rust: CStr overhaul

`CStr` is overhauled to make using it more similar to use a `str`.
`c_str` macro can now check if the literal supplied have any internal
NUL (which would violate CStr contract).

Signed-off-by: Gary Guo <[email protected]>

Author: nbdd0121

drivers/android/rust_binder.rs

@@ -10,7 +10,7 @@
 use alloc::{boxed::Box, sync::Arc};
 use core::pin::Pin;
 use kernel::{
-    cstr,
+    c_str,
     io_buffer::IoBufferWriter,
     linked_list::{GetLinks, GetLinksWrapped, Links},
     miscdev::Registration,
@@ -119,7 +119,7 @@ impl KernelModule for BinderModule {
         let pinned_ctx = Context::new()?;
         let ctx = unsafe { Pin::into_inner_unchecked(pinned_ctx) };
         let reg = Registration::<Arc<Context>>::new_pinned::<process::Process>(
-            cstr!("rust_binder"),
+            c_str!("rust_binder"),
             None,
             ctx,
         )?;

rust/Makefile

@@ -3,7 +3,7 @@
 obj-$(CONFIG_RUST) += core.o compiler_builtins.o helpers.o
 extra-$(CONFIG_RUST) += exports_core_generated.h
 
-extra-$(CONFIG_RUST) += libmodule.so
+extra-$(CONFIG_RUST) += libmodule.so libc_str_check.so
 
 extra-$(CONFIG_RUST) += bindings_generated.rs
 obj-$(CONFIG_RUST) += alloc.o kernel.o
@@ -33,9 +33,11 @@ rustdoc-compiler_builtins: $(srctree)/rust/compiler_builtins.rs FORCE
 
 rustdoc-kernel: private rustdoc_target_flags = --extern alloc \
     --extern link_time_panic \
-    --extern module=$(objtree)/rust/libmodule.so
+    --extern module=$(objtree)/rust/libmodule.so \
+    --extern c_str_check=$(objtree)/rust/libc_str_check.so
 rustdoc-kernel: $(srctree)/rust/kernel/lib.rs rustdoc-module \
-    $(objtree)/rust/libmodule.so $(objtree)/rust/bindings_generated.rs FORCE
+    $(objtree)/rust/libmodule.so $(objtree)/rust/libc_str_check.so \
+    $(objtree)/rust/bindings_generated.rs FORCE
 	$(call if_changed,rustdoc)
 
 ifdef CONFIG_CC_IS_CLANG
@@ -130,6 +132,11 @@ $(objtree)/rust/libmodule.so: $(srctree)/rust/module.rs \
     $(objtree)/rust/libparse.rlib FORCE
 	$(call if_changed_dep,rustc_procmacro)
 
+$(objtree)/rust/libc_str_check.so: private rustc_target_flags = --extern parse
+$(objtree)/rust/libc_str_check.so: $(srctree)/rust/c_str_check.rs \
+    $(objtree)/rust/libparse.rlib FORCE
+	$(call if_changed_dep,rustc_procmacro)
+
 quiet_cmd_rustc_library = $(if $(skip_clippy),RUSTC,$(RUSTC_OR_CLIPPY_QUIET)) L $@
       cmd_rustc_library = \
 	RUST_BINDINGS_FILE=$(abspath $(objtree)/rust/bindings_generated.rs) \
@@ -172,8 +179,10 @@ $(objtree)/rust/link_time_panic.o: $(srctree)/rust/link_time_panic.rs \
 # ICE on `--extern module`: https://github.com/rust-lang/rust/issues/56935
 $(objtree)/rust/kernel.o: private rustc_target_flags = --extern alloc \
     --extern link_time_panic \
-    --extern module=$(objtree)/rust/libmodule.so
+    --extern module=$(objtree)/rust/libmodule.so \
+    --extern c_str_check=$(objtree)/rust/libc_str_check.so
 $(objtree)/rust/kernel.o: $(srctree)/rust/kernel/lib.rs $(objtree)/rust/alloc.o \
     $(objtree)/rust/link_time_panic.o \
-    $(objtree)/rust/libmodule.so $(objtree)/rust/bindings_generated.rs FORCE
+    $(objtree)/rust/libmodule.so $(objtree)/rust/libc_str_check.so \
+    $(objtree)/rust/bindings_generated.rs FORCE
 	$(call if_changed_dep,rustc_library)

rust/c_str_check.rs

@@ -0,0 +1,70 @@
+// SPDX-License-Identifier: GPL-2.0
+
+//! Proc macro crate implementing the [`c_str!`] macro.
+
+use proc_macro::{token_stream, Delimiter, Literal, TokenStream, TokenTree};
+
+fn try_literal(it: &mut token_stream::IntoIter) -> Option<Literal> {
+    if let Some(TokenTree::Literal(literal)) = it.next() {
+        Some(literal)
+    } else {
+        None
+    }
+}
+
+fn try_any_string(it: &mut token_stream::IntoIter) -> Option<Vec<u8>> {
+    let lit = try_literal(it)?.to_string();
+    let (content, suffix) = match parse::byte(&lit, 0) {
+        b'"' | b'r' => {
+            let (content, suffix) = parse::parse_lit_str(&lit);
+            Some((content.into_string().into_bytes(), suffix))
+        }
+        b'b' => match parse::byte(&lit, 1) {
+            b'"' | b'r' => Some(parse::parse_lit_byte_str(&lit)),
+            _ => None,
+        },
+        _ => None,
+    }?;
+    if !suffix.is_empty() {
+        return None;
+    }
+    Some(content)
+}
+
+fn expect_any_string(it: &mut token_stream::IntoIter) -> Vec<u8> {
+    try_any_string(it).expect("Expected string or byte string")
+}
+
+fn expect_end(it: &mut token_stream::IntoIter) {
+    if it.next().is_some() {
+        panic!("Expected end");
+    }
+}
+
+// If the literal is passed along from a macro, Rust will create a implicitly
+// delimited group. We need to extract the token inside.
+fn unwrap_implicit_delim(ts: TokenTree) -> TokenStream {
+    match ts {
+        TokenTree::Group(group) if group.delimiter() == Delimiter::None => group.stream(),
+        _ => ts.into(),
+    }
+}
+
+#[proc_macro]
+pub fn append_nul(ts: TokenStream) -> TokenStream {
+    let mut it = ts.into_iter();
+    let mut content = {
+        let mut it = unwrap_implicit_delim(it.next().expect("Unexpected end")).into_iter();
+        let content = expect_any_string(&mut it);
+        expect_end(&mut it);
+        content
+    };
+    expect_end(&mut it);
+
+    if content.contains(&0) {
+        panic!("String contains interior NUL bytes");
+    }
+
+    content.push(0);
+    TokenTree::Literal(Literal::byte_string(&content)).into()
+}

rust/kernel/chrdev.rs

@@ -15,7 +15,6 @@ use core::mem::MaybeUninit;
 use core::pin::Pin;
 
 use crate::bindings;
-use crate::c_types;
 use crate::error::{Error, KernelResult};
 use crate::file_operations;
 use crate::types::CStr;
@@ -31,7 +30,7 @@ struct RegistrationInner<const N: usize> {
 ///
 /// May contain up to a fixed number (`N`) of devices. Must be pinned.
 pub struct Registration<const N: usize> {
-    name: CStr<'static>,
+    name: &'static CStr,
     minors_start: u16,
     this_module: &'static crate::ThisModule,
     inner: Option<RegistrationInner<N>>,
@@ -48,7 +47,7 @@ impl<const N: usize> Registration<{ N }> {
     /// are going to pin the registration right away, call
     /// [`Self::new_pinned()`] instead.
     pub fn new(
-        name: CStr<'static>,
+        name: &'static CStr,
         minors_start: u16,
         this_module: &'static crate::ThisModule,
     ) -> Self {
@@ -64,7 +63,7 @@ impl<const N: usize> Registration<{ N }> {
     ///
     /// This does *not* register the device: see [`Self::register()`].
     pub fn new_pinned(
-        name: CStr<'static>,
+        name: &'static CStr,
         minors_start: u16,
         this_module: &'static crate::ThisModule,
     ) -> KernelResult<Pin<Box<Self>>> {
@@ -90,7 +89,7 @@ impl<const N: usize> Registration<{ N }> {
                     &mut dev,
                     this.minors_start.into(),
                     N.try_into()?,
-                    this.name.as_ptr() as *const c_types::c_char,
+                    this.name.as_ptr(),
                 )
             };
             if res != 0 {

rust/kernel/lib.rs

@@ -19,6 +19,7 @@
     const_fn,
     const_mut_refs,
     const_panic,
+    const_raw_ptr_deref,
     try_reserve
 )]
 #![deny(clippy::complexity)]
@@ -65,6 +66,9 @@ pub mod iov_iter;
 mod types;
 pub mod user_ptr;
 
+#[doc(hidden)]
+pub use c_str_check;
+
 pub use crate::error::{Error, KernelResult};
 pub use crate::types::{CStr, Mode};
 

rust/kernel/miscdev.rs

@@ -8,7 +8,7 @@
 
 use crate::error::{Error, KernelResult};
 use crate::file_operations::{FileOpenAdapter, FileOpener, FileOperationsVtable};
-use crate::{bindings, c_types, CStr};
+use crate::{bindings, CStr};
 use alloc::boxed::Box;
 use core::marker::PhantomPinned;
 use core::pin::Pin;
@@ -41,7 +41,7 @@ impl<T: Sync> Registration<T> {
     ///
     /// Returns a pinned heap-allocated representation of the registration.
     pub fn new_pinned<F: FileOpener<T>>(
-        name: CStr<'static>,
+        name: &'static CStr,
         minor: Option<i32>,
         context: T,
     ) -> KernelResult<Pin<Box<Self>>> {
@@ -56,7 +56,7 @@ impl<T: Sync> Registration<T> {
     /// self-referential. If a minor is not given, the kernel allocates a new one if possible.
     pub fn register<F: FileOpener<T>>(
         self: Pin<&mut Self>,
-        name: CStr<'static>,
+        name: &'static CStr,
         minor: Option<i32>,
     ) -> KernelResult {
         // SAFETY: We must ensure that we never move out of `this`.
@@ -68,7 +68,7 @@ impl<T: Sync> Registration<T> {
 
         // SAFETY: The adapter is compatible with `misc_register`.
         this.mdev.fops = unsafe { FileOperationsVtable::<Self, F>::build() };
-        this.mdev.name = name.as_ptr() as *const c_types::c_char;
+        this.mdev.name = name.as_ptr();
         this.mdev.minor = minor.unwrap_or(bindings::MISC_DYNAMIC_MINOR as i32);
 
         let ret = unsafe { bindings::misc_register(&mut this.mdev) };

rust/kernel/sync/condvar.rs

@@ -130,7 +130,7 @@ impl CondVar {
 }
 
 impl NeedsLockClass for CondVar {
-    unsafe fn init(self: Pin<&Self>, name: CStr<'static>, key: *mut bindings::lock_class_key) {
-        bindings::__init_waitqueue_head(self.wait_list.get(), name.as_ptr() as _, key);
+    unsafe fn init(self: Pin<&Self>, name: &'static CStr, key: *mut bindings::lock_class_key) {
+        bindings::__init_waitqueue_head(self.wait_list.get(), name.as_ptr(), key);
     }
 }

rust/kernel/sync/mod.rs

@@ -51,7 +51,7 @@ macro_rules! init_with_lockdep {
         // SAFETY: `CLASS` is never used by Rust code directly; the kernel may change it though.
         #[allow(unused_unsafe)]
         unsafe {
-            $crate::sync::NeedsLockClass::init($obj, $crate::cstr!($name), CLASS.as_mut_ptr())
+            $crate::sync::NeedsLockClass::init($obj, $crate::c_str!($name), CLASS.as_mut_ptr())
         };
     }};
 }
@@ -69,7 +69,7 @@ pub trait NeedsLockClass {
     /// # Safety
     ///
     /// `key` must point to a valid memory location as it will be used by the kernel.
-    unsafe fn init(self: Pin<&Self>, name: CStr<'static>, key: *mut bindings::lock_class_key);
+    unsafe fn init(self: Pin<&Self>, name: &'static CStr, key: *mut bindings::lock_class_key);
 }
 
 /// Determines if a signal is pending on the current process.

rust/kernel/sync/mutex.rs

@@ -71,8 +71,8 @@ impl<T: ?Sized> Mutex<T> {
 }
 
 impl<T: ?Sized> NeedsLockClass for Mutex<T> {
-    unsafe fn init(self: Pin<&Self>, name: CStr<'static>, key: *mut bindings::lock_class_key) {
-        bindings::__mutex_init(self.mutex.get(), name.as_ptr() as _, key);
+    unsafe fn init(self: Pin<&Self>, name: &'static CStr, key: *mut bindings::lock_class_key) {
+        bindings::__mutex_init(self.mutex.get(), name.as_ptr(), key);
     }
 }
 

rust/kernel/sync/spinlock.rs

@@ -85,8 +85,8 @@ impl<T: ?Sized> SpinLock<T> {
 }
 
 impl<T: ?Sized> NeedsLockClass for SpinLock<T> {
-    unsafe fn init(self: Pin<&Self>, name: CStr<'static>, key: *mut bindings::lock_class_key) {
-        rust_helper_spin_lock_init(self.spin_lock.get(), name.as_ptr() as _, key);
+    unsafe fn init(self: Pin<&Self>, name: &'static CStr, key: *mut bindings::lock_class_key) {
+        rust_helper_spin_lock_init(self.spin_lock.get(), name.as_ptr(), key);
     }
 }
 

rust/kernel/sysctl.rs

@@ -16,6 +16,7 @@ use crate::{
     bindings, c_types, error,
     io_buffer::IoBufferWriter,
     types,
+    types::CStr,
     user_ptr::{UserSlicePtr, UserSlicePtrWriter},
 };
 
@@ -130,19 +131,19 @@ unsafe extern "C" fn proc_handler<T: SysctlStorage>(
 impl<T: SysctlStorage> Sysctl<T> {
     /// Registers a single entry in `sysctl`.
     pub fn register(
-        path: types::CStr<'static>,
-        name: types::CStr<'static>,
+        path: &'static CStr,
+        name: &'static CStr,
         storage: T,
         mode: types::Mode,
     ) -> error::KernelResult<Sysctl<T>> {
-        if name.contains('/') {
+        if name.as_bytes().contains(&b'/') {
             return Err(error::Error::EINVAL);
         }
 
         let storage = Box::try_new(storage)?;
         let mut table = vec![
             bindings::ctl_table {
-                procname: name.as_ptr() as *const i8,
+                procname: name.as_ptr(),
                 mode: mode.as_int(),
                 data: &*storage as *const T as *mut c_types::c_void,
                 proc_handler: Some(proc_handler::<T>),
@@ -157,8 +158,7 @@ impl<T: SysctlStorage> Sysctl<T> {
         ]
         .into_boxed_slice();
 
-        let result =
-            unsafe { bindings::register_sysctl(path.as_ptr() as *const i8, table.as_mut_ptr()) };
+        let result = unsafe { bindings::register_sysctl(path.as_ptr(), table.as_mut_ptr()) };
         if result.is_null() {
             return Err(error::Error::ENOMEM);
         }