libfdt: Introduce abstraction type NodeOffset
The C functions use c_int for different purposes, which can lead to
undetected bug where values with different meanings are mixed or invalid
values are passed.
Instead, introduce a transparent c_int wrapper representing DT node
offsets, allowing the compiler to catch such bugs and prevent invalid
offsets from being created.
Test: m pvmfw
Test: atest liblibfdt.integration_test
Change-Id: I458c578a287e9484dc0febaaffdda7b28a93f520
diff --git a/libs/libfdt/src/lib.rs b/libs/libfdt/src/lib.rs
index 86d4abd..c0d8d55 100644
--- a/libs/libfdt/src/lib.rs
+++ b/libs/libfdt/src/lib.rs
@@ -17,17 +17,17 @@
#![no_std]
-mod ctypes;
mod iterators;
mod libfdt;
mod result;
+mod safe_types;
-pub use ctypes::Phandle;
pub use iterators::{
AddressRange, CellIterator, CompatibleIterator, DescendantsIterator, MemRegIterator,
PropertyIterator, RangesIterator, Reg, RegIterator, SubnodeIterator,
};
pub use result::{FdtError, Result};
+pub use safe_types::{NodeOffset, Phandle};
use core::ffi::{c_int, c_void, CStr};
use core::ops::Range;
@@ -147,7 +147,7 @@
#[derive(Clone, Copy, Debug)]
pub struct FdtNode<'a> {
fdt: &'a Fdt,
- offset: c_int,
+ offset: NodeOffset,
}
impl<'a> FdtNode<'a> {
@@ -355,7 +355,7 @@
#[derive(Debug)]
pub struct FdtNodeMut<'a> {
fdt: &'a mut Fdt,
- offset: c_int,
+ offset: NodeOffset,
}
impl<'a> FdtNodeMut<'a> {
@@ -525,7 +525,7 @@
self.delete_and_next(next_offset)
}
- fn delete_and_next(self, next_offset: Option<c_int>) -> Result<Option<Self>> {
+ fn delete_and_next(self, next_offset: Option<NodeOffset>) -> Result<Option<Self>> {
if Some(self.offset) == next_offset {
return Err(FdtError::Internal);
}
@@ -748,7 +748,11 @@
Ok(offset.map(|offset| FdtNodeMut { fdt: self, offset }))
}
- fn next_node_skip_subnodes(&self, node: c_int, depth: usize) -> Result<Option<(c_int, usize)>> {
+ fn next_node_skip_subnodes(
+ &self,
+ node: NodeOffset,
+ depth: usize,
+ ) -> Result<Option<(NodeOffset, usize)>> {
let mut iter = self.next_node(node, depth)?;
while let Some((offset, next_depth)) = iter {
if next_depth <= depth {