On Sat, Jan 17, 2026 at 01:23:57PM +0000, Alice Ryhl wrote: > On Fri, Jan 16, 2026 at 03:49:54PM -0600, Timur Tabi wrote: > > Add a new method to UserSliceWriter that copies data from a raw kernel > > pointer to userspace, without requiring a Rust slice reference. > > > > The method takes: > > - data: raw pointer to the source buffer > > - len: total size of the source buffer (for bounds checking) > > - offset: byte offset into the source buffer to start copying from > > - count: number of bytes to copy > > > > The method is marked unsafe because the caller must ensure the pointer > > is valid for the specified length and that the memory is not mutated > > during the call. > > > > Signed-off-by: Timur Tabi <[email protected]> > > --- > > rust/kernel/uaccess.rs | 50 ++++++++++++++++++++++++++++++++++++++++++ > > 1 file changed, 50 insertions(+) > > > > diff --git a/rust/kernel/uaccess.rs b/rust/kernel/uaccess.rs > > index f989539a31b4..8bbb0084abb1 100644 > > --- a/rust/kernel/uaccess.rs > > +++ b/rust/kernel/uaccess.rs > > @@ -481,6 +481,56 @@ pub fn write_slice(&mut self, data: &[u8]) -> Result { > > Ok(()) > > } > > > > + /// Writes raw data to this user pointer from a raw kernel pointer. > > + /// > > + /// This is similar to [`Self::write_slice`] but takes a raw pointer > > instead of a slice, > > + /// along with a total buffer length, an offset into the that buffer, > > and a count of bytes > > + /// to copy. > > + /// > > + /// Returns error if the offset+count exceeds the buffer size. > > + /// > > + /// Fails with [`EFAULT`] if the write happens on a bad address, or if > > the write goes out of > > + /// bounds of this [`UserSliceWriter`]. This call may modify the > > associated userspace slice > > + /// even if it returns an error. > > + /// > > + /// # Safety > > + /// > > + /// - `data` must point to a valid memory region of at least `len` > > bytes that remains allocated > > + /// for the duration of this call. > > + /// > > + /// Note: Unlike [`Self::write_slice`], this method does not require > > exclusive access to the > > + /// source memory. The memory may be concurrently modified by other > > threads or hardware (e.g., > > + /// DMA buffers). In such cases, the copied data may be inconsistent, > > but this does not cause > > + /// undefined behavior. > > + pub unsafe fn write_buffer( > > + &mut self, > > + data: *const u8, > > + len: usize, > > + offset: usize, > > + count: usize, > > + ) -> Result { > > Why not this signature? > > unsafe fn write_raw_slice(&mut self, data: *const [u8]) -> Result; > > You can implement `write_slice` in terms of it.
To clarify, I think this would be a simpler signature for `write_buffer()`. And `write_raw_slice()` can be used both for DMA and to simplify the existing `write_slice`. Alice
