This depends on the `assertions` crate added in CL:1366819.
`const_assert!(boolean expression)` is a compile-time assertion that
fails to compile if the expression is false.
TEST=`cargo check` each of the modified crates
Change-Id: I559884baf2275b1b506619693cd100a4ffc8adcd
Reviewed-on: https://chromium-review.googlesource.com/1368364
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Because the alignment of the data passed into from_slice is not checked,
it is very easy to pass in unaligned data that will get dereferenced at
a later point in the code. On ARM, this will lead to a SIGBUS.
This change adds an alignment check to prevent getting a signal.
Instead, the caller will get `None`.
BUG=chromium:900962
TEST=cargo test -p data_model
Change-Id: I7a0f835f7d0ffd8c3d44bbcd80a790027f652bc9
Reviewed-on: https://chromium-review.googlesource.com/1343989
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Hopefully the changes are self-explanatory and uncontroversial. This
eliminates much of the noise from `cargo clippy` and, for my purposes,
gives me a reasonable way to use it as a tool when writing and reviewing
code.
Here is the Clippy invocation I was using:
cargo +nightly clippy -- -W clippy::correctness -A renamed_and_removed_lints -Aclippy::{blacklisted_name,borrowed_box,cast_lossless,cast_ptr_alignment,enum_variant_names,identity_op,if_same_then_else,mut_from_ref,needless_pass_by_value,new_without_default,new_without_default_derive,or_fun_call,ptr_arg,should_implement_trait,single_match,too_many_arguments,trivially_copy_pass_by_ref,unreadable_literal,unsafe_vector_initialization,useless_transmute}
TEST=cargo check --features wl-dmabuf,gpu,usb-emulation
TEST=boot linux
Change-Id: I55eb1b4a72beb2f762480e3333a921909314a0a2
Reviewed-on: https://chromium-review.googlesource.com/1356911
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Now that cargo fmt has landed, run it over everything at once to bring
rust source to the standard formatting.
TEST=cargo test
BUG=None
Change-Id: Ic95a48725e5a40dcbd33ba6d5aef2bd01e91865b
Reviewed-on: https://chromium-review.googlesource.com/1259287
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
VolatileMemory::size() now returns a u64, fix the doctest so it
compares the returned value with a u64.
BUG=none
TEST=cargo test --all -- --test-threads=1
Change-Id: If1ae94d83bfc1f2f995fd71bfdede324c162ab4e
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/902777
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Sonny Rao <sonnyrao@chromium.org>
We want to be able to run 64-bit ARM kernels using a 32-bit version of
crosvm, to make it more consistent use a u64 to represent
GuestAddress.
BUG=chromium:797868
TEST=./build_test passes on all architectures
TEST=crosvm runs on caroline
Change-Id: I43bf993592caf46891e3e5e05258ab70b6bf3045
Signed-off-by: Sonny Rao <sonnyrao@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/896398
Reviewed-by: Dylan Reid <dgreid@chromium.org>
These functions are very useful C-style type casting of byte buffers to
structs in a safe manner for types that implement DataInit.
BUG=None
TEST=None
Change-Id: I4c8e1b9f7f13da5a39b65f224b65f09f31d56f1c
Reviewed-on: https://chromium-review.googlesource.com/869354
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
These copy functions are functionally similar to read_from and write_to,
but have stronger guarantees because they are copying to/from concrete
slices. In particular, the volatile access pattern is specified and the
copy operation never returns an error.
TEST=cargo test
BUG=chromium:738638
Change-Id: Ie10152e10bc8a36058f5d5001ff392ff8975ee36
Reviewed-on: https://chromium-review.googlesource.com/599043
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This CL adds VM request capabilities to the control socket. These
requests include the basic exit as well as the essential ioeventfd and
irqfd requests. For virtio wayland, the register/unregister device
memory request was added.
TEST=cargo test
BUG=chromium:738638
Change-Id: I0cbf62d85a299cf454bcf6924a4e1d52d5b7183f
Reviewed-on: https://chromium-review.googlesource.com/602593
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This includes both VolatileRef, for accessing DataInit, and
VolatileSlice, for accessing bulk raw memory.
BUG=None
TEST=cargo test
Change-Id: I356c7e6f05361fa711dc91555f68e4323667884a
Reviewed-on: https://chromium-review.googlesource.com/547050
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
These types are just like normal unsigned primitives, except their
endian is explicit.
TEST=cargo test
BUG=None
Change-Id: I3d0a7f7ccbf276e2cfdb34310f173df193c70c79
Reviewed-on: https://chromium-review.googlesource.com/544692
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
The data_model crate is created to hold the DataInit trait. Types
implementing this unsafe trait must guarantee that the type can be
initialized with random data and the resulting object will be valid.
Change-Id: Id6314d114805ec502adabe50a8bd6aa42fdb2c52
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/541681
Reviewed-by: Zach Reizner <zachr@chromium.org>
