When creating a new bitfield, it is possible that the value contains bits set. Such usage can be the result of an error in the usage of the bitfield. Print an error in regular configs, and assert in a hardened config (CONFIG_RUST_BITFIELD_HARDENED). If the design is deliberate, the user may silence these errors or assertions by defining the bitfield as reserved.
Suggested-by: Yury Norov <[email protected]> Signed-off-by: Joel Fernandes <[email protected]> --- rust/kernel/bitfield.rs | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/rust/kernel/bitfield.rs b/rust/kernel/bitfield.rs index 655f940479f1..606494bf4245 100644 --- a/rust/kernel/bitfield.rs +++ b/rust/kernel/bitfield.rs @@ -117,7 +117,9 @@ macro_rules! bitfield_assert { /// ``` /// /// This generates a struct with: -/// - Constructor: `new(value)` - creates a bitfield from a raw value, zeroing undefined bits +/// - Constructor: `new(value)` - creates a bitfield from a raw value, zeroing undefined bits. +/// If any of the bits passed are set, but not defined as a bitfield, an error is printed. +/// To silence these errors, either define all fields or initialize the bit positions to 0. /// - Raw accessor: `raw()` - returns the underlying raw value /// - Field accessors: `mode()`, `state()`, etc. /// - Field setters: `set_mode()`, `set_state()`, etc. (supports chaining with builder pattern). @@ -236,6 +238,10 @@ impl $name { /// This constructor zeros out all bits that are not defined by any field, /// ensuring only valid field bits are preserved. This is to prevent UB /// when raw() is used to retrieve undefined bits. + /// + /// If any of the bits passed are set, but not defined as a bitfield, + /// an error is printed. To silence these errors, either define all fields + /// or initialize the respective bit positions to 0. #[inline(always)] $vis fn new(value: $storage) -> Self { // Calculate mask for all defined fields @@ -245,6 +251,18 @@ impl $name { mask |= Self::[<$field:upper _MASK>]; ); )* + + // Check if any undefined bits are set + $crate::bitfield_assert!( + (value & !mask) == 0, + concat!( + "Value 0x{:x} has bits set outside of defined field ranges ", + "(mask: 0x{:x}). To avoid this assertion, either define all ", + "fields or initialize unused bits to 0." + ), + value, mask + ); + // Zero out undefined bits and wrap in BitfieldInternalStorage Self(::kernel::bitfield::BitfieldInternalStorage::from_raw(value & mask)) } -- 2.34.1
