&vcpu, GH_VCPU_MMAP_SIZE()) }; let res = unsafe { ioctl(&vcpu, GH_VCPU_MMAP_SIZE) };
if res < 0 { if res < 0 {
return errno_result(); return errno_result();
} }
@ -321,7 +321,7 @@ impl GunyahVm {
}; };
// SAFETY: safe because the return value is checked. // SAFETY: safe because the return value is checked.
let ret = unsafe { ioctl_with_ref(self, GH_VM_ADD_FUNCTION(), &function_desc) }; let ret = unsafe { ioctl_with_ref(self, GH_VM_ADD_FUNCTION, &function_desc) };
if ret == 0 { if ret == 0 {
self.routes self.routes
.lock() .lock()
@ -346,7 +346,7 @@ impl GunyahVm {
}; };
// SAFETY: safe because memory is not modified and the return value is checked. // SAFETY: safe because memory is not modified and the return value is checked.
let ret = unsafe { ioctl_with_ref(self, GH_VM_REMOVE_FUNCTION(), &function_desc) }; let ret = unsafe { ioctl_with_ref(self, GH_VM_REMOVE_FUNCTION, &function_desc) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -377,7 +377,7 @@ impl GunyahVm {
// SAFETY: // SAFETY:
// Safe because we know this is a Gunyah VM // Safe because we know this is a Gunyah VM
let ret = unsafe { ioctl_with_ref(self, GH_VM_SET_DTB_CONFIG(), &dtb_config) }; let ret = unsafe { ioctl_with_ref(self, GH_VM_SET_DTB_CONFIG, &dtb_config) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -393,7 +393,7 @@ impl GunyahVm {
// SAFETY: // SAFETY:
// Safe because we know this is a Gunyah VM // Safe because we know this is a Gunyah VM
let ret = unsafe { ioctl_with_ref(self, GH_VM_ANDROID_SET_FW_CONFIG(), &fw_config) }; let ret = unsafe { ioctl_with_ref(self, GH_VM_ANDROID_SET_FW_CONFIG, &fw_config) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -403,7 +403,7 @@ impl GunyahVm {
fn start(&self) -> Result<()> { fn start(&self) -> Result<()> {
// SAFETY: safe because memory is not modified and the return value is checked. // SAFETY: safe because memory is not modified and the return value is checked.
let ret = unsafe { ioctl(self, GH_VM_START()) }; let ret = unsafe { ioctl(self, GH_VM_START) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -592,7 +592,7 @@ impl Vm for GunyahVm {
}; };
// SAFETY: safe because memory is not modified and the return value is checked. // SAFETY: safe because memory is not modified and the return value is checked.
let ret = unsafe { ioctl_with_ref(self, GH_VM_ADD_FUNCTION(), &function_desc) }; let ret = unsafe { ioctl_with_ref(self, GH_VM_ADD_FUNCTION, &function_desc) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -624,7 +624,7 @@ impl Vm for GunyahVm {
}; };
// SAFETY: safe because memory is not modified and the return value is checked. // SAFETY: safe because memory is not modified and the return value is checked.
let ret = unsafe { ioctl_with_ref(self, GH_VM_REMOVE_FUNCTION(), &function_desc) }; let ret = unsafe { ioctl_with_ref(self, GH_VM_REMOVE_FUNCTION, &function_desc) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -738,7 +738,7 @@ impl Vcpu for GunyahVcpu {
fn run(&mut self) -> Result<VcpuExit> { fn run(&mut self) -> Result<VcpuExit> {
// SAFETY: // SAFETY:
// Safe because we know our file is a VCPU fd and we verify the return result. // Safe because we know our file is a VCPU fd and we verify the return result.
let ret = unsafe { ioctl(self, GH_VCPU_RUN()) }; let ret = unsafe { ioctl(self, GH_VCPU_RUN) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }

View file

@ -106,7 +106,7 @@ impl HaxmVcpu {
let mut state = vcpu_state_t::default(); let mut state = vcpu_state_t::default();
// SAFETY: trivially safe with return value checked. // SAFETY: trivially safe with return value checked.
let ret = unsafe { ioctl_with_mut_ref(self, HAX_VCPU_GET_REGS(), &mut state) }; let ret = unsafe { ioctl_with_mut_ref(self, HAX_VCPU_GET_REGS, &mut state) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -119,7 +119,7 @@ impl HaxmVcpu {
fn set_vcpu_state(&self, state: &mut VcpuState) -> Result<()> { fn set_vcpu_state(&self, state: &mut VcpuState) -> Result<()> {
// SAFETY: trivially safe with return value checked. // SAFETY: trivially safe with return value checked.
let ret = unsafe { ioctl_with_mut_ref(self, HAX_VCPU_SET_REGS(), &mut state.state) }; let ret = unsafe { ioctl_with_mut_ref(self, HAX_VCPU_SET_REGS, &mut state.state) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -290,7 +290,7 @@ impl Vcpu for HaxmVcpu {
fn run(&mut self) -> Result<VcpuExit> { fn run(&mut self) -> Result<VcpuExit> {
// TODO(b/315998194): Add safety comment // TODO(b/315998194): Add safety comment
#[allow(clippy::undocumented_unsafe_blocks)] #[allow(clippy::undocumented_unsafe_blocks)]
let ret = unsafe { ioctl(self, HAX_VCPU_IOCTL_RUN()) }; let ret = unsafe { ioctl(self, HAX_VCPU_IOCTL_RUN) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -348,7 +348,7 @@ impl VcpuX86_64 for HaxmVcpu {
let irq: u32 = irq.into(); let irq: u32 = irq.into();
// TODO(b/315998194): Add safety comment // TODO(b/315998194): Add safety comment
#[allow(clippy::undocumented_unsafe_blocks)] #[allow(clippy::undocumented_unsafe_blocks)]
let ret = unsafe { ioctl_with_ref(self, HAX_VCPU_IOCTL_INTERRUPT(), &irq) }; let ret = unsafe { ioctl_with_ref(self, HAX_VCPU_IOCTL_INTERRUPT, &irq) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -392,7 +392,7 @@ impl VcpuX86_64 for HaxmVcpu {
let mut fpu = fx_layout::default(); let mut fpu = fx_layout::default();
// TODO(b/315998194): Add safety comment // TODO(b/315998194): Add safety comment
#[allow(clippy::undocumented_unsafe_blocks)] #[allow(clippy::undocumented_unsafe_blocks)]
let ret = unsafe { ioctl_with_mut_ref(self, HAX_VCPU_IOCTL_GET_FPU(), &mut fpu) }; let ret = unsafe { ioctl_with_mut_ref(self, HAX_VCPU_IOCTL_GET_FPU, &mut fpu) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
@ -406,7 +406,7 @@ impl VcpuX86_64 for HaxmVcpu {
let mut current_fpu = fx_layout::default(); let mut current_fpu = fx_layout::default();
// TODO(b/315998194): Add safety comment // TODO(b/315998194): Add safety comment
#[allow(clippy::undocumented_unsafe_blocks)] #[allow(clippy::undocumented_unsafe_blocks)]
let ret = unsafe { ioctl_with_mut_ref(self, HAX_VCPU_IOCTL_GET_FPU(), &mut current_fpu) }; let ret = unsafe { ioctl_with_mut_ref(self, HAX_VCPU_IOCTL_GET_FPU, &mut current_fpu) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
@ -420,7 +420,7 @@ impl VcpuX86_64 for HaxmVcpu {
// TODO(b/315998194): Add safety comment // TODO(b/315998194): Add safety comment
#[allow(clippy::undocumented_unsafe_blocks)] #[allow(clippy::undocumented_unsafe_blocks)]
let ret = unsafe { ioctl_with_ref(self, HAX_VCPU_IOCTL_SET_FPU(), &new_fpu) }; let ret = unsafe { ioctl_with_ref(self, HAX_VCPU_IOCTL_SET_FPU, &new_fpu) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
@ -480,7 +480,7 @@ impl VcpuX86_64 for HaxmVcpu {
// TODO(b/315998194): Add safety comment // TODO(b/315998194): Add safety comment
#[allow(clippy::undocumented_unsafe_blocks)] #[allow(clippy::undocumented_unsafe_blocks)]
let ret = unsafe { ioctl_with_mut_ref(self, HAX_VCPU_IOCTL_GET_MSRS(), &mut msr_data) }; let ret = unsafe { ioctl_with_mut_ref(self, HAX_VCPU_IOCTL_GET_MSRS, &mut msr_data) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -503,7 +503,7 @@ impl VcpuX86_64 for HaxmVcpu {
// TODO(b/315998194): Add safety comment // TODO(b/315998194): Add safety comment
#[allow(clippy::undocumented_unsafe_blocks)] #[allow(clippy::undocumented_unsafe_blocks)]
let ret = unsafe { ioctl_with_mut_ref(self, HAX_VCPU_IOCTL_SET_MSRS(), &mut msr_data) }; let ret = unsafe { ioctl_with_mut_ref(self, HAX_VCPU_IOCTL_SET_MSRS, &mut msr_data) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -528,7 +528,7 @@ impl VcpuX86_64 for HaxmVcpu {
let ret = unsafe { let ret = unsafe {
ioctl_with_ptr_sized( ioctl_with_ptr_sized(
self, self,
HAX_VCPU_IOCTL_SET_CPUID(), HAX_VCPU_IOCTL_SET_CPUID,
hax.as_ptr(), hax.as_ptr(),
size_of::<hax_cpuid>() + total * size_of::<hax_cpuid_entry>(), size_of::<hax_cpuid>() + total * size_of::<hax_cpuid_entry>(),
) )

View file

@ -78,7 +78,7 @@ impl HaxmVm {
// SAFETY: // SAFETY:
// Safe because we know descriptor is a real haxm descriptor as this module is the only // Safe because we know descriptor is a real haxm descriptor as this module is the only
// one that can make Haxm objects. // one that can make Haxm objects.
let ret = unsafe { ioctl_with_mut_ref(haxm, HAX_IOCTL_CREATE_VM(), &mut vm_id) }; let ret = unsafe { ioctl_with_mut_ref(haxm, HAX_IOCTL_CREATE_VM, &mut vm_id) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -116,7 +116,7 @@ impl HaxmVm {
let ret = let ret =
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd and we verify the return result. // Safe because we know that our file is a VM fd and we verify the return result.
unsafe { ioctl_with_mut_ref(&self.haxm, HAX_IOCTL_CAPABILITY(), &mut capability_info) }; unsafe { ioctl_with_mut_ref(&self.haxm, HAX_IOCTL_CAPABILITY, &mut capability_info) };
if ret != 0 { if ret != 0 {
return false; return false;
@ -144,7 +144,7 @@ impl HaxmVm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd and we verify the return result. // Safe because we know that our file is a VM fd and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, HAX_VM_IOCTL_REGISTER_LOG_FILE(), &log_file) }; let ret = unsafe { ioctl_with_ref(self, HAX_VM_IOCTL_REGISTER_LOG_FILE, &log_file) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
@ -194,7 +194,7 @@ unsafe fn set_user_memory_region(
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd and we verify the return result. // Safe because we know that our file is a VM fd and we verify the return result.
let ret = ioctl_with_ref(descriptor, HAX_VM_IOCTL_SET_RAM2(), &ram_info); let ret = ioctl_with_ref(descriptor, HAX_VM_IOCTL_SET_RAM2, &ram_info);
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -439,7 +439,7 @@ impl VmX86_64 for HaxmVm {
fn create_vcpu(&self, id: usize) -> Result<Box<dyn VcpuX86_64>> { fn create_vcpu(&self, id: usize) -> Result<Box<dyn VcpuX86_64>> {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd and we verify the return result. // Safe because we know that our file is a VM fd and we verify the return result.
let fd = unsafe { ioctl_with_ref(self, HAX_VM_IOCTL_VCPU_CREATE(), &(id as u32)) }; let fd = unsafe { ioctl_with_ref(self, HAX_VM_IOCTL_VCPU_CREATE, &(id as u32)) };
if fd < 0 { if fd < 0 {
return errno_result(); return errno_result();
} }
@ -452,7 +452,7 @@ impl VmX86_64 for HaxmVm {
// SAFETY: // SAFETY:
// Safe because we created tunnel_info and we check the return code for errors // Safe because we created tunnel_info and we check the return code for errors
let ret = unsafe { let ret = unsafe {
ioctl_with_mut_ref(&descriptor, HAX_VCPU_IOCTL_SETUP_TUNNEL(), &mut tunnel_info) ioctl_with_mut_ref(&descriptor, HAX_VCPU_IOCTL_SETUP_TUNNEL, &mut tunnel_info)
}; };
if ret != 0 { if ret != 0 {

View file

@ -54,7 +54,7 @@ impl Kvm {
// SAFETY: // SAFETY:
// Safe because we know self is a real kvm fd // Safe because we know self is a real kvm fd
let ipa_size = match unsafe { let ipa_size = match unsafe {
ioctl_with_val(self, KVM_CHECK_EXTENSION(), KVM_CAP_ARM_VM_IPA_SIZE.into()) ioctl_with_val(self, KVM_CHECK_EXTENSION, KVM_CAP_ARM_VM_IPA_SIZE.into())
} { } {
// Not supported? Use 0 as the machine type, which implies 40bit IPA // Not supported? Use 0 as the machine type, which implies 40bit IPA
ret if ret < 0 => 0, ret if ret < 0 => 0,
@ -73,8 +73,7 @@ impl Kvm {
pub fn get_guest_phys_addr_bits(&self) -> u8 { pub fn get_guest_phys_addr_bits(&self) -> u8 {
// SAFETY: // SAFETY:
// Safe because we know self is a real kvm fd // Safe because we know self is a real kvm fd
match unsafe { ioctl_with_val(self, KVM_CHECK_EXTENSION(), KVM_CAP_ARM_VM_IPA_SIZE.into()) } match unsafe { ioctl_with_val(self, KVM_CHECK_EXTENSION, KVM_CAP_ARM_VM_IPA_SIZE.into()) } {
{
// Default physical address size is 40 bits if the extension is not supported. // Default physical address size is 40 bits if the extension is not supported.
ret if ret <= 0 => 40, ret if ret <= 0 => 40,
ipa => ipa as u8, ipa => ipa as u8,
@ -228,7 +227,7 @@ impl VmAArch64 for KvmVm {
reserved: 0, reserved: 0,
}; };
// SAFETY: self.vm is a valid KVM fd // SAFETY: self.vm is a valid KVM fd
let ret = unsafe { ioctl_with_ref(&self.vm, KVM_ARM_SET_COUNTER_OFFSET(), &off) }; let ret = unsafe { ioctl_with_ref(&self.vm, KVM_ARM_SET_COUNTER_OFFSET, &off) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -296,7 +295,7 @@ impl KvmVcpu {
// SAFETY: // SAFETY:
// Safe because we allocated the struct and we know the kernel will read exactly the size of // Safe because we allocated the struct and we know the kernel will read exactly the size of
// the struct. // the struct.
let ret = unsafe { ioctl_with_ref(self, KVM_SET_ONE_REG(), &onereg) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_ONE_REG, &onereg) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -335,7 +334,7 @@ impl KvmVcpu {
// SAFETY: // SAFETY:
// Safe because we allocated the struct and we know the kernel will read exactly the size of // Safe because we allocated the struct and we know the kernel will read exactly the size of
// the struct. // the struct.
let ret = unsafe { ioctl_with_ref(self, KVM_GET_ONE_REG(), &onereg) }; let ret = unsafe { ioctl_with_ref(self, KVM_GET_ONE_REG, &onereg) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -518,7 +517,7 @@ impl VcpuAArch64 for KvmVcpu {
// SAFETY: // SAFETY:
// Safe because we allocated the struct and we know the kernel will write exactly the size // Safe because we allocated the struct and we know the kernel will write exactly the size
// of the struct. // of the struct.
let ret = unsafe { ioctl_with_mut_ref(&self.vm, KVM_ARM_PREFERRED_TARGET(), &mut kvi) }; let ret = unsafe { ioctl_with_mut_ref(&self.vm, KVM_ARM_PREFERRED_TARGET, &mut kvi) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -535,7 +534,7 @@ impl VcpuAArch64 for KvmVcpu {
let check_extension = |ext: u32| -> bool { let check_extension = |ext: u32| -> bool {
// SAFETY: // SAFETY:
// Safe because we know self.vm is a real kvm fd // Safe because we know self.vm is a real kvm fd
unsafe { ioctl_with_val(&self.vm, KVM_CHECK_EXTENSION(), ext.into()) == 1 } unsafe { ioctl_with_val(&self.vm, KVM_CHECK_EXTENSION, ext.into()) == 1 }
}; };
if check_extension(KVM_CAP_ARM_PTRAUTH_ADDRESS) if check_extension(KVM_CAP_ARM_PTRAUTH_ADDRESS)
&& check_extension(KVM_CAP_ARM_PTRAUTH_GENERIC) && check_extension(KVM_CAP_ARM_PTRAUTH_GENERIC)
@ -547,7 +546,7 @@ impl VcpuAArch64 for KvmVcpu {
// SAFETY: // SAFETY:
// Safe because we allocated the struct and we know the kernel will read exactly the size of // Safe because we allocated the struct and we know the kernel will read exactly the size of
// the struct. // the struct.
let ret = unsafe { ioctl_with_ref(self, KVM_ARM_VCPU_INIT(), &kvi) }; let ret = unsafe { ioctl_with_ref(self, KVM_ARM_VCPU_INIT, &kvi) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -570,7 +569,7 @@ impl VcpuAArch64 for KvmVcpu {
// SAFETY: // SAFETY:
// Safe because we allocated the struct and we know the kernel will read exactly the size of // Safe because we allocated the struct and we know the kernel will read exactly the size of
// the struct. // the struct.
let ret = unsafe { ioctl_with_ref(self, kvm_sys::KVM_HAS_DEVICE_ATTR(), &irq_attr) }; let ret = unsafe { ioctl_with_ref(self, kvm_sys::KVM_HAS_DEVICE_ATTR, &irq_attr) };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
} }
@ -578,7 +577,7 @@ impl VcpuAArch64 for KvmVcpu {
// SAFETY: // SAFETY:
// Safe because we allocated the struct and we know the kernel will read exactly the size of // Safe because we allocated the struct and we know the kernel will read exactly the size of
// the struct. // the struct.
let ret = unsafe { ioctl_with_ref(self, kvm_sys::KVM_SET_DEVICE_ATTR(), &irq_attr) }; let ret = unsafe { ioctl_with_ref(self, kvm_sys::KVM_SET_DEVICE_ATTR, &irq_attr) };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
} }
@ -592,7 +591,7 @@ impl VcpuAArch64 for KvmVcpu {
// SAFETY: // SAFETY:
// Safe because we allocated the struct and we know the kernel will read exactly the size of // Safe because we allocated the struct and we know the kernel will read exactly the size of
// the struct. // the struct.
let ret = unsafe { ioctl_with_ref(self, kvm_sys::KVM_SET_DEVICE_ATTR(), &init_attr) }; let ret = unsafe { ioctl_with_ref(self, kvm_sys::KVM_SET_DEVICE_ATTR, &init_attr) };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
} }
@ -612,7 +611,7 @@ impl VcpuAArch64 for KvmVcpu {
// SAFETY: // SAFETY:
// Safe because we allocated the struct and we know the kernel will read exactly the size of // Safe because we allocated the struct and we know the kernel will read exactly the size of
// the struct. // the struct.
let ret = unsafe { ioctl_with_ref(self, kvm_sys::KVM_HAS_DEVICE_ATTR(), &pvtime_attr) }; let ret = unsafe { ioctl_with_ref(self, kvm_sys::KVM_HAS_DEVICE_ATTR, &pvtime_attr) };
ret >= 0 ret >= 0
} }
@ -631,7 +630,7 @@ impl VcpuAArch64 for KvmVcpu {
// SAFETY: // SAFETY:
// Safe because we allocated the struct and we know the kernel will read exactly the size of // Safe because we allocated the struct and we know the kernel will read exactly the size of
// the struct. // the struct.
let ret = unsafe { ioctl_with_ref(self, kvm_sys::KVM_SET_DEVICE_ATTR(), &pvtime_attr) }; let ret = unsafe { ioctl_with_ref(self, kvm_sys::KVM_SET_DEVICE_ATTR, &pvtime_attr) };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
} }
@ -699,7 +698,7 @@ impl VcpuAArch64 for KvmVcpu {
let max_hw_bps = unsafe { let max_hw_bps = unsafe {
ioctl_with_val( ioctl_with_val(
&self.vm, &self.vm,
KVM_CHECK_EXTENSION(), KVM_CHECK_EXTENSION,
KVM_CAP_GUEST_DEBUG_HW_BPS.into(), KVM_CAP_GUEST_DEBUG_HW_BPS.into(),
) )
}; };
@ -749,7 +748,7 @@ impl VcpuAArch64 for KvmVcpu {
// SAFETY: // SAFETY:
// Safe because the kernel won't read past the end of the kvm_guest_debug struct. // Safe because the kernel won't read past the end of the kvm_guest_debug struct.
let ret = unsafe { ioctl_with_ref(self, KVM_SET_GUEST_DEBUG(), &dbg) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_GUEST_DEBUG, &dbg) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {

View file

@ -122,7 +122,7 @@ unsafe fn set_user_memory_region(
userspace_addr: userspace_addr as u64, userspace_addr: userspace_addr as u64,
}; };
let ret = ioctl_with_ref(descriptor, KVM_SET_USER_MEMORY_REGION(), &region); let ret = ioctl_with_ref(descriptor, KVM_SET_USER_MEMORY_REGION, &region);
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -160,7 +160,7 @@ impl Kvm {
// SAFETY: // SAFETY:
// Safe because we know that the descriptor is valid and we verify the return result. // Safe because we know that the descriptor is valid and we verify the return result.
let version = unsafe { ioctl(&kvm, KVM_GET_API_VERSION()) }; let version = unsafe { ioctl(&kvm, KVM_GET_API_VERSION) };
if version < 0 { if version < 0 {
return errno_result(); return errno_result();
} }
@ -187,7 +187,7 @@ impl Kvm {
pub fn get_vcpu_mmap_size(&self) -> Result<usize> { pub fn get_vcpu_mmap_size(&self) -> Result<usize> {
// SAFETY: // SAFETY:
// Safe because we know that our file is a KVM fd and we verify the return result. // Safe because we know that our file is a KVM fd and we verify the return result.
let res = unsafe { ioctl(self, KVM_GET_VCPU_MMAP_SIZE()) }; let res = unsafe { ioctl(self, KVM_GET_VCPU_MMAP_SIZE) };
if res > 0 { if res > 0 {
Ok(res as usize) Ok(res as usize)
} else { } else {
@ -214,7 +214,7 @@ impl Hypervisor for Kvm {
// SAFETY: // SAFETY:
// this ioctl is safe because we know this kvm descriptor is valid, // this ioctl is safe because we know this kvm descriptor is valid,
// and we are copying over the kvm capability (u32) as a c_ulong value. // and we are copying over the kvm capability (u32) as a c_ulong value.
unsafe { ioctl_with_val(self, KVM_CHECK_EXTENSION(), kvm_cap as c_ulong) == 1 } unsafe { ioctl_with_val(self, KVM_CHECK_EXTENSION, kvm_cap as c_ulong) == 1 }
} else { } else {
// this capability cannot be converted on this platform, so return false // this capability cannot be converted on this platform, so return false
false false
@ -241,7 +241,7 @@ impl KvmVm {
let ret = unsafe { let ret = unsafe {
ioctl_with_val( ioctl_with_val(
kvm, kvm,
KVM_CREATE_VM(), KVM_CREATE_VM,
kvm.get_vm_type(cfg.protection_type)? as c_ulong, kvm.get_vm_type(cfg.protection_type)? as c_ulong,
) )
}; };
@ -284,7 +284,7 @@ impl KvmVm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd and we verify the return result. // Safe because we know that our file is a VM fd and we verify the return result.
let fd = unsafe { ioctl_with_val(self, KVM_CREATE_VCPU(), c_ulong::try_from(id).unwrap()) }; let fd = unsafe { ioctl_with_val(self, KVM_CREATE_VCPU, c_ulong::try_from(id).unwrap()) };
if fd < 0 { if fd < 0 {
return errno_result(); return errno_result();
} }
@ -321,7 +321,7 @@ impl KvmVm {
pub fn create_irq_chip(&self) -> Result<()> { pub fn create_irq_chip(&self) -> Result<()> {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd and we verify the return result. // Safe because we know that our file is a VM fd and we verify the return result.
let ret = unsafe { ioctl(self, KVM_CREATE_IRQCHIP()) }; let ret = unsafe { ioctl(self, KVM_CREATE_IRQCHIP) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -338,7 +338,7 @@ impl KvmVm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only read the // Safe because we know that our file is a VM fd, we know the kernel will only read the
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, KVM_IRQ_LINE(), &irq_level) }; let ret = unsafe { ioctl_with_ref(self, KVM_IRQ_LINE, &irq_level) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -368,7 +368,7 @@ impl KvmVm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only read the // Safe because we know that our file is a VM fd, we know the kernel will only read the
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, KVM_IRQFD(), &irqfd) }; let ret = unsafe { ioctl_with_ref(self, KVM_IRQFD, &irqfd) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -391,7 +391,7 @@ impl KvmVm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only read the // Safe because we know that our file is a VM fd, we know the kernel will only read the
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, KVM_IRQFD(), &irqfd) }; let ret = unsafe { ioctl_with_ref(self, KVM_IRQFD, &irqfd) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -416,7 +416,7 @@ impl KvmVm {
// TODO(b/315998194): Add safety comment // TODO(b/315998194): Add safety comment
#[allow(clippy::undocumented_unsafe_blocks)] #[allow(clippy::undocumented_unsafe_blocks)]
let ret = unsafe { ioctl_with_ref(self, KVM_SET_GSI_ROUTING(), &irq_routing[0]) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_GSI_ROUTING, &irq_routing[0]) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -474,7 +474,7 @@ impl KvmVm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only read the // Safe because we know that our file is a VM fd, we know the kernel will only read the
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, KVM_IOEVENTFD(), &ioeventfd) }; let ret = unsafe { ioctl_with_ref(self, KVM_IOEVENTFD, &ioeventfd) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -487,7 +487,7 @@ impl KvmVm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a KVM fd, and if the cap is invalid KVM assumes // Safe because we know that our file is a KVM fd, and if the cap is invalid KVM assumes
// it's an unavailable extension and returns 0. // it's an unavailable extension and returns 0.
let ret = unsafe { ioctl_with_val(self, KVM_CHECK_EXTENSION(), capability as c_ulong) }; let ret = unsafe { ioctl_with_val(self, KVM_CHECK_EXTENSION, capability as c_ulong) };
match capability { match capability {
#[cfg(target_arch = "x86_64")] #[cfg(target_arch = "x86_64")]
KvmCap::BusLockDetect => { KvmCap::BusLockDetect => {
@ -524,7 +524,7 @@ impl KvmVm {
// SAFETY: // SAFETY:
// Safe because we allocated the struct and we know the kernel will read exactly the size of // Safe because we allocated the struct and we know the kernel will read exactly the size of
// the struct, and because we assume the caller has allocated the args appropriately. // the struct, and because we assume the caller has allocated the args appropriately.
let ret = ioctl_with_ref(self, KVM_ENABLE_CAP(), &kvm_cap); let ret = ioctl_with_ref(self, KVM_ENABLE_CAP, &kvm_cap);
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -753,7 +753,7 @@ impl Vm for KvmVm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only write correct // Safe because we know that our file is a VM fd, we know the kernel will only write correct
// amount of memory to our pointer, and we verify the return result. // amount of memory to our pointer, and we verify the return result.
let ret = unsafe { base::ioctl_with_ref(self, KVM_CREATE_DEVICE(), &device) }; let ret = unsafe { base::ioctl_with_ref(self, KVM_CREATE_DEVICE, &device) };
if ret == 0 { if ret == 0 {
Ok( Ok(
// SAFETY: // SAFETY:
@ -781,7 +781,7 @@ impl Vm for KvmVm {
// SAFETY: // SAFETY:
// Safe because the `dirty_bitmap` pointer assigned above is guaranteed to be valid (because // Safe because the `dirty_bitmap` pointer assigned above is guaranteed to be valid (because
// it's from a slice) and we checked that it will be large enough to hold the entire log. // it's from a slice) and we checked that it will be large enough to hold the entire log.
let ret = unsafe { ioctl_with_ref(self, KVM_GET_DIRTY_LOG(), &dirty_log_kvm) }; let ret = unsafe { ioctl_with_ref(self, KVM_GET_DIRTY_LOG, &dirty_log_kvm) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -939,7 +939,7 @@ impl Vcpu for KvmVcpu {
if self.cap_kvmclock_ctrl { if self.cap_kvmclock_ctrl {
// SAFETY: // SAFETY:
// The ioctl is safe because it does not read or write memory in this process. // The ioctl is safe because it does not read or write memory in this process.
if unsafe { ioctl(self, KVM_KVMCLOCK_CTRL()) } != 0 { if unsafe { ioctl(self, KVM_KVMCLOCK_CTRL) } != 0 {
// Even if the host kernel supports the capability, it may not be configured by // Even if the host kernel supports the capability, it may not be configured by
// the guest - for example, when the guest kernel offlines a CPU. // the guest - for example, when the guest kernel offlines a CPU.
if Error::last().errno() != libc::EINVAL { if Error::last().errno() != libc::EINVAL {
@ -960,7 +960,7 @@ impl Vcpu for KvmVcpu {
// SAFETY: // SAFETY:
// Safe because we allocated the struct and we know the kernel will read exactly the size of // Safe because we allocated the struct and we know the kernel will read exactly the size of
// the struct, and because we assume the caller has allocated the args appropriately. // the struct, and because we assume the caller has allocated the args appropriately.
let ret = ioctl_with_ref(self, KVM_ENABLE_CAP(), &kvm_cap); let ret = ioctl_with_ref(self, KVM_ENABLE_CAP, &kvm_cap);
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -974,7 +974,7 @@ impl Vcpu for KvmVcpu {
fn run(&mut self) -> Result<VcpuExit> { fn run(&mut self) -> Result<VcpuExit> {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VCPU fd and we verify the return result. // Safe because we know that our file is a VCPU fd and we verify the return result.
let ret = unsafe { ioctl(self, KVM_RUN()) }; let ret = unsafe { ioctl(self, KVM_RUN) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -1149,7 +1149,7 @@ impl KvmVcpu {
// Safe because we know that our file is a VCPU fd, we know the kernel will only write // Safe because we know that our file is a VCPU fd, we know the kernel will only write
// the correct amount of memory to our pointer, and we verify the return // the correct amount of memory to our pointer, and we verify the return
// result. // result.
unsafe { ioctl_with_mut_ref(self, KVM_GET_MP_STATE(), &mut state) } unsafe { ioctl_with_mut_ref(self, KVM_GET_MP_STATE, &mut state) }
}; };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
@ -1168,7 +1168,7 @@ impl KvmVcpu {
let ret = { let ret = {
// SAFETY: // SAFETY:
// The ioctl is safe because the kernel will only read from the kvm_mp_state struct. // The ioctl is safe because the kernel will only read from the kvm_mp_state struct.
unsafe { ioctl_with_ref(self, KVM_SET_MP_STATE(), state) } unsafe { ioctl_with_ref(self, KVM_SET_MP_STATE, state) }
}; };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();

View file

@ -147,7 +147,7 @@ impl VcpuRiscv64 for KvmVcpu {
}; };
// Safe because we allocated the struct and we know the kernel will read exactly the size of // Safe because we allocated the struct and we know the kernel will read exactly the size of
// the struct. // the struct.
let ret = unsafe { ioctl_with_ref(self, KVM_SET_ONE_REG(), &onereg) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_ONE_REG, &onereg) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -164,7 +164,7 @@ impl VcpuRiscv64 for KvmVcpu {
// Safe because we allocated the struct and we know the kernel will read exactly the size of // Safe because we allocated the struct and we know the kernel will read exactly the size of
// the struct. // the struct.
let ret = unsafe { ioctl_with_ref(self, KVM_GET_ONE_REG(), &onereg) }; let ret = unsafe { ioctl_with_ref(self, KVM_GET_ONE_REG, &onereg) };
if ret == 0 { if ret == 0 {
Ok(val) Ok(val)
} else { } else {

View file

@ -174,11 +174,11 @@ impl Kvm {
impl HypervisorX86_64 for Kvm { impl HypervisorX86_64 for Kvm {
fn get_supported_cpuid(&self) -> Result<CpuId> { fn get_supported_cpuid(&self) -> Result<CpuId> {
self.get_cpuid(KVM_GET_SUPPORTED_CPUID()) self.get_cpuid(KVM_GET_SUPPORTED_CPUID)
} }
fn get_emulated_cpuid(&self) -> Result<CpuId> { fn get_emulated_cpuid(&self) -> Result<CpuId> {
self.get_cpuid(KVM_GET_EMULATED_CPUID()) self.get_cpuid(KVM_GET_EMULATED_CPUID)
} }
fn get_msr_index_list(&self) -> Result<Vec<u32>> { fn get_msr_index_list(&self) -> Result<Vec<u32>> {
@ -192,7 +192,7 @@ impl HypervisorX86_64 for Kvm {
// ioctl is unsafe. The kernel is trusted not to write beyond the bounds of the memory // ioctl is unsafe. The kernel is trusted not to write beyond the bounds of the memory
// allocated for the struct. The limit is read from nmsrs, which is set to the allocated // allocated for the struct. The limit is read from nmsrs, which is set to the allocated
// size (MAX_KVM_MSR_ENTRIES) above. // size (MAX_KVM_MSR_ENTRIES) above.
unsafe { ioctl_with_mut_ref(self, KVM_GET_MSR_INDEX_LIST(), &mut msr_list[0]) } unsafe { ioctl_with_mut_ref(self, KVM_GET_MSR_INDEX_LIST, &mut msr_list[0]) }
}; };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
@ -247,7 +247,7 @@ impl KvmVm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only write correct // Safe because we know that our file is a VM fd, we know the kernel will only write correct
// amount of memory to our pointer, and we verify the return result. // amount of memory to our pointer, and we verify the return result.
unsafe { ioctl_with_mut_ref(self, KVM_GET_CLOCK(), &mut clock_data) }; unsafe { ioctl_with_mut_ref(self, KVM_GET_CLOCK, &mut clock_data) };
if ret == 0 { if ret == 0 {
Ok(ClockState::from(&clock_data)) Ok(ClockState::from(&clock_data))
} else { } else {
@ -261,7 +261,7 @@ impl KvmVm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only read correct // Safe because we know that our file is a VM fd, we know the kernel will only read correct
// amount of memory from our pointer, and we verify the return result. // amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, KVM_SET_CLOCK(), &clock_data) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_CLOCK, &clock_data) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -281,7 +281,7 @@ impl KvmVm {
// SAFETY: // SAFETY:
// Safe because we know our file is a VM fd, we know the kernel will only write // Safe because we know our file is a VM fd, we know the kernel will only write
// correct amount of memory to our pointer, and we verify the return result. // correct amount of memory to our pointer, and we verify the return result.
unsafe { ioctl_with_mut_ref(self, KVM_GET_IRQCHIP(), &mut irqchip_state) } unsafe { ioctl_with_mut_ref(self, KVM_GET_IRQCHIP, &mut irqchip_state) }
}; };
if ret == 0 { if ret == 0 {
Ok( Ok(
@ -307,7 +307,7 @@ impl KvmVm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only read // Safe because we know that our file is a VM fd, we know the kernel will only read
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, KVM_SET_IRQCHIP(), &irqchip_state) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_IRQCHIP, &irqchip_state) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -332,7 +332,7 @@ impl KvmVm {
// SAFETY: // SAFETY:
// Safe because we know our file is a VM fd, we know the kernel will only write // Safe because we know our file is a VM fd, we know the kernel will only write
// correct amount of memory to our pointer, and we verify the return result. // correct amount of memory to our pointer, and we verify the return result.
unsafe { ioctl_with_mut_ref(self, KVM_GET_IRQCHIP(), &mut irqchip_state) } unsafe { ioctl_with_mut_ref(self, KVM_GET_IRQCHIP, &mut irqchip_state) }
}; };
if ret == 0 { if ret == 0 {
Ok( Ok(
@ -358,7 +358,7 @@ impl KvmVm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only read // Safe because we know that our file is a VM fd, we know the kernel will only read
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, KVM_SET_IRQCHIP(), &irqchip_state) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_IRQCHIP, &irqchip_state) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -374,7 +374,7 @@ impl KvmVm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only read the // Safe because we know that our file is a VM fd, we know the kernel will only read the
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, KVM_CREATE_PIT2(), &pit_config) }; let ret = unsafe { ioctl_with_ref(self, KVM_CREATE_PIT2, &pit_config) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -390,7 +390,7 @@ impl KvmVm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only write // Safe because we know that our file is a VM fd, we know the kernel will only write
// correct amount of memory to our pointer, and we verify the return result. // correct amount of memory to our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_PIT2(), &mut pit_state) }; let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_PIT2, &mut pit_state) };
if ret == 0 { if ret == 0 {
Ok(pit_state) Ok(pit_state)
} else { } else {
@ -405,7 +405,7 @@ impl KvmVm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only read // Safe because we know that our file is a VM fd, we know the kernel will only read
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, KVM_SET_PIT2(), pit_state) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_PIT2, pit_state) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -425,7 +425,7 @@ impl KvmVm {
// Safe because we know that our file is a VM fd, we know that the // Safe because we know that our file is a VM fd, we know that the
// kernel will only read correct amount of memory from our pointer, and // kernel will only read correct amount of memory from our pointer, and
// we verify the return result. // we verify the return result.
let ret = unsafe { ioctl_with_ref(self, KVM_ENABLE_CAP(), &cap) }; let ret = unsafe { ioctl_with_ref(self, KVM_ENABLE_CAP, &cap) };
if ret < 0 { if ret < 0 {
errno_result() errno_result()
} else { } else {
@ -443,7 +443,7 @@ impl KvmVm {
// SAFETY: // SAFETY:
// safe becuase we allocated the struct and we know the kernel will read // safe becuase we allocated the struct and we know the kernel will read
// exactly the size of the struct // exactly the size of the struct
let ret = unsafe { ioctl_with_ref(self, KVM_ENABLE_CAP(), &cap) }; let ret = unsafe { ioctl_with_ref(self, KVM_ENABLE_CAP, &cap) };
if ret < 0 { if ret < 0 {
errno_result() errno_result()
} else { } else {
@ -469,7 +469,7 @@ impl VmX86_64 for KvmVm {
fn set_tss_addr(&self, addr: GuestAddress) -> Result<()> { fn set_tss_addr(&self, addr: GuestAddress) -> Result<()> {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd and we verify the return result. // Safe because we know that our file is a VM fd and we verify the return result.
let ret = unsafe { ioctl_with_val(self, KVM_SET_TSS_ADDR(), addr.offset()) }; let ret = unsafe { ioctl_with_val(self, KVM_SET_TSS_ADDR, addr.offset()) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -483,7 +483,7 @@ impl VmX86_64 for KvmVm {
fn set_identity_map_addr(&self, addr: GuestAddress) -> Result<()> { fn set_identity_map_addr(&self, addr: GuestAddress) -> Result<()> {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd and we verify the return result. // Safe because we know that our file is a VM fd and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, KVM_SET_IDENTITY_MAP_ADDR(), &addr.offset()) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_IDENTITY_MAP_ADDR, &addr.offset()) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -509,7 +509,7 @@ impl KvmVcpu {
let size = { let size = {
// SAFETY: // SAFETY:
// Safe because we know that our file is a valid VM fd // Safe because we know that our file is a valid VM fd
unsafe { ioctl_with_val(&self.vm, KVM_CHECK_EXTENSION(), KVM_CAP_XSAVE2 as u64) } unsafe { ioctl_with_val(&self.vm, KVM_CHECK_EXTENSION, KVM_CAP_XSAVE2 as u64) }
}; };
if size < 0 { if size < 0 {
return errno_result(); return errno_result();
@ -569,7 +569,7 @@ impl VcpuX86_64 for KvmVcpu {
// SAFETY: // SAFETY:
// safe becuase we allocated the struct and we know the kernel will read // safe becuase we allocated the struct and we know the kernel will read
// exactly the size of the struct // exactly the size of the struct
let ret = unsafe { ioctl_with_ref(self, KVM_INTERRUPT(), &interrupt) }; let ret = unsafe { ioctl_with_ref(self, KVM_INTERRUPT, &interrupt) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -580,7 +580,7 @@ impl VcpuX86_64 for KvmVcpu {
fn inject_nmi(&self) -> Result<()> { fn inject_nmi(&self) -> Result<()> {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VCPU fd. // Safe because we know that our file is a VCPU fd.
let ret = unsafe { ioctl(self, KVM_NMI()) }; let ret = unsafe { ioctl(self, KVM_NMI) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -595,7 +595,7 @@ impl VcpuX86_64 for KvmVcpu {
// Safe because we know that our file is a VCPU fd, we know the kernel will only read // Safe because we know that our file is a VCPU fd, we know the kernel will only read
// the correct amount of memory from our pointer, and we verify the return // the correct amount of memory from our pointer, and we verify the return
// result. // result.
unsafe { ioctl_with_mut_ref(self, KVM_GET_REGS(), &mut regs) } unsafe { ioctl_with_mut_ref(self, KVM_GET_REGS, &mut regs) }
}; };
if ret == 0 { if ret == 0 {
Ok(Regs::from(&regs)) Ok(Regs::from(&regs))
@ -611,7 +611,7 @@ impl VcpuX86_64 for KvmVcpu {
// Safe because we know that our file is a VCPU fd, we know the kernel will only read // Safe because we know that our file is a VCPU fd, we know the kernel will only read
// the correct amount of memory from our pointer, and we verify the return // the correct amount of memory from our pointer, and we verify the return
// result. // result.
unsafe { ioctl_with_ref(self, KVM_SET_REGS(), &regs) } unsafe { ioctl_with_ref(self, KVM_SET_REGS, &regs) }
}; };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
@ -627,7 +627,7 @@ impl VcpuX86_64 for KvmVcpu {
// Safe because we know that our file is a VCPU fd, we know the kernel will only write // Safe because we know that our file is a VCPU fd, we know the kernel will only write
// the correct amount of memory to our pointer, and we verify the return // the correct amount of memory to our pointer, and we verify the return
// result. // result.
unsafe { ioctl_with_mut_ref(self, KVM_GET_SREGS(), &mut regs) } unsafe { ioctl_with_mut_ref(self, KVM_GET_SREGS, &mut regs) }
}; };
if ret == 0 { if ret == 0 {
Ok(Sregs::from(&regs)) Ok(Sregs::from(&regs))
@ -643,7 +643,7 @@ impl VcpuX86_64 for KvmVcpu {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VCPU fd, we know the kernel will only write the // Safe because we know that our file is a VCPU fd, we know the kernel will only write the
// correct amount of memory to our pointer, and we verify the return result. // correct amount of memory to our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_SREGS(), &mut kvm_sregs) }; let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_SREGS, &mut kvm_sregs) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -668,7 +668,7 @@ impl VcpuX86_64 for KvmVcpu {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VCPU fd, we know the kernel will only read the // Safe because we know that our file is a VCPU fd, we know the kernel will only read the
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, KVM_SET_SREGS(), &kvm_sregs) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_SREGS, &kvm_sregs) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -681,7 +681,7 @@ impl VcpuX86_64 for KvmVcpu {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VCPU fd, we know the kernel will only write the // Safe because we know that our file is a VCPU fd, we know the kernel will only write the
// correct amount of memory to our pointer, and we verify the return result. // correct amount of memory to our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_FPU(), &mut fpu) }; let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_FPU, &mut fpu) };
if ret == 0 { if ret == 0 {
Ok(Fpu::from(&fpu)) Ok(Fpu::from(&fpu))
} else { } else {
@ -694,7 +694,7 @@ impl VcpuX86_64 for KvmVcpu {
let ret = { let ret = {
// SAFETY: // SAFETY:
// Here we trust the kernel not to read past the end of the kvm_fpu struct. // Here we trust the kernel not to read past the end of the kvm_fpu struct.
unsafe { ioctl_with_ref(self, KVM_SET_FPU(), &fpu) } unsafe { ioctl_with_ref(self, KVM_SET_FPU, &fpu) }
}; };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
@ -707,9 +707,9 @@ impl VcpuX86_64 for KvmVcpu {
fn get_xsave(&self) -> Result<Xsave> { fn get_xsave(&self) -> Result<Xsave> {
let size = self.xsave_size()?; let size = self.xsave_size()?;
let ioctl_nr = if size > KVM_XSAVE_MAX_SIZE { let ioctl_nr = if size > KVM_XSAVE_MAX_SIZE {
KVM_GET_XSAVE2() KVM_GET_XSAVE2
} else { } else {
KVM_GET_XSAVE() KVM_GET_XSAVE
}; };
let mut xsave = Xsave::new(size); let mut xsave = Xsave::new(size);
@ -737,7 +737,7 @@ impl VcpuX86_64 for KvmVcpu {
// correct amount of memory to our pointer, and we verify the return result. // correct amount of memory to our pointer, and we verify the return result.
// Because of the len check above, and because the layout of `struct kvm_xsave` is // Because of the len check above, and because the layout of `struct kvm_xsave` is
// compatible with a slice of `u32`, we can pass the pointer to `xsave` directly. // compatible with a slice of `u32`, we can pass the pointer to `xsave` directly.
let ret = unsafe { ioctl_with_ptr(self, KVM_SET_XSAVE(), xsave.as_ptr()) }; let ret = unsafe { ioctl_with_ptr(self, KVM_SET_XSAVE, xsave.as_ptr()) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -752,7 +752,7 @@ impl VcpuX86_64 for KvmVcpu {
// Safe because we know that our file is a VCPU fd, we know the kernel will only write // Safe because we know that our file is a VCPU fd, we know the kernel will only write
// the correct amount of memory to our pointer, and we verify the return // the correct amount of memory to our pointer, and we verify the return
// result. // result.
unsafe { ioctl_with_mut_ref(self, KVM_GET_VCPU_EVENTS(), &mut vcpu_evts) } unsafe { ioctl_with_mut_ref(self, KVM_GET_VCPU_EVENTS, &mut vcpu_evts) }
}; };
if ret == 0 { if ret == 0 {
Ok( Ok(
@ -777,7 +777,7 @@ impl VcpuX86_64 for KvmVcpu {
// Safe because we know that our file is a VCPU fd, we know the kernel will only read // Safe because we know that our file is a VCPU fd, we know the kernel will only read
// the correct amount of memory from our pointer, and we verify the return // the correct amount of memory from our pointer, and we verify the return
// result. // result.
unsafe { ioctl_with_ref(self, KVM_SET_VCPU_EVENTS(), &vcpu_events) } unsafe { ioctl_with_ref(self, KVM_SET_VCPU_EVENTS, &vcpu_events) }
}; };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
@ -791,7 +791,7 @@ impl VcpuX86_64 for KvmVcpu {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VCPU fd, we know the kernel will only write the // Safe because we know that our file is a VCPU fd, we know the kernel will only write the
// correct amount of memory to our pointer, and we verify the return result. // correct amount of memory to our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_DEBUGREGS(), &mut regs) }; let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_DEBUGREGS, &mut regs) };
if ret == 0 { if ret == 0 {
Ok(DebugRegs::from(&regs)) Ok(DebugRegs::from(&regs))
} else { } else {
@ -804,7 +804,7 @@ impl VcpuX86_64 for KvmVcpu {
let ret = { let ret = {
// SAFETY: // SAFETY:
// Here we trust the kernel not to read past the end of the kvm_debugregs struct. // Here we trust the kernel not to read past the end of the kvm_debugregs struct.
unsafe { ioctl_with_ref(self, KVM_SET_DEBUGREGS(), &dregs) } unsafe { ioctl_with_ref(self, KVM_SET_DEBUGREGS, &dregs) }
}; };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
@ -818,7 +818,7 @@ impl VcpuX86_64 for KvmVcpu {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VCPU fd, we know the kernel will only write the // Safe because we know that our file is a VCPU fd, we know the kernel will only write the
// correct amount of memory to our pointer, and we verify the return result. // correct amount of memory to our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_XCRS(), &mut regs) }; let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_XCRS, &mut regs) };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
} }
@ -842,7 +842,7 @@ impl VcpuX86_64 for KvmVcpu {
let ret = { let ret = {
// SAFETY: // SAFETY:
// Here we trust the kernel not to read past the end of the kvm_xcrs struct. // Here we trust the kernel not to read past the end of the kvm_xcrs struct.
unsafe { ioctl_with_ref(self, KVM_SET_XCRS(), &kvm_xcr) } unsafe { ioctl_with_ref(self, KVM_SET_XCRS, &kvm_xcr) }
}; };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
@ -864,7 +864,7 @@ impl VcpuX86_64 for KvmVcpu {
let ret = { let ret = {
// SAFETY: // SAFETY:
// Here we trust the kernel not to read or write past the end of the kvm_msrs struct. // Here we trust the kernel not to read or write past the end of the kvm_msrs struct.
unsafe { ioctl_with_ref(self, KVM_GET_MSRS(), &msrs[0]) } unsafe { ioctl_with_ref(self, KVM_GET_MSRS, &msrs[0]) }
}; };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
@ -904,7 +904,7 @@ impl VcpuX86_64 for KvmVcpu {
let ret = { let ret = {
// SAFETY: // SAFETY:
// Here we trust the kernel not to read or write past the end of the kvm_msrs struct. // Here we trust the kernel not to read or write past the end of the kvm_msrs struct.
unsafe { ioctl_with_ref(self, KVM_GET_MSRS(), &kvm_msrs[0]) } unsafe { ioctl_with_ref(self, KVM_GET_MSRS, &kvm_msrs[0]) }
}; };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
@ -950,7 +950,7 @@ impl VcpuX86_64 for KvmVcpu {
let ret = { let ret = {
// SAFETY: // SAFETY:
// Here we trust the kernel not to read past the end of the kvm_msrs struct. // Here we trust the kernel not to read past the end of the kvm_msrs struct.
unsafe { ioctl_with_ref(self, KVM_SET_MSRS(), &kvm_msrs[0]) } unsafe { ioctl_with_ref(self, KVM_SET_MSRS, &kvm_msrs[0]) }
}; };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
@ -970,7 +970,7 @@ impl VcpuX86_64 for KvmVcpu {
let ret = { let ret = {
// SAFETY: // SAFETY:
// Here we trust the kernel not to read past the end of the kvm_msrs struct. // Here we trust the kernel not to read past the end of the kvm_msrs struct.
unsafe { ioctl_with_ptr(self, KVM_SET_CPUID2(), cpuid.as_ptr()) } unsafe { ioctl_with_ptr(self, KVM_SET_CPUID2, cpuid.as_ptr()) }
}; };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
@ -1010,7 +1010,7 @@ impl VcpuX86_64 for KvmVcpu {
let ret = { let ret = {
// SAFETY: // SAFETY:
// Here we trust the kernel not to read past the end of the kvm_guest_debug struct. // Here we trust the kernel not to read past the end of the kvm_guest_debug struct.
unsafe { ioctl_with_ref(self, KVM_SET_GUEST_DEBUG(), &dbg) } unsafe { ioctl_with_ref(self, KVM_SET_GUEST_DEBUG, &dbg) }
}; };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
@ -1042,7 +1042,7 @@ impl KvmVcpu {
// SAFETY: // SAFETY:
// The ioctl is unsafe unless you trust the kernel not to write past the end of the // The ioctl is unsafe unless you trust the kernel not to write past the end of the
// local_apic struct. // local_apic struct.
unsafe { ioctl_with_mut_ref(self, KVM_GET_LAPIC(), &mut klapic) } unsafe { ioctl_with_mut_ref(self, KVM_GET_LAPIC, &mut klapic) }
}; };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
@ -1058,7 +1058,7 @@ impl KvmVcpu {
let ret = { let ret = {
// SAFETY: // SAFETY:
// The ioctl is safe because the kernel will only read from the klapic struct. // The ioctl is safe because the kernel will only read from the klapic struct.
unsafe { ioctl_with_ref(self, KVM_SET_LAPIC(), klapic) } unsafe { ioctl_with_ref(self, KVM_SET_LAPIC, klapic) }
}; };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
@ -1088,7 +1088,7 @@ impl KvmVcpu {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VCPU fd, we know the kernel will only write the // Safe because we know that our file is a VCPU fd, we know the kernel will only write the
// correct amount of memory to our pointer, and we verify the return result. // correct amount of memory to our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_SREGS(), &mut regs) }; let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_SREGS, &mut regs) };
if ret >= 0 { if ret >= 0 {
Ok(regs.interrupt_bitmap) Ok(regs.interrupt_bitmap)
} else { } else {
@ -1107,14 +1107,14 @@ impl KvmVcpu {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VCPU fd, we know the kernel will only write the // Safe because we know that our file is a VCPU fd, we know the kernel will only write the
// correct amount of memory to our pointer, and we verify the return result. // correct amount of memory to our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_SREGS(), &mut regs) }; let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_SREGS, &mut regs) };
if ret >= 0 { if ret >= 0 {
regs.interrupt_bitmap = interrupt_bitmap; regs.interrupt_bitmap = interrupt_bitmap;
// SAFETY: // SAFETY:
// Safe because we know that our file is a VCPU fd, we know the kernel will only read // Safe because we know that our file is a VCPU fd, we know the kernel will only read
// the correct amount of memory from our pointer, and we verify the return // the correct amount of memory from our pointer, and we verify the return
// result. // result.
let ret = unsafe { ioctl_with_ref(self, KVM_SET_SREGS(), &regs) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_SREGS, &regs) };
if ret >= 0 { if ret >= 0 {
Ok(()) Ok(())
} else { } else {

View file

@ -57,7 +57,7 @@ fn get_msr_index_list() {
#[test] #[test]
fn entries_double_on_error() { fn entries_double_on_error() {
let hypervisor = Kvm::new().unwrap(); let hypervisor = Kvm::new().unwrap();
let cpuid = get_cpuid_with_initial_capacity(&hypervisor, KVM_GET_SUPPORTED_CPUID(), 4).unwrap(); let cpuid = get_cpuid_with_initial_capacity(&hypervisor, KVM_GET_SUPPORTED_CPUID, 4).unwrap();
assert!(cpuid.cpu_id_entries.len() > 4); assert!(cpuid.cpu_id_entries.len() > 4);
} }

View file

@ -113,7 +113,7 @@ unsafe fn set_user_memory_region<F: AsRawDescriptor>(
userspace_addr: userspace_addr as u64, userspace_addr: userspace_addr as u64,
}; };
let ret = ioctl_with_ref(fd, KVM_SET_USER_MEMORY_REGION(), &region); let ret = ioctl_with_ref(fd, KVM_SET_USER_MEMORY_REGION, &region);
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -168,7 +168,7 @@ impl Kvm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a KVM fd and that the extension is one of the ones // Safe because we know that our file is a KVM fd and that the extension is one of the ones
// defined by kernel. // defined by kernel.
unsafe { ioctl_with_val(self, KVM_CHECK_EXTENSION(), c as c_ulong) } unsafe { ioctl_with_val(self, KVM_CHECK_EXTENSION, c as c_ulong) }
} }
/// Checks if a particular `Cap` is available. /// Checks if a particular `Cap` is available.
@ -180,7 +180,7 @@ impl Kvm {
pub fn get_vcpu_mmap_size(&self) -> Result<usize> { pub fn get_vcpu_mmap_size(&self) -> Result<usize> {
// SAFETY: // SAFETY:
// Safe because we know that our file is a KVM fd and we verify the return result. // Safe because we know that our file is a KVM fd and we verify the return result.
let res = unsafe { ioctl(self, KVM_GET_VCPU_MMAP_SIZE()) }; let res = unsafe { ioctl(self, KVM_GET_VCPU_MMAP_SIZE) };
if res > 0 { if res > 0 {
Ok(res as usize) Ok(res as usize)
} else { } else {
@ -208,13 +208,13 @@ impl Kvm {
/// X86 specific call to get the system supported CPUID values /// X86 specific call to get the system supported CPUID values
#[cfg(target_arch = "x86_64")] #[cfg(target_arch = "x86_64")]
pub fn get_supported_cpuid(&self) -> Result<CpuId> { pub fn get_supported_cpuid(&self) -> Result<CpuId> {
self.get_cpuid(KVM_GET_SUPPORTED_CPUID()) self.get_cpuid(KVM_GET_SUPPORTED_CPUID)
} }
/// X86 specific call to get the system emulated CPUID values /// X86 specific call to get the system emulated CPUID values
#[cfg(target_arch = "x86_64")] #[cfg(target_arch = "x86_64")]
pub fn get_emulated_cpuid(&self) -> Result<CpuId> { pub fn get_emulated_cpuid(&self) -> Result<CpuId> {
self.get_cpuid(KVM_GET_EMULATED_CPUID()) self.get_cpuid(KVM_GET_EMULATED_CPUID)
} }
/// X86 specific call to get list of supported MSRS /// X86 specific call to get list of supported MSRS
@ -231,7 +231,7 @@ impl Kvm {
// ioctl is unsafe. The kernel is trusted not to write beyond the bounds of the memory // ioctl is unsafe. The kernel is trusted not to write beyond the bounds of the memory
// allocated for the struct. The limit is read from nmsrs, which is set to the allocated // allocated for the struct. The limit is read from nmsrs, which is set to the allocated
// size (MAX_KVM_MSR_ENTRIES) above. // size (MAX_KVM_MSR_ENTRIES) above.
let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_MSR_INDEX_LIST(), &mut msr_list[0]) }; let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_MSR_INDEX_LIST, &mut msr_list[0]) };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
} }
@ -266,8 +266,7 @@ impl Kvm {
pub fn get_vm_type(&self) -> c_ulong { pub fn get_vm_type(&self) -> c_ulong {
// SAFETY: // SAFETY:
// Safe because we know self is a real kvm fd // Safe because we know self is a real kvm fd
match unsafe { ioctl_with_val(self, KVM_CHECK_EXTENSION(), KVM_CAP_ARM_VM_IPA_SIZE.into()) } match unsafe { ioctl_with_val(self, KVM_CHECK_EXTENSION, KVM_CAP_ARM_VM_IPA_SIZE.into()) } {
{
// Not supported? Use 0 as the machine type, which implies 40bit IPA // Not supported? Use 0 as the machine type, which implies 40bit IPA
ret if ret < 0 => 0, ret if ret < 0 => 0,
// Use the lower 8 bits representing the IPA space as the machine type // Use the lower 8 bits representing the IPA space as the machine type
@ -351,7 +350,7 @@ impl Vm {
// SAFETY: // SAFETY:
// Safe because we know kvm is a real kvm fd as this module is the only one that can make // Safe because we know kvm is a real kvm fd as this module is the only one that can make
// Kvm objects. // Kvm objects.
let ret = unsafe { ioctl_with_val(kvm, KVM_CREATE_VM(), kvm.get_vm_type()) }; let ret = unsafe { ioctl_with_val(kvm, KVM_CREATE_VM, kvm.get_vm_type()) };
if ret >= 0 { if ret >= 0 {
// SAFETY: // SAFETY:
// Safe because we verify the value of ret and we are the owners of the fd. // Safe because we verify the value of ret and we are the owners of the fd.
@ -392,7 +391,7 @@ impl Vm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a KVM fd and that the extension is one of the ones // Safe because we know that our file is a KVM fd and that the extension is one of the ones
// defined by kernel. // defined by kernel.
unsafe { ioctl_with_val(self, KVM_CHECK_EXTENSION(), c as c_ulong) == 1 } unsafe { ioctl_with_val(self, KVM_CHECK_EXTENSION, c as c_ulong) == 1 }
} }
/// Inserts the given `mem` into the VM's address space at `guest_addr`. /// Inserts the given `mem` into the VM's address space at `guest_addr`.
@ -495,7 +494,7 @@ impl Vm {
// Safe because the `dirty_bitmap` pointer assigned above is guaranteed to be valid // Safe because the `dirty_bitmap` pointer assigned above is guaranteed to be valid
// (because it's from a slice) and we checked that it will be large enough to hold // (because it's from a slice) and we checked that it will be large enough to hold
// the entire log. // the entire log.
let ret = unsafe { ioctl_with_ref(self, KVM_GET_DIRTY_LOG(), &dirty_log_kvm) }; let ret = unsafe { ioctl_with_ref(self, KVM_GET_DIRTY_LOG, &dirty_log_kvm) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -521,7 +520,7 @@ impl Vm {
pub fn set_identity_map_addr(&self, addr: GuestAddress) -> Result<()> { pub fn set_identity_map_addr(&self, addr: GuestAddress) -> Result<()> {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd and we verify the return result. // Safe because we know that our file is a VM fd and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, KVM_SET_IDENTITY_MAP_ADDR(), &addr.offset()) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_IDENTITY_MAP_ADDR, &addr.offset()) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -539,7 +538,7 @@ impl Vm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only write // Safe because we know that our file is a VM fd, we know the kernel will only write
// correct amount of memory to our pointer, and we verify the return result. // correct amount of memory to our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_CLOCK(), &mut clock_data) }; let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_CLOCK, &mut clock_data) };
if ret == 0 { if ret == 0 {
Ok(clock_data) Ok(clock_data)
} else { } else {
@ -555,7 +554,7 @@ impl Vm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only read // Safe because we know that our file is a VM fd, we know the kernel will only read
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, KVM_SET_CLOCK(), clock_data) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_CLOCK, clock_data) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -570,7 +569,7 @@ impl Vm {
pub fn create_irq_chip(&self) -> Result<()> { pub fn create_irq_chip(&self) -> Result<()> {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd and we verify the return result. // Safe because we know that our file is a VM fd and we verify the return result.
let ret = unsafe { ioctl(self, KVM_CREATE_IRQCHIP()) }; let ret = unsafe { ioctl(self, KVM_CREATE_IRQCHIP) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -590,7 +589,7 @@ impl Vm {
// SAFETY: // SAFETY:
// Safe because we know our file is a VM fd, we know the kernel will only write // Safe because we know our file is a VM fd, we know the kernel will only write
// correct amount of memory to our pointer, and we verify the return result. // correct amount of memory to our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_IRQCHIP(), &mut irqchip_state) }; let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_IRQCHIP, &mut irqchip_state) };
if ret == 0 { if ret == 0 {
Ok( Ok(
// SAFETY: // SAFETY:
@ -616,7 +615,7 @@ impl Vm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only read // Safe because we know that our file is a VM fd, we know the kernel will only read
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, KVM_SET_IRQCHIP(), &irqchip_state) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_IRQCHIP, &irqchip_state) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -638,7 +637,7 @@ impl Vm {
// Safe because we know our file is a VM fd, we know the kernel will only write // Safe because we know our file is a VM fd, we know the kernel will only write
// correct amount of memory to our pointer, and we verify the return result. // correct amount of memory to our pointer, and we verify the return result.
unsafe { unsafe {
ioctl_with_mut_ref(self, KVM_GET_IRQCHIP(), &mut irqchip_state) ioctl_with_mut_ref(self, KVM_GET_IRQCHIP, &mut irqchip_state)
}; };
if ret == 0 { if ret == 0 {
Ok( Ok(
@ -665,7 +664,7 @@ impl Vm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only read // Safe because we know that our file is a VM fd, we know the kernel will only read
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, KVM_SET_IRQCHIP(), &irqchip_state) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_IRQCHIP, &irqchip_state) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -683,7 +682,7 @@ impl Vm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only read the // Safe because we know that our file is a VM fd, we know the kernel will only read the
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, KVM_IRQ_LINE(), &irq_level) }; let ret = unsafe { ioctl_with_ref(self, KVM_IRQ_LINE, &irq_level) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -700,7 +699,7 @@ impl Vm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only read the // Safe because we know that our file is a VM fd, we know the kernel will only read the
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, KVM_CREATE_PIT2(), &pit_config) }; let ret = unsafe { ioctl_with_ref(self, KVM_CREATE_PIT2, &pit_config) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -718,7 +717,7 @@ impl Vm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only write // Safe because we know that our file is a VM fd, we know the kernel will only write
// correct amount of memory to our pointer, and we verify the return result. // correct amount of memory to our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_PIT2(), &mut pit_state) }; let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_PIT2, &mut pit_state) };
if ret == 0 { if ret == 0 {
Ok(pit_state) Ok(pit_state)
} else { } else {
@ -734,7 +733,7 @@ impl Vm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only read // Safe because we know that our file is a VM fd, we know the kernel will only read
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, KVM_SET_PIT2(), pit_state) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_PIT2, pit_state) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -822,7 +821,7 @@ impl Vm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only read the // Safe because we know that our file is a VM fd, we know the kernel will only read the
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, KVM_IOEVENTFD(), &ioeventfd) }; let ret = unsafe { ioctl_with_ref(self, KVM_IOEVENTFD, &ioeventfd) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -849,7 +848,7 @@ impl Vm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only read the // Safe because we know that our file is a VM fd, we know the kernel will only read the
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, KVM_IRQFD(), &irqfd) }; let ret = unsafe { ioctl_with_ref(self, KVM_IRQFD, &irqfd) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -873,7 +872,7 @@ impl Vm {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VM fd, we know the kernel will only read the // Safe because we know that our file is a VM fd, we know the kernel will only read the
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, KVM_IRQFD(), &irqfd) }; let ret = unsafe { ioctl_with_ref(self, KVM_IRQFD, &irqfd) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -914,7 +913,7 @@ impl Vm {
// TODO(b/315998194): Add safety comment // TODO(b/315998194): Add safety comment
#[allow(clippy::undocumented_unsafe_blocks)] #[allow(clippy::undocumented_unsafe_blocks)]
let ret = unsafe { ioctl_with_ref(self, KVM_SET_GSI_ROUTING(), &irq_routing[0]) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_GSI_ROUTING, &irq_routing[0]) };
if ret == 0 { if ret == 0 {
Ok(()) Ok(())
} else { } else {
@ -930,7 +929,7 @@ impl Vm {
pub unsafe fn kvm_enable_cap(&self, cap: &kvm_enable_cap) -> Result<()> { pub unsafe fn kvm_enable_cap(&self, cap: &kvm_enable_cap) -> Result<()> {
// Safe because we allocated the struct and we know the kernel will read exactly the size of // Safe because we allocated the struct and we know the kernel will read exactly the size of
// the struct. // the struct.
let ret = ioctl_with_ref(self, KVM_ENABLE_CAP(), cap); let ret = ioctl_with_ref(self, KVM_ENABLE_CAP, cap);
if ret < 0 { if ret < 0 {
errno_result() errno_result()
} else { } else {
@ -1044,7 +1043,7 @@ impl Vcpu {
// SAFETY: // SAFETY:
// Safe because we know that vm a VM fd and we verify the return result. // Safe because we know that vm a VM fd and we verify the return result.
let vcpu_fd = unsafe { ioctl_with_val(vm, KVM_CREATE_VCPU(), id) }; let vcpu_fd = unsafe { ioctl_with_val(vm, KVM_CREATE_VCPU, id) };
if vcpu_fd < 0 { if vcpu_fd < 0 {
return errno_result(); return errno_result();
} }
@ -1201,7 +1200,7 @@ impl Vcpu {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VCPU fd, we know the kernel will only read the // Safe because we know that our file is a VCPU fd, we know the kernel will only read the
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_REGS(), &mut regs) }; let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_REGS, &mut regs) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -1214,7 +1213,7 @@ impl Vcpu {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VCPU fd, we know the kernel will only read the // Safe because we know that our file is a VCPU fd, we know the kernel will only read the
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, KVM_SET_REGS(), regs) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_REGS, regs) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -1229,7 +1228,7 @@ impl Vcpu {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VCPU fd, we know the kernel will only write the // Safe because we know that our file is a VCPU fd, we know the kernel will only write the
// correct amount of memory to our pointer, and we verify the return result. // correct amount of memory to our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_SREGS(), &mut regs) }; let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_SREGS, &mut regs) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -1242,7 +1241,7 @@ impl Vcpu {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VCPU fd, we know the kernel will only read the // Safe because we know that our file is a VCPU fd, we know the kernel will only read the
// correct amount of memory from our pointer, and we verify the return result. // correct amount of memory from our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_ref(self, KVM_SET_SREGS(), sregs) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_SREGS, sregs) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -1257,7 +1256,7 @@ impl Vcpu {
let mut regs = unsafe { std::mem::zeroed() }; let mut regs = unsafe { std::mem::zeroed() };
// SAFETY: // SAFETY:
// Safe because we know that our file is a VCPU fd, we know the kernel will only write the // Safe because we know that our file is a VCPU fd, we know the kernel will only write the
let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_FPU(), &mut regs) }; let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_FPU, &mut regs) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -1272,7 +1271,7 @@ impl Vcpu {
let ret = { let ret = {
// SAFETY: // SAFETY:
// Here we trust the kernel not to read past the end of the kvm_fpu struct. // Here we trust the kernel not to read past the end of the kvm_fpu struct.
unsafe { ioctl_with_ref(self, KVM_SET_FPU(), fpu) } unsafe { ioctl_with_ref(self, KVM_SET_FPU, fpu) }
}; };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
@ -1288,7 +1287,7 @@ impl Vcpu {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VCPU fd, we know the kernel will only write the // Safe because we know that our file is a VCPU fd, we know the kernel will only write the
// correct amount of memory to our pointer, and we verify the return result. // correct amount of memory to our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_DEBUGREGS(), &mut regs) }; let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_DEBUGREGS, &mut regs) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -1301,7 +1300,7 @@ impl Vcpu {
let ret = { let ret = {
// SAFETY: // SAFETY:
// Here we trust the kernel not to read past the end of the kvm_fpu struct. // Here we trust the kernel not to read past the end of the kvm_fpu struct.
unsafe { ioctl_with_ref(self, KVM_SET_DEBUGREGS(), dregs) } unsafe { ioctl_with_ref(self, KVM_SET_DEBUGREGS, dregs) }
}; };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
@ -1317,7 +1316,7 @@ impl Vcpu {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VCPU fd, we know the kernel will only write the // Safe because we know that our file is a VCPU fd, we know the kernel will only write the
// correct amount of memory to our pointer, and we verify the return result. // correct amount of memory to our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_XCRS(), &mut regs) }; let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_XCRS, &mut regs) };
if ret != 0 { if ret != 0 {
return errno_result(); return errno_result();
} }
@ -1330,7 +1329,7 @@ impl Vcpu {
let ret = { let ret = {
// SAFETY: // SAFETY:
// Here we trust the kernel not to read past the end of the kvm_xcrs struct. // Here we trust the kernel not to read past the end of the kvm_xcrs struct.
unsafe { ioctl_with_ref(self, KVM_SET_XCRS(), xcrs) } unsafe { ioctl_with_ref(self, KVM_SET_XCRS, xcrs) }
}; };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
@ -1357,7 +1356,7 @@ impl Vcpu {
let ret = { let ret = {
// SAFETY: // SAFETY:
// Here we trust the kernel not to read or write past the end of the kvm_msrs struct. // Here we trust the kernel not to read or write past the end of the kvm_msrs struct.
unsafe { ioctl_with_ref(self, KVM_GET_MSRS(), &msrs[0]) } unsafe { ioctl_with_ref(self, KVM_GET_MSRS, &msrs[0]) }
}; };
if ret < 0 { if ret < 0 {
// KVM_SET_MSRS actually returns the number of msr entries written. // KVM_SET_MSRS actually returns the number of msr entries written.
@ -1383,7 +1382,7 @@ impl Vcpu {
let ret = { let ret = {
// SAFETY: // SAFETY:
// Here we trust the kernel not to read past the end of the kvm_msrs struct. // Here we trust the kernel not to read past the end of the kvm_msrs struct.
unsafe { ioctl_with_ref(self, KVM_SET_MSRS(), msrs) } unsafe { ioctl_with_ref(self, KVM_SET_MSRS, msrs) }
}; };
if ret < 0 { if ret < 0 {
// KVM_SET_MSRS actually returns the number of msr entries written. // KVM_SET_MSRS actually returns the number of msr entries written.
@ -1400,7 +1399,7 @@ impl Vcpu {
let ret = { let ret = {
// SAFETY: // SAFETY:
// Here we trust the kernel not to read past the end of the kvm_msrs struct. // Here we trust the kernel not to read past the end of the kvm_msrs struct.
unsafe { ioctl_with_ptr(self, KVM_SET_CPUID2(), cpuid.as_ptr()) } unsafe { ioctl_with_ptr(self, KVM_SET_CPUID2, cpuid.as_ptr()) }
}; };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
@ -1419,7 +1418,7 @@ impl Vcpu {
// ioctl is unsafe. The kernel is trusted not to write beyond the bounds of the memory // ioctl is unsafe. The kernel is trusted not to write beyond the bounds of the memory
// allocated for the struct. The limit is read from nent, which is set to the allocated // allocated for the struct. The limit is read from nent, which is set to the allocated
// size(MAX_KVM_CPUID_ENTRIES) above. // size(MAX_KVM_CPUID_ENTRIES) above.
unsafe { ioctl_with_mut_ptr(self, KVM_GET_SUPPORTED_HV_CPUID(), cpuid.as_mut_ptr()) } unsafe { ioctl_with_mut_ptr(self, KVM_GET_SUPPORTED_HV_CPUID, cpuid.as_mut_ptr()) }
}; };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
@ -1439,7 +1438,7 @@ impl Vcpu {
// SAFETY: // SAFETY:
// The ioctl is unsafe unless you trust the kernel not to write past the end of the // The ioctl is unsafe unless you trust the kernel not to write past the end of the
// local_apic struct. // local_apic struct.
unsafe { ioctl_with_mut_ref(self, KVM_GET_LAPIC(), &mut klapic) } unsafe { ioctl_with_mut_ref(self, KVM_GET_LAPIC, &mut klapic) }
}; };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
@ -1456,7 +1455,7 @@ impl Vcpu {
let ret = { let ret = {
// SAFETY: // SAFETY:
// The ioctl is safe because the kernel will only read from the klapic struct. // The ioctl is safe because the kernel will only read from the klapic struct.
unsafe { ioctl_with_ref(self, KVM_SET_LAPIC(), klapic) } unsafe { ioctl_with_ref(self, KVM_SET_LAPIC, klapic) }
}; };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
@ -1478,7 +1477,7 @@ impl Vcpu {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VCPU fd, we know the kernel will only // Safe because we know that our file is a VCPU fd, we know the kernel will only
// write correct amount of memory to our pointer, and we verify the return result. // write correct amount of memory to our pointer, and we verify the return result.
let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_MP_STATE(), &mut state) }; let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_MP_STATE, &mut state) };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
} }
@ -1497,7 +1496,7 @@ impl Vcpu {
let ret = { let ret = {
// SAFETY: // SAFETY:
// The ioctl is safe because the kernel will only read from the kvm_mp_state struct. // The ioctl is safe because the kernel will only read from the kvm_mp_state struct.
unsafe { ioctl_with_ref(self, KVM_SET_MP_STATE(), state) } unsafe { ioctl_with_ref(self, KVM_SET_MP_STATE, state) }
}; };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
@ -1516,7 +1515,7 @@ impl Vcpu {
// Safe because we know that our file is a VCPU fd, we know the kernel // Safe because we know that our file is a VCPU fd, we know the kernel
// will only write correct amount of memory to our pointer, and we // will only write correct amount of memory to our pointer, and we
// verify the return result. // verify the return result.
let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_VCPU_EVENTS(), &mut events) }; let ret = unsafe { ioctl_with_mut_ref(self, KVM_GET_VCPU_EVENTS, &mut events) };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
} }
@ -1532,7 +1531,7 @@ impl Vcpu {
// SAFETY: // SAFETY:
// The ioctl is safe because the kernel will only read from the // The ioctl is safe because the kernel will only read from the
// kvm_vcpu_events. // kvm_vcpu_events.
unsafe { ioctl_with_ref(self, KVM_SET_VCPU_EVENTS(), events) } unsafe { ioctl_with_ref(self, KVM_SET_VCPU_EVENTS, events) }
}; };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
@ -1549,7 +1548,7 @@ impl Vcpu {
// SAFETY: // SAFETY:
// Safe because we allocated the struct and we know the kernel will read exactly the size of // Safe because we allocated the struct and we know the kernel will read exactly the size of
// the struct. // the struct.
let ret = ioctl_with_ref(self, KVM_ENABLE_CAP(), cap); let ret = ioctl_with_ref(self, KVM_ENABLE_CAP, cap);
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
} }
@ -1585,7 +1584,7 @@ impl Vcpu {
// SAFETY: // SAFETY:
// The ioctl is safe because the kernel will only read from the // The ioctl is safe because the kernel will only read from the
// kvm_signal_mask structure. // kvm_signal_mask structure.
unsafe { ioctl_with_ref(self, KVM_SET_SIGNAL_MASK(), &kvm_sigmask[0]) } unsafe { ioctl_with_ref(self, KVM_SET_SIGNAL_MASK, &kvm_sigmask[0]) }
}; };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
@ -1605,7 +1604,7 @@ impl Vcpu {
// SAFETY: // SAFETY:
// safe because we allocated the struct and we know the kernel will read // safe because we allocated the struct and we know the kernel will read
// exactly the size of the struct // exactly the size of the struct
let ret = unsafe { ioctl_with_ref(self, KVM_SET_ONE_REG(), &onereg) }; let ret = unsafe { ioctl_with_ref(self, KVM_SET_ONE_REG, &onereg) };
if ret < 0 { if ret < 0 {
return errno_result(); return errno_result();
} }
@ -1640,7 +1639,7 @@ impl RunnableVcpu {
pub fn run(&self) -> Result<VcpuExit> { pub fn run(&self) -> Result<VcpuExit> {
// SAFETY: // SAFETY:
// Safe because we know that our file is a VCPU fd and we verify the return result. // Safe because we know that our file is a VCPU fd and we verify the return result.
let ret = unsafe { ioctl(self, KVM_RUN()) }; let ret = unsafe { ioctl(self, KVM_RUN) };
if ret == 0 { if ret == 0 {
// SAFETY: // SAFETY:
// Safe because we know we mapped enough memory to hold the kvm_run struct because the // Safe because we know we mapped enough memory to hold the kvm_run struct because the

View file

@ -19,7 +19,7 @@ fn get_version() {
assert!(sys_fd >= 0); assert!(sys_fd >= 0);
// SAFETY: sys_fd is expected to be valid and return value is checked. // SAFETY: sys_fd is expected to be valid and return value is checked.
let ret = unsafe { ioctl(sys_fd, KVM_GET_API_VERSION(), 0) }; let ret = unsafe { ioctl(sys_fd, KVM_GET_API_VERSION, 0) };
assert_eq!(ret as u32, KVM_API_VERSION); assert_eq!(ret as u32, KVM_API_VERSION);
} }
@ -30,7 +30,7 @@ fn create_vm_fd() {
assert!(sys_fd >= 0); assert!(sys_fd >= 0);
// SAFETY: sys_fd is expected to be valid and return value is checked. // SAFETY: sys_fd is expected to be valid and return value is checked.
let vm_fd = unsafe { ioctl(sys_fd, KVM_CREATE_VM(), 0) }; let vm_fd = unsafe { ioctl(sys_fd, KVM_CREATE_VM, 0) };
assert!(vm_fd >= 0); assert!(vm_fd >= 0);
} }
@ -41,6 +41,6 @@ fn check_vm_extension() {
assert!(sys_fd >= 0); assert!(sys_fd >= 0);
// SAFETY: sys_fd is expected to be valid and return value is checked. // SAFETY: sys_fd is expected to be valid and return value is checked.
let has_user_memory = unsafe { ioctl(sys_fd, KVM_CHECK_EXTENSION(), KVM_CAP_USER_MEMORY) }; let has_user_memory = unsafe { ioctl(sys_fd, KVM_CHECK_EXTENSION, KVM_CAP_USER_MEMORY) };
assert_eq!(has_user_memory, 1); assert_eq!(has_user_memory, 1);
} }

View file

@ -62,7 +62,7 @@ impl Tap {
// Get the interface name since we will need it for some ioctls. // Get the interface name since we will need it for some ioctls.
let mut ifreq: net_sys::ifreq = Default::default(); let mut ifreq: net_sys::ifreq = Default::default();
let ret = ioctl_with_mut_ref(&tap_file, net_sys::TUNGETIFF(), &mut ifreq); let ret = ioctl_with_mut_ref(&tap_file, net_sys::TUNGETIFF, &mut ifreq);
if ret < 0 { if ret < 0 {
return Err(Error::IoctlError(SysError::last())); return Err(Error::IoctlError(SysError::last()));
@ -95,7 +95,7 @@ impl Tap {
// SAFETY: // SAFETY:
// ioctl is safe since we call it with a valid tap fd and check the return // ioctl is safe since we call it with a valid tap fd and check the return
// value. // value.
let ret = unsafe { ioctl_with_mut_ref(&tuntap, net_sys::TUNSETIFF(), ifreq) }; let ret = unsafe { ioctl_with_mut_ref(&tuntap, net_sys::TUNSETIFF, ifreq) };
if ret < 0 { if ret < 0 {
return Err(Error::CreateTap(SysError::last())); return Err(Error::CreateTap(SysError::last()));
@ -389,7 +389,7 @@ impl TapTCommon for Tap {
let ret = let ret =
// SAFETY: // SAFETY:
// ioctl is safe. Called with a valid tap descriptor, and we check the return. // ioctl is safe. Called with a valid tap descriptor, and we check the return.
unsafe { ioctl_with_val(&self.tap_file, net_sys::TUNSETOFFLOAD(), flags as c_ulong) }; unsafe { ioctl_with_val(&self.tap_file, net_sys::TUNSETOFFLOAD, flags as c_ulong) };
if ret < 0 { if ret < 0 {
return Err(Error::IoctlError(SysError::last())); return Err(Error::IoctlError(SysError::last()));
} }
@ -431,7 +431,7 @@ impl TapTLinux for Tap {
let size = size as c_int; let size = size as c_int;
// SAFETY: // SAFETY:
// ioctl is safe. Called with a valid tap descriptor, and we check the return. // ioctl is safe. Called with a valid tap descriptor, and we check the return.
let ret = unsafe { ioctl_with_ref(&self.tap_file, net_sys::TUNSETVNETHDRSZ(), &size) }; let ret = unsafe { ioctl_with_ref(&self.tap_file, net_sys::TUNSETVNETHDRSZ, &size) };
if ret < 0 { if ret < 0 {
return Err(Error::IoctlError(SysError::last())); return Err(Error::IoctlError(SysError::last()));
} }

View file

@ -195,7 +195,7 @@ impl Factory {
let res = unsafe { let res = unsafe {
ioctl_with_val( ioctl_with_val(
dev_file, dev_file,
USERFAULTFD_IOC_NEW(), USERFAULTFD_IOC_NEW,
(libc::O_CLOEXEC | libc::O_NONBLOCK) as libc::c_ulong, (libc::O_CLOEXEC | libc::O_NONBLOCK) as libc::c_ulong,
) )
}; };
@ -213,7 +213,7 @@ impl Factory {
}; };
// SAFETY: // SAFETY:
// Safe because ioctl(2) UFFDIO_API with does not change Rust memory safety. // Safe because ioctl(2) UFFDIO_API with does not change Rust memory safety.
let res = unsafe { ioctl_with_mut_ref(&uffd, UFFDIO_API(), &mut api) }; let res = unsafe { ioctl_with_mut_ref(&uffd, UFFDIO_API, &mut api) };
if res < 0 { if res < 0 {
errno_result().context("UFFDIO_API") errno_result().context("UFFDIO_API")
} else { } else {

View file

@ -276,7 +276,7 @@ impl Device {
// Safe because we control the lifetime of the URB via Arc::into_raw() and // Safe because we control the lifetime of the URB via Arc::into_raw() and
// Arc::from_raw() in poll_transfers(). // Arc::from_raw() in poll_transfers().
unsafe { unsafe {
self.ioctl_with_mut_ptr(usb_sys::USBDEVFS_SUBMITURB(), urb_ptr)?; self.ioctl_with_mut_ptr(usb_sys::USBDEVFS_SUBMITURB, urb_ptr)?;
} }
let weak_transfer = Arc::downgrade(&rc_transfer); let weak_transfer = Arc::downgrade(&rc_transfer);
@ -296,7 +296,7 @@ impl Device {
let result = let result =
// SAFETY: // SAFETY:
// Safe because we provide a valid urb_ptr to be filled by the kernel. // Safe because we provide a valid urb_ptr to be filled by the kernel.
unsafe { self.ioctl_with_mut_ref(usb_sys::USBDEVFS_REAPURBNDELAY(), &mut urb_ptr) }; unsafe { self.ioctl_with_mut_ref(usb_sys::USBDEVFS_REAPURBNDELAY, &mut urb_ptr) };
match result { match result {
// EAGAIN indicates no more completed transfers right now. // EAGAIN indicates no more completed transfers right now.
Err(Error::IoctlFailed(_nr, e)) if e.errno() == EAGAIN => break, Err(Error::IoctlFailed(_nr, e)) if e.errno() == EAGAIN => break,
@ -350,7 +350,7 @@ impl Device {
// SAFETY: // SAFETY:
// Safe because self.fd is a valid usbdevfs file descriptor. // Safe because self.fd is a valid usbdevfs file descriptor.
let result = unsafe { self.ioctl(usb_sys::USBDEVFS_RESET()) }; let result = unsafe { self.ioctl(usb_sys::USBDEVFS_RESET) };
if let Err(Error::IoctlFailed(_nr, errno_err)) = result { if let Err(Error::IoctlFailed(_nr, errno_err)) = result {
// The device may disappear after a reset if e.g. its firmware changed. // The device may disappear after a reset if e.g. its firmware changed.
@ -375,7 +375,7 @@ impl Device {
// Safe because self.fd is a valid usbdevfs file descriptor and we pass a valid // Safe because self.fd is a valid usbdevfs file descriptor and we pass a valid
// pointer to a usbdevs_disconnect_claim structure. // pointer to a usbdevs_disconnect_claim structure.
unsafe { unsafe {
self.ioctl_with_ref(usb_sys::USBDEVFS_DISCONNECT_CLAIM(), &disconnect_claim)?; self.ioctl_with_ref(usb_sys::USBDEVFS_DISCONNECT_CLAIM, &disconnect_claim)?;
} }
Ok(()) Ok(())
@ -388,7 +388,7 @@ impl Device {
// Safe because self.fd is a valid usbdevfs file descriptor and we pass a valid // Safe because self.fd is a valid usbdevfs file descriptor and we pass a valid
// pointer to unsigned int. // pointer to unsigned int.
unsafe { unsafe {
self.ioctl_with_ref(usb_sys::USBDEVFS_RELEASEINTERFACE(), &ifnum)?; self.ioctl_with_ref(usb_sys::USBDEVFS_RELEASEINTERFACE, &ifnum)?;
} }
Ok(()) Ok(())
@ -408,7 +408,7 @@ impl Device {
// Safe because self.fd is a valid usbdevfs file descriptor and we pass a valid // Safe because self.fd is a valid usbdevfs file descriptor and we pass a valid
// pointer to a usbdevfs_setinterface structure. // pointer to a usbdevfs_setinterface structure.
unsafe { unsafe {
self.ioctl_with_ref(usb_sys::USBDEVFS_SETINTERFACE(), &setinterface)?; self.ioctl_with_ref(usb_sys::USBDEVFS_SETINTERFACE, &setinterface)?;
} }
Ok(()) Ok(())
} }
@ -420,7 +420,7 @@ impl Device {
// Safe because self.fd is a valid usbdevfs file descriptor and we pass a valid // Safe because self.fd is a valid usbdevfs file descriptor and we pass a valid
// pointer to int. // pointer to int.
unsafe { unsafe {
self.ioctl_with_ref(usb_sys::USBDEVFS_SETCONFIGURATION(), &config)?; self.ioctl_with_ref(usb_sys::USBDEVFS_SETCONFIGURATION, &config)?;
} }
Ok(()) Ok(())
@ -487,7 +487,7 @@ impl Device {
// Safe because self.fd is a valid usbdevfs file descriptor and we pass a valid // Safe because self.fd is a valid usbdevfs file descriptor and we pass a valid
// pointer to a usbdevfs_ctrltransfer structure. // pointer to a usbdevfs_ctrltransfer structure.
unsafe { unsafe {
self.ioctl_with_ref(usb_sys::USBDEVFS_CONTROL(), &ctrl_transfer)?; self.ioctl_with_ref(usb_sys::USBDEVFS_CONTROL, &ctrl_transfer)?;
} }
Ok(active_config) Ok(active_config)
} }
@ -504,7 +504,7 @@ impl Device {
// Safe because self.fd is a valid usbdevfs file descriptor and we pass a valid // Safe because self.fd is a valid usbdevfs file descriptor and we pass a valid
// pointer to unsigned int. // pointer to unsigned int.
unsafe { unsafe {
self.ioctl_with_ref(usb_sys::USBDEVFS_CLEAR_HALT(), &endpoint)?; self.ioctl_with_ref(usb_sys::USBDEVFS_CLEAR_HALT, &endpoint)?;
} }
Ok(()) Ok(())
@ -513,7 +513,7 @@ impl Device {
/// Get speed of this device. /// Get speed of this device.
pub fn get_speed(&self) -> Result<Option<DeviceSpeed>> { pub fn get_speed(&self) -> Result<Option<DeviceSpeed>> {
// SAFETY: args are valid and the return value is checked // SAFETY: args are valid and the return value is checked
let speed = unsafe { self.ioctl(usb_sys::USBDEVFS_GET_SPEED()) }?; let speed = unsafe { self.ioctl(usb_sys::USBDEVFS_GET_SPEED) }?;
match speed { match speed {
1 => Ok(Some(DeviceSpeed::Low)), // Low Speed 1 => Ok(Some(DeviceSpeed::Low)), // Low Speed
2 => Ok(Some(DeviceSpeed::Full)), // Full Speed 2 => Ok(Some(DeviceSpeed::Full)), // Full Speed
@ -541,7 +541,7 @@ impl Device {
// Safe because self.fd is a valid usbdevfs file descriptor and we pass a valid // Safe because self.fd is a valid usbdevfs file descriptor and we pass a valid
// pointer to a usbdevfs_streams structure. // pointer to a usbdevfs_streams structure.
unsafe { unsafe {
self.ioctl_with_ref(usb_sys::USBDEVFS_ALLOC_STREAMS(), &streams[0])?; self.ioctl_with_ref(usb_sys::USBDEVFS_ALLOC_STREAMS, &streams[0])?;
} }
Ok(()) Ok(())
} }
@ -558,7 +558,7 @@ impl Device {
// Safe because self.fd is a valid usbdevfs file descriptor and we pass a valid // Safe because self.fd is a valid usbdevfs file descriptor and we pass a valid
// pointer to a usbdevfs_streams structure. // pointer to a usbdevfs_streams structure.
unsafe { unsafe {
self.ioctl_with_ref(usb_sys::USBDEVFS_FREE_STREAMS(), &streams[0])?; self.ioctl_with_ref(usb_sys::USBDEVFS_FREE_STREAMS, &streams[0])?;
} }
Ok(()) Ok(())
} }
@ -699,13 +699,13 @@ impl TransferHandle {
if unsafe { if unsafe {
handle_eintr_errno!(base::ioctl_with_mut_ptr( handle_eintr_errno!(base::ioctl_with_mut_ptr(
&*fd, &*fd,
usb_sys::USBDEVFS_DISCARDURB(), usb_sys::USBDEVFS_DISCARDURB,
urb_ptr urb_ptr
)) ))
} < 0 } < 0
{ {
return Err(Error::IoctlFailed( return Err(Error::IoctlFailed(
usb_sys::USBDEVFS_DISCARDURB(), usb_sys::USBDEVFS_DISCARDURB,
base::Error::last(), base::Error::last(),
)); ));
} }

View file

@ -82,7 +82,7 @@ pub trait Vhost: AsRawDescriptor + std::marker::Sized {
// SAFETY: // SAFETY:
// This ioctl is called on a valid vhost_net descriptor and has its // This ioctl is called on a valid vhost_net descriptor and has its
// return value checked. // return value checked.
let ret = unsafe { ioctl(self, virtio_sys::VHOST_SET_OWNER()) }; let ret = unsafe { ioctl(self, virtio_sys::VHOST_SET_OWNER) };
if ret < 0 { if ret < 0 {
return ioctl_result(); return ioctl_result();
} }
@ -95,7 +95,7 @@ pub trait Vhost: AsRawDescriptor + std::marker::Sized {
// SAFETY: // SAFETY:
// This ioctl is called on a valid vhost fd and has its // This ioctl is called on a valid vhost fd and has its
// return value checked. // return value checked.
let ret = unsafe { ioctl(self, virtio_sys::VHOST_RESET_OWNER()) }; let ret = unsafe { ioctl(self, virtio_sys::VHOST_RESET_OWNER) };
if ret < 0 { if ret < 0 {
return ioctl_result(); return ioctl_result();
} }
@ -109,7 +109,7 @@ pub trait Vhost: AsRawDescriptor + std::marker::Sized {
// This ioctl is called on a valid vhost_net descriptor and has its // This ioctl is called on a valid vhost_net descriptor and has its
// return value checked. // return value checked.
let ret = unsafe { let ret = unsafe {
ioctl_with_mut_ref(self, virtio_sys::VHOST_GET_FEATURES(), &mut avail_features) ioctl_with_mut_ref(self, virtio_sys::VHOST_GET_FEATURES, &mut avail_features)
}; };
if ret < 0 { if ret < 0 {
return ioctl_result(); return ioctl_result();
@ -126,7 +126,7 @@ pub trait Vhost: AsRawDescriptor + std::marker::Sized {
// SAFETY: // SAFETY:
// This ioctl is called on a valid vhost_net descriptor and has its // This ioctl is called on a valid vhost_net descriptor and has its
// return value checked. // return value checked.
let ret = unsafe { ioctl_with_ref(self, virtio_sys::VHOST_SET_FEATURES(), &features) }; let ret = unsafe { ioctl_with_ref(self, virtio_sys::VHOST_SET_FEATURES, &features) };
if ret < 0 { if ret < 0 {
return ioctl_result(); return ioctl_result();
} }
@ -171,7 +171,7 @@ pub trait Vhost: AsRawDescriptor + std::marker::Sized {
// This ioctl is called with a pointer that is valid for the lifetime // This ioctl is called with a pointer that is valid for the lifetime
// of this function. The kernel will make its own copy of the memory // of this function. The kernel will make its own copy of the memory
// tables. As always, check the return value. // tables. As always, check the return value.
let ret = unsafe { ioctl_with_ptr(self, virtio_sys::VHOST_SET_MEM_TABLE(), vhost_memory) }; let ret = unsafe { ioctl_with_ptr(self, virtio_sys::VHOST_SET_MEM_TABLE, vhost_memory) };
if ret < 0 { if ret < 0 {
return ioctl_result(); return ioctl_result();
} }
@ -195,7 +195,7 @@ pub trait Vhost: AsRawDescriptor + std::marker::Sized {
// SAFETY: // SAFETY:
// This ioctl is called on a valid vhost_net descriptor and has its // This ioctl is called on a valid vhost_net descriptor and has its
// return value checked. // return value checked.
let ret = unsafe { ioctl_with_ref(self, virtio_sys::VHOST_SET_VRING_NUM(), &vring_state) }; let ret = unsafe { ioctl_with_ref(self, virtio_sys::VHOST_SET_VRING_NUM, &vring_state) };
if ret < 0 { if ret < 0 {
return ioctl_result(); return ioctl_result();
} }
@ -300,7 +300,7 @@ pub trait Vhost: AsRawDescriptor + std::marker::Sized {
// SAFETY: // SAFETY:
// This ioctl is called on a valid vhost_net descriptor and has its // This ioctl is called on a valid vhost_net descriptor and has its
// return value checked. // return value checked.
let ret = unsafe { ioctl_with_ref(self, virtio_sys::VHOST_SET_VRING_ADDR(), &vring_addr) }; let ret = unsafe { ioctl_with_ref(self, virtio_sys::VHOST_SET_VRING_ADDR, &vring_addr) };
if ret < 0 { if ret < 0 {
return ioctl_result(); return ioctl_result();
} }
@ -321,7 +321,7 @@ pub trait Vhost: AsRawDescriptor + std::marker::Sized {
// SAFETY: // SAFETY:
// This ioctl is called on a valid vhost_net descriptor and has its // This ioctl is called on a valid vhost_net descriptor and has its
// return value checked. // return value checked.
let ret = unsafe { ioctl_with_ref(self, virtio_sys::VHOST_SET_VRING_BASE(), &vring_state) }; let ret = unsafe { ioctl_with_ref(self, virtio_sys::VHOST_SET_VRING_BASE, &vring_state) };
if ret < 0 { if ret < 0 {
return ioctl_result(); return ioctl_result();
} }
@ -340,9 +340,8 @@ pub trait Vhost: AsRawDescriptor + std::marker::Sized {
// SAFETY: // SAFETY:
// Safe because this will only modify `vring_state` and we check the return value. // Safe because this will only modify `vring_state` and we check the return value.
let ret = unsafe { let ret =
ioctl_with_mut_ref(self, virtio_sys::VHOST_GET_VRING_BASE(), &mut vring_state) unsafe { ioctl_with_mut_ref(self, virtio_sys::VHOST_GET_VRING_BASE, &mut vring_state) };
};
if ret < 0 { if ret < 0 {
return ioctl_result(); return ioctl_result();
} }
@ -364,7 +363,7 @@ pub trait Vhost: AsRawDescriptor + std::marker::Sized {
// SAFETY: // SAFETY:
// This ioctl is called on a valid vhost_net descriptor and has its // This ioctl is called on a valid vhost_net descriptor and has its
// return value checked. // return value checked.
let ret = unsafe { ioctl_with_ref(self, virtio_sys::VHOST_SET_VRING_CALL(), &vring_file) }; let ret = unsafe { ioctl_with_ref(self, virtio_sys::VHOST_SET_VRING_CALL, &vring_file) };
if ret < 0 { if ret < 0 {
return ioctl_result(); return ioctl_result();
} }
@ -385,7 +384,7 @@ pub trait Vhost: AsRawDescriptor + std::marker::Sized {
// SAFETY: // SAFETY:
// This ioctl is called on a valid vhost_net fd and has its // This ioctl is called on a valid vhost_net fd and has its
// return value checked. // return value checked.
let ret = unsafe { ioctl_with_ref(self, virtio_sys::VHOST_SET_VRING_ERR(), &vring_file) }; let ret = unsafe { ioctl_with_ref(self, virtio_sys::VHOST_SET_VRING_ERR, &vring_file) };
if ret < 0 { if ret < 0 {
return ioctl_result(); return ioctl_result();
} }
@ -407,7 +406,7 @@ pub trait Vhost: AsRawDescriptor + std::marker::Sized {
// SAFETY: // SAFETY:
// This ioctl is called on a valid vhost_net descriptor and has its // This ioctl is called on a valid vhost_net descriptor and has its
// return value checked. // return value checked.
let ret = unsafe { ioctl_with_ref(self, virtio_sys::VHOST_SET_VRING_KICK(), &vring_file) }; let ret = unsafe { ioctl_with_ref(self, virtio_sys::VHOST_SET_VRING_KICK, &vring_file) };
if ret < 0 { if ret < 0 {
return ioctl_result(); return ioctl_result();
} }

View file

@ -74,7 +74,7 @@ where
let ret = unsafe { let ret = unsafe {
ioctl_with_ref( ioctl_with_ref(
&self.descriptor, &self.descriptor,
virtio_sys::VHOST_NET_SET_BACKEND(), virtio_sys::VHOST_NET_SET_BACKEND,
&vring_file, &vring_file,
) )
}; };

View file

@ -35,7 +35,7 @@ impl Vsock {
/// * `cid` - CID to assign to the guest /// * `cid` - CID to assign to the guest
pub fn set_cid(&self, cid: u64) -> Result<()> { pub fn set_cid(&self, cid: u64) -> Result<()> {
// SAFETY: Safe because descriptor is valid and the return value is checked. // SAFETY: Safe because descriptor is valid and the return value is checked.
let ret = unsafe { ioctl_with_ref(&self.descriptor, VHOST_VSOCK_SET_GUEST_CID(), &cid) }; let ret = unsafe { ioctl_with_ref(&self.descriptor, VHOST_VSOCK_SET_GUEST_CID, &cid) };
if ret < 0 { if ret < 0 {
return ioctl_result(); return ioctl_result();
} }
@ -55,7 +55,7 @@ impl Vsock {
fn set_running(&self, running: bool) -> Result<()> { fn set_running(&self, running: bool) -> Result<()> {
let on = ::std::os::raw::c_int::from(running); let on = ::std::os::raw::c_int::from(running);
// SAFETY: Safe because descriptor is valid and the return value is checked. // SAFETY: Safe because descriptor is valid and the return value is checked.
let ret = unsafe { ioctl_with_ref(&self.descriptor, VHOST_VSOCK_SET_RUNNING(), &on) }; let ret = unsafe { ioctl_with_ref(&self.descriptor, VHOST_VSOCK_SET_RUNNING, &on) };
if ret < 0 { if ret < 0 {
return ioctl_result(); return ioctl_result();

View file

@ -118,7 +118,7 @@ impl UdmabufDriverTrait for UnixUdmabufDriver {
let fd = unsafe { let fd = unsafe {
let create_list = list.as_mut_ptr(); let create_list = list.as_mut_ptr();
(*create_list).flags = UDMABUF_FLAGS_CLOEXEC; (*create_list).flags = UDMABUF_FLAGS_CLOEXEC;
ioctl_with_ptr(&self.driver_fd, UDMABUF_CREATE_LIST(), create_list) ioctl_with_ptr(&self.driver_fd, UDMABUF_CREATE_LIST, create_list)
}; };
if fd < 0 { if fd < 0 {