Merge pull request #1148 from stlankes/expose

chore: upgrade to nightly-2024-04-15

rust-toolchain.toml

@@ -1,5 +1,5 @@
 [toolchain]
-channel = "nightly-2024-03-15"
+channel = "nightly-2024-04-15"
 components = [
     "llvm-tools",
     "rust-src",

src/arch/aarch64/kernel/interrupts.rs

@@ -232,7 +232,7 @@ pub(crate) fn init() {
 	info!("Intialize generic interrupt controller");
 
 	let dtb = unsafe {
-		Dtb::from_raw(ptr::from_exposed_addr(
+		Dtb::from_raw(ptr::with_exposed_provenance(
 			boot_info().hardware_info.device_tree.unwrap().get() as usize,
 		))
 		.expect(".dtb file has invalid header")

src/arch/aarch64/kernel/mod.rs

@@ -92,7 +92,7 @@ pub fn get_processor_count() -> u32 {
 
 pub fn args() -> Option<&'static str> {
 	let dtb = unsafe {
-		hermit_dtb::Dtb::from_raw(ptr::from_exposed_addr(
+		hermit_dtb::Dtb::from_raw(ptr::with_exposed_provenance(
 			boot_info().hardware_info.device_tree.unwrap().get() as usize,
 		))
 		.expect(".dtb file has invalid header")

src/arch/aarch64/kernel/pci.rs

@@ -1,5 +1,5 @@
 use alloc::vec::Vec;
-use core::{str, u32, u64, u8};
+use core::str;
 
 use arm_gic::gicv3::{IntId, Trigger};
 use bit_field::BitField;
@@ -46,13 +46,13 @@ impl ConfigRegionAccess for PciConfigRegion {
 
 	#[inline]
 	unsafe fn read(&self, pci_addr: PciAddress, offset: u16) -> u32 {
-		let ptr = core::ptr::from_exposed_addr(self.addr_from_offset(pci_addr, offset));
+		let ptr = core::ptr::with_exposed_provenance(self.addr_from_offset(pci_addr, offset));
 		unsafe { crate::drivers::pci::from_pci_endian(core::ptr::read_volatile(ptr)) }
 	}
 
 	#[inline]
 	unsafe fn write(&self, pci_addr: PciAddress, offset: u16, value: u32) {
-		let ptr = core::ptr::from_exposed_addr_mut(self.addr_from_offset(pci_addr, offset));
+		let ptr = core::ptr::with_exposed_provenance_mut(self.addr_from_offset(pci_addr, offset));
 		unsafe {
 			core::ptr::write_volatile(ptr, value.to_le());
 		}
@@ -228,7 +228,7 @@ fn detect_interrupt(
 
 pub fn init() {
 	let dtb = unsafe {
-		Dtb::from_raw(core::ptr::from_exposed_addr(
+		Dtb::from_raw(core::ptr::with_exposed_provenance(
 			boot_info().hardware_info.device_tree.unwrap().get() as usize,
 		))
 		.expect(".dtb file has invalid header")

src/arch/aarch64/kernel/processor.rs

@@ -252,7 +252,7 @@ pub fn set_oneshot_timer(wakeup_time: Option<u64>) {
 
 pub fn print_information() {
 	let dtb = unsafe {
-		Dtb::from_raw(core::ptr::from_exposed_addr(
+		Dtb::from_raw(core::ptr::with_exposed_provenance(
 			boot_info().hardware_info.device_tree.unwrap().get() as usize,
 		))
 		.expect(".dtb file has invalid header")

src/arch/aarch64/kernel/scheduler.rs

@@ -269,7 +269,7 @@ impl TaskTLS {
 
 		// Get TLS initialization image
 		let tls_init_image = {
-			let tls_init_data = ptr::from_exposed_addr(tls_info.start.try_into().unwrap());
+			let tls_init_data = ptr::with_exposed_provenance(tls_info.start.try_into().unwrap());
 			let tls_init_len = tls_info.filesz.try_into().unwrap();
 
 			// SAFETY: We will have to trust the environment here.

src/arch/aarch64/kernel/serial.rs

@@ -10,7 +10,7 @@ impl SerialPort {
 	}
 
 	pub fn write_byte(&self, byte: u8) {
-		let port = core::ptr::from_exposed_addr_mut::<u8>(self.port_address as usize);
+		let port = core::ptr::with_exposed_provenance_mut::<u8>(self.port_address as usize);
 
 		// LF newline characters need to be extended to CRLF over a real serial port.
 		if byte == b'\n' {

src/arch/aarch64/kernel/systemtime.rs

@@ -46,7 +46,7 @@ fn rtc_read(off: usize) -> u32 {
 
 pub fn init() {
 	let dtb = unsafe {
-		Dtb::from_raw(core::ptr::from_exposed_addr(
+		Dtb::from_raw(core::ptr::with_exposed_provenance(
 			boot_info().hardware_info.device_tree.unwrap().get() as usize,
 		))
 		.expect(".dtb file has invalid header")

src/arch/aarch64/mm/paging.rs

@@ -2,7 +2,7 @@
 
 use core::arch::asm;
 use core::marker::PhantomData;
-use core::{fmt, mem, ptr, usize};
+use core::{fmt, mem, ptr};
 
 use align_address::Align;
 
@@ -520,7 +520,7 @@ where
 		let table_address = core::ptr::from_ref(self).addr();
 		let subtable_address =
 			(table_address << PAGE_MAP_BITS) & !(usize::MAX << 48) | (index << PAGE_BITS);
-		unsafe { &mut *(ptr::from_exposed_addr_mut(subtable_address)) }
+		unsafe { &mut *(ptr::with_exposed_provenance_mut(subtable_address)) }
 	}
 
 	/// Maps a continuous range of pages.

src/arch/riscv64/mm/paging.rs

@@ -1,5 +1,5 @@
 use core::marker::PhantomData;
-use core::{ptr, usize};
+use core::ptr;
 
 use align_address::Align;
 use hermit_sync::SpinMutex;

src/arch/x86_64/kernel/acpi.rs

@@ -235,7 +235,8 @@ struct AcpiFadt {
 /// (wrapping) sum over all table fields equals zero.
 fn verify_checksum(start_address: usize, length: usize) -> Result<(), ()> {
 	// Get a slice over all bytes of the structure that are considered for the checksum.
-	let slice = unsafe { slice::from_raw_parts(ptr::from_exposed_addr(start_address), length) };
+	let slice =
+		unsafe { slice::from_raw_parts(ptr::with_exposed_provenance(start_address), length) };
 
 	// Perform a wrapping sum over these bytes.
 	let checksum = slice.iter().fold(0, |acc: u8, x| acc.wrapping_add(*x));
@@ -267,7 +268,7 @@ fn detect_rsdp(start_address: PhysAddr, end_address: PhysAddr) -> Result<&'stati
 		}
 
 		// Verify the signature to find out if this is really an ACPI RSDP.
-		let rsdp = unsafe { &*(ptr::from_exposed_addr::<AcpiRsdp>(current_address)) };
+		let rsdp = unsafe { &*(ptr::with_exposed_provenance::<AcpiRsdp>(current_address)) };
 		if &rsdp.signature != b"RSD PTR " {
 			continue;
 		}
@@ -337,8 +338,8 @@ fn search_s5_in_table(table: AcpiTable<'_>) {
 	// As we do not implement an AML interpreter, we search through the bytecode.
 	let aml = unsafe {
 		slice::from_ptr_range(
-			ptr::from_exposed_addr(table.table_start_address())
-				..ptr::from_exposed_addr(table.table_end_address()),
+			ptr::with_exposed_provenance(table.table_start_address())
+				..ptr::with_exposed_provenance(table.table_end_address()),
 		)
 	};
 
@@ -387,7 +388,8 @@ fn parse_fadt(fadt: AcpiTable<'_>) {
 	// Get us a reference to the actual fields of the FADT table.
 	// Note that not all fields may be accessible depending on the ACPI revision of the computer.
 	// Always check fadt.table_end_address() when accessing an optional field!
-	let fadt_table = unsafe { &*ptr::from_exposed_addr::<AcpiFadt>(fadt.table_start_address()) };
+	let fadt_table =
+		unsafe { &*ptr::with_exposed_provenance::<AcpiFadt>(fadt.table_start_address()) };
 
 	// Check if the FADT is large enough to hold an x_pm1a_cnt_blk field and if this field is non-zero.
 	// In that case, it shall be preferred over the I/O port specified in pm1a_cnt_blk.
@@ -480,14 +482,16 @@ pub fn init() {
 		// The XSDT contains 64-bit pointers whereas the RSDT has 32-bit pointers.
 		let table_physical_address = if rsdp.revision >= 2 {
 			let address = PhysAddr(unsafe {
-				ptr::read_unaligned(ptr::from_exposed_addr::<u64>(current_address))
+				ptr::read_unaligned(ptr::with_exposed_provenance::<u64>(current_address))
 			});
 			current_address += mem::size_of::<u64>();
 			address
 		} else {
 			let address = PhysAddr(
-				(unsafe { ptr::read_unaligned(ptr::from_exposed_addr::<u32>(current_address)) })
-					.into(),
+				(unsafe {
+					ptr::read_unaligned(ptr::with_exposed_provenance::<u32>(current_address))
+				})
+				.into(),
 			);
 			current_address += mem::size_of::<u32>();
 			address

src/arch/x86_64/kernel/apic.rs

@@ -5,7 +5,7 @@ use core::arch::x86_64::_mm_mfence;
 use core::fmt;
 use core::hint::spin_loop;
 use core::sync::atomic::Ordering;
-use core::{cmp, mem, ptr, u32};
+use core::{cmp, mem, ptr};
 
 use align_address::Align;
 #[cfg(feature = "smp")]
@@ -279,21 +279,22 @@ fn detect_from_acpi() -> Result<PhysAddr, ()> {
 	// Get the Multiple APIC Description Table (MADT) from the ACPI information and its specific table header.
 	let madt = acpi::get_madt().ok_or(())?;
 	let madt_header =
-		unsafe { &*(ptr::from_exposed_addr::<AcpiMadtHeader>(madt.table_start_address())) };
+		unsafe { &*(ptr::with_exposed_provenance::<AcpiMadtHeader>(madt.table_start_address())) };
 
 	// Jump to the actual table entries (after the table header).
 	let mut current_address = madt.table_start_address() + mem::size_of::<AcpiMadtHeader>();
 
 	// Loop through all table entries.
 	while current_address < madt.table_end_address() {
-		let record = unsafe { &*(ptr::from_exposed_addr::<AcpiMadtRecordHeader>(current_address)) };
+		let record =
+			unsafe { &*(ptr::with_exposed_provenance::<AcpiMadtRecordHeader>(current_address)) };
 		current_address += mem::size_of::<AcpiMadtRecordHeader>();
 
 		match record.entry_type {
 			0 => {
 				// Processor Local APIC
 				let processor_local_apic_record = unsafe {
-					&*(ptr::from_exposed_addr::<ProcessorLocalApicRecord>(current_address))
+					&*(ptr::with_exposed_provenance::<ProcessorLocalApicRecord>(current_address))
 				};
 				debug!(
 					"Found Processor Local APIC record: {}",
@@ -307,7 +308,7 @@ fn detect_from_acpi() -> Result<PhysAddr, ()> {
 			1 => {
 				// I/O APIC
 				let ioapic_record =
-					unsafe { &*(ptr::from_exposed_addr::<IoApicRecord>(current_address)) };
+					unsafe { &*(ptr::with_exposed_provenance::<IoApicRecord>(current_address)) };
 				debug!("Found I/O APIC record: {}", ioapic_record);
 
 				init_ioapic_address(PhysAddr(ioapic_record.address.into()));
@@ -393,7 +394,7 @@ fn detect_from_mp() -> Result<PhysAddr, ()> {
 
 	let mut addr: usize = virtual_address.as_usize()
 		| (mp_float.mp_config as usize & (BasePageSize::SIZE as usize - 1));
-	let mp_config: &ApicConfigTable = unsafe { &*(ptr::from_exposed_addr(addr)) };
+	let mp_config: &ApicConfigTable = unsafe { &*(ptr::with_exposed_provenance(addr)) };
 	if mp_config.signature != MP_CONFIG_SIGNATURE {
 		warn!("Invalid MP config table");
 		virtualmem::deallocate(virtual_address, BasePageSize::SIZE as usize);
@@ -409,19 +410,19 @@ fn detect_from_mp() -> Result<PhysAddr, ()> {
 		// entries starts directly after the config table
 		addr += mem::size_of::<ApicConfigTable>();
 		for _i in 0..mp_config.entry_count {
-			match unsafe { *(ptr::from_exposed_addr(addr)) } {
+			match unsafe { *(ptr::with_exposed_provenance(addr)) } {
 				// CPU entry
 				0 => {
 					let cpu_entry: &ApicProcessorEntry =
-						unsafe { &*(ptr::from_exposed_addr(addr)) };
+						unsafe { &*(ptr::with_exposed_provenance(addr)) };
 					if cpu_entry.cpu_flags & 0x01 == 0x01 {
 						add_local_apic_id(cpu_entry.id);
 					}
 					addr += mem::size_of::<ApicProcessorEntry>();
 				}
 				// IO-APIC entry
 				2 => {
-					let io_entry: &ApicIoEntry = unsafe { &*(ptr::from_exposed_addr(addr)) };
+					let io_entry: &ApicIoEntry = unsafe { &*(ptr::with_exposed_provenance(addr)) };
 					let ioapic = PhysAddr(io_entry.addr.into());
 					info!("Found IOAPIC at 0x{:p}", ioapic);
 

src/arch/x86_64/kernel/mmio.rs

@@ -68,7 +68,7 @@ fn check_linux_args(
 
 				// Verify the first register value to find out if this is really an MMIO magic-value.
 				let mmio = unsafe {
-					&mut *(ptr::from_exposed_addr_mut::<MmioRegisterLayout>(
+					&mut *(ptr::with_exposed_provenance_mut::<MmioRegisterLayout>(
 						virtual_address.as_usize()
 							| (current_address & (BasePageSize::SIZE as usize - 1)),
 					))
@@ -146,7 +146,7 @@ fn guess_device() -> Result<(&'static mut MmioRegisterLayout, u8), &'static str>
 
 		// Verify the first register value to find out if this is really an MMIO magic-value.
 		let mmio = unsafe {
-			&mut *(ptr::from_exposed_addr_mut::<MmioRegisterLayout>(
+			&mut *(ptr::with_exposed_provenance_mut::<MmioRegisterLayout>(
 				virtual_address.as_usize() | (current_address & (BasePageSize::SIZE as usize - 1)),
 			))
 		};

src/arch/x86_64/kernel/pci.rs

@@ -1,5 +1,3 @@
-use core::{u32, u8};
-
 use pci_types::{ConfigRegionAccess, PciAddress, PciHeader};
 use x86::io::*;
 

src/arch/x86_64/kernel/processor.rs

@@ -7,7 +7,7 @@ use core::arch::x86_64::{
 use core::hint::spin_loop;
 use core::num::NonZeroU32;
 use core::sync::atomic::{AtomicU64, Ordering};
-use core::{fmt, ptr, u32};
+use core::{fmt, ptr};
 
 use hermit_entry::boot_info::PlatformInfo;
 use hermit_sync::Lazy;

src/arch/x86_64/kernel/scheduler.rs

@@ -257,7 +257,7 @@ impl TaskTLS {
 
 		// Get TLS initialization image
 		let tls_init_image = {
-			let tls_init_data = ptr::from_exposed_addr(tls_info.start.try_into().unwrap());
+			let tls_init_data = ptr::with_exposed_provenance(tls_info.start.try_into().unwrap());
 			let tls_init_len = tls_info.filesz.try_into().unwrap();
 
 			// SAFETY: We will have to trust the environment here.

src/arch/x86_64/mm/paging.rs

@@ -91,7 +91,7 @@ pub use x86_64::structures::paging::{
 
 unsafe fn recursive_page_table() -> RecursivePageTable<'static> {
 	let level_4_table_addr = 0xFFFF_FFFF_FFFF_F000;
-	let level_4_table_ptr = ptr::from_exposed_addr_mut(level_4_table_addr);
+	let level_4_table_ptr = ptr::with_exposed_provenance_mut(level_4_table_addr);
 	unsafe {
 		let level_4_table = &mut *(level_4_table_ptr);
 		RecursivePageTable::new(level_4_table).unwrap()
@@ -405,7 +405,7 @@ pub(crate) unsafe fn print_page_tables(levels: usize) {
 	// Identity mapped
 	//let level_4_table_addr = Cr3::read().0.start_address().as_u64();
 	//let level_4_table_ptr =
-	//	ptr::from_exposed_addr::<PageTable>(level_4_table_addr.try_into().unwrap());
+	//	ptr::with_exposed_provenance::<PageTable>(level_4_table_addr.try_into().unwrap());
 	//let pt = unsafe { &*level_4_table_ptr };
 
 	print(pt, 4, 5 - levels);

src/drivers/net/virtio_mmio.rs

@@ -116,7 +116,7 @@ impl VirtioNetDriver {
 		irq: u8,
 	) -> Result<Self, VirtioNetError> {
 		let dev_cfg_raw: &'static NetDevCfgRaw =
-			unsafe { &*(ptr::from_exposed_addr(ptr::from_ref(registers).addr() + 0xFC)) };
+			unsafe { &*(ptr::with_exposed_provenance(ptr::from_ref(registers).addr() + 0xFC)) };
 		let dev_cfg = NetDevCfg {
 			raw: dev_cfg_raw,
 			dev_id,

src/drivers/virtio/transport/mmio.rs

@@ -3,9 +3,9 @@
 //! The module contains ...
 #![allow(dead_code)]
 
+use core::ptr;
 use core::ptr::{read_volatile, write_volatile};
 use core::sync::atomic::{fence, Ordering};
-use core::{ptr, u8};
 
 #[cfg(any(feature = "tcp", feature = "udp"))]
 use crate::arch::kernel::interrupts::*;

src/drivers/virtio/transport/pci.rs

@@ -165,7 +165,7 @@ pub fn map_dev_cfg<T>(cap: &PciCap) -> Option<&'static mut T> {
 
 	// Create mutable reference to the PCI structure in PCI memory
 	let dev_cfg: &'static mut T =
-		unsafe { &mut *(ptr::from_exposed_addr_mut(virt_addr_raw.into())) };
+		unsafe { &mut *(ptr::with_exposed_provenance_mut(virt_addr_raw.into())) };
 
 	Some(dev_cfg)
 }
@@ -624,7 +624,7 @@ impl ComCfgRaw {
 
 		// Create mutable reference to the PCI structure in PCI memory
 		let com_cfg_raw: &mut ComCfgRaw =
-			unsafe { &mut *(ptr::from_exposed_addr_mut(virt_addr_raw.into())) };
+			unsafe { &mut *(ptr::with_exposed_provenance_mut(virt_addr_raw.into())) };
 
 		Some(com_cfg_raw)
 	}
@@ -811,7 +811,7 @@ impl IsrStatusRaw {
 
 		// Create mutable reference to the PCI structure in the devices memory area
 		let isr_stat_raw: &mut IsrStatusRaw =
-			unsafe { &mut *(ptr::from_exposed_addr_mut(virt_addr_raw.into())) };
+			unsafe { &mut *(ptr::with_exposed_provenance_mut(virt_addr_raw.into())) };
 
 		Some(isr_stat_raw)
 	}
@@ -920,7 +920,7 @@ impl ShMemCfg {
 			MemLen::from((u64::from(length_high) << 32) ^ u64::from(cap.origin.cap_struct.length));
 
 		let virt_addr_raw = cap.bar.mem_addr + offset;
-		let raw_ptr = ptr::from_exposed_addr_mut::<u8>(virt_addr_raw.into());
+		let raw_ptr = ptr::with_exposed_provenance_mut::<u8>(virt_addr_raw.into());
 
 		// Zero initialize shared memory area
 		unsafe {

src/drivers/virtio/virtqueue/mod.rs

@@ -3125,7 +3125,7 @@ impl MemPool {
 
 		// Allocate heap memory via a vec, leak and cast
 		let _mem_len = len.align_up(BasePageSize::SIZE as usize);
-		let ptr = ptr::from_exposed_addr_mut(crate::mm::allocate(_mem_len, true).0 as usize);
+		let ptr = ptr::with_exposed_provenance_mut(crate::mm::allocate(_mem_len, true).0 as usize);
 
 		// Assert descriptor does not cross a page barrier
 		let start_virt = ptr as usize;
@@ -3160,7 +3160,7 @@ impl MemPool {
 
 		// Allocate heap memory via a vec, leak and cast
 		let _mem_len = len.align_up(BasePageSize::SIZE as usize);
-		let ptr = ptr::from_exposed_addr_mut(crate::mm::allocate(_mem_len, true).0 as usize);
+		let ptr = ptr::with_exposed_provenance_mut(crate::mm::allocate(_mem_len, true).0 as usize);
 
 		// Assert descriptor does not cross a page barrier
 		let start_virt = ptr as usize;