Rust fixes for v6.12

Toolchain and infrastructure:
 
  - Fix/improve a couple 'depends on' on the newly added CFI/KASAN
    suppport to avoid build errors/warnings.
 
  - Fix ARCH_SLAB_MINALIGN multiple definition error for RISC-V under
    !CONFIG_MMU.
 
  - Clean upcoming (Rust 1.83.0) Clippy warnings.
 
 'kernel' crate:
 
  - 'sync' module: fix soundness issue by requiring 'T: Sync' for
    'LockedBy::access'; and fix helpers build error under PREEMPT_RT.
 
  - Fix trivial sorting issue ('rustfmtcheck') on the v6.12 Rust merge.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEPjU5OPd5QIZ9jqqOGXyLc2htIW0FAmb/L3EACgkQGXyLc2ht
 IW2KDRAAgacHH58Y4uJRq6PKiDHyoiAmDidWauaLAlC5pnf0jks0VK7/xpnLF5Ov
 6ZxloNimC+LoQSKg2nA3TUG1DcNSei1N6o3l53gXxqfr+4K4zg9B4zlQnB5AbW26
 8EvmMSn8wS0g3GBr2RfYDPnq3IEsWB8p38AsOZn8qpzQjJFprVH/BoSFGaizsjNx
 ocn34PExuFzj9Nxt+r/lMqTi+OwdUi8xemgug48yix4A9zOH9GmbaEwUvFHZGYzM
 be5tkD0qiPBgbwXsWe6A3LuT50NPb8Vwq2WJabuGgUNviUF4xb+BpeoTd3ur+aTo
 SFMmLGoDG/dCcu2LC6Zavpp/sWk/q3Y/Ws/jsBWD3888Xe3u6lrAgOvru8yI2bdy
 gi3r5MFY2QT8mkv/tyWhilLlHKYqs53k2SePIVHZHRvx4rPjyUZfyFCEgRuRKluA
 oIgb5NBtbbB1OiDktDnwDzxmsAnJl8/mOMtMFuLWeaG/wjKsU3o32dAswTJ0fGCM
 v0jcDEVLyeWki5Lk1a4OSXpDSI3qXC8JPXRQUO2CYv3f0L943y+9Q6tyXodoDKIn
 mL6bz5ab7F8FF38iYv+x0eUaIhQ9qal475E6gLVDGnrxHii+0gfl7cd9Pcsve0n+
 7eP5ejn3DOEti2L9lvQmOxoPDvepESKg+bIs8hRWtGsWrRibVnQ=
 =wDC1
 -----END PGP SIGNATURE-----

Merge tag 'rust-fixes-6.12' of https://github.com/Rust-for-Linux/linux

Pull Rust fixes from Miguel Ojeda:
 "Toolchain and infrastructure:

   - Fix/improve a couple 'depends on' on the newly added CFI/KASAN
     suppport to avoid build errors/warnings

   - Fix ARCH_SLAB_MINALIGN multiple definition error for RISC-V under
     !CONFIG_MMU

   - Clean upcoming (Rust 1.83.0) Clippy warnings

  'kernel' crate:

   - 'sync' module: fix soundness issue by requiring 'T: Sync' for
     'LockedBy::access'; and fix helpers build error under PREEMPT_RT

   - Fix trivial sorting issue ('rustfmtcheck') on the v6.12 Rust merge"

* tag 'rust-fixes-6.12' of https://github.com/Rust-for-Linux/linux:
  rust: kunit: use C-string literals to clean warning
  cfi: encode cfi normalized integers + kasan/gcov bug in Kconfig
  rust: KASAN+RETHUNK requires rustc 1.83.0
  rust: cfi: fix `patchable-function-entry` starting version
  rust: mutex: fix __mutex_init() usage in case of PREEMPT_RT
  rust: fix `ARCH_SLAB_MINALIGN` multiple definition error
  rust: sync: require `T: Sync` for `LockedBy::access`
  rust: kernel: sort Rust modules

arch/Kconfig

@@ -838,7 +838,7 @@ config CFI_CLANG
 config CFI_ICALL_NORMALIZE_INTEGERS
 	bool "Normalize CFI tags for integers"
 	depends on CFI_CLANG
-	depends on $(cc-option,-fsanitize=kcfi -fsanitize-cfi-icall-experimental-normalize-integers)
+	depends on HAVE_CFI_ICALL_NORMALIZE_INTEGERS
 	help
 	  This option normalizes the CFI tags for integer types so that all
 	  integer types of the same size and signedness receive the same CFI
@@ -851,6 +851,22 @@ config CFI_ICALL_NORMALIZE_INTEGERS
 
 	  This option is necessary for using CFI with Rust. If unsure, say N.
 
+config HAVE_CFI_ICALL_NORMALIZE_INTEGERS
+	def_bool !GCOV_KERNEL && !KASAN
+	depends on CFI_CLANG
+	depends on $(cc-option,-fsanitize=kcfi -fsanitize-cfi-icall-experimental-normalize-integers)
+	help
+	  Is CFI_ICALL_NORMALIZE_INTEGERS supported with the set of compilers
+	  currently in use?
+
+	  This option defaults to false if GCOV or KASAN is enabled, as there is
+	  an LLVM bug that makes normalized integers tags incompatible with
+	  KASAN and GCOV. Kconfig currently does not have the infrastructure to
+	  detect whether your rustc compiler contains the fix for this bug, so
+	  it is assumed that it doesn't. If your compiler has the fix, you can
+	  explicitly enable this option in your config file. The Kconfig logic
+	  needed to detect this will be added in a future kernel release.
+
 config CFI_PERMISSIVE
 	bool "Use CFI in permissive mode"
 	depends on CFI_CLANG

init/Kconfig

@@ -1946,10 +1946,11 @@ config RUST
 	depends on !GCC_PLUGIN_RANDSTRUCT
 	depends on !RANDSTRUCT
 	depends on !DEBUG_INFO_BTF || PAHOLE_HAS_LANG_EXCLUDE
-	depends on !CFI_CLANG || RUSTC_VERSION >= 107900 && $(cc-option,-fsanitize=kcfi -fsanitize-cfi-icall-experimental-normalize-integers)
+	depends on !CFI_CLANG || RUSTC_VERSION >= 107900 && HAVE_CFI_ICALL_NORMALIZE_INTEGERS
 	select CFI_ICALL_NORMALIZE_INTEGERS if CFI_CLANG
-	depends on !CALL_PADDING || RUSTC_VERSION >= 108000
+	depends on !CALL_PADDING || RUSTC_VERSION >= 108100
 	depends on !KASAN_SW_TAGS
+	depends on !(MITIGATION_RETHUNK && KASAN) || RUSTC_VERSION >= 108300
 	help
 	  Enables Rust support in the kernel.
 

rust/bindgen_parameters

@@ -24,3 +24,8 @@
 # These functions use the `__preserve_most` calling convention, which neither bindgen
 # nor Rust currently understand, and which Clang currently declares to be unstable.
 --blocklist-function __list_.*_report
+
+# These constants are sometimes not recognized by bindgen depending on config.
+# We use const helpers to aid bindgen, to avoid conflicts when constants are
+# recognized, block generation of the non-helper constants.
+--blocklist-item ARCH_SLAB_MINALIGN

rust/helpers/mutex.c

@@ -7,3 +7,9 @@ void rust_helper_mutex_lock(struct mutex *lock)
 {
 	mutex_lock(lock);
 }
+
+void rust_helper___mutex_init(struct mutex *mutex, const char *name,
+			      struct lock_class_key *key)
+{
+	__mutex_init(mutex, name, key);
+}

rust/kernel/kunit.rs

@@ -18,7 +18,7 @@ pub fn err(args: fmt::Arguments<'_>) {
     #[cfg(CONFIG_PRINTK)]
     unsafe {
         bindings::_printk(
-            b"\x013%pA\0".as_ptr() as _,
+            c"\x013%pA".as_ptr() as _,
             &args as *const _ as *const c_void,
         );
     }
@@ -34,7 +34,7 @@ pub fn info(args: fmt::Arguments<'_>) {
     #[cfg(CONFIG_PRINTK)]
     unsafe {
         bindings::_printk(
-            b"\x016%pA\0".as_ptr() as _,
+            c"\x016%pA".as_ptr() as _,
             &args as *const _ as *const c_void,
         );
     }

rust/kernel/lib.rs

@@ -44,8 +44,8 @@
 pub mod page;
 pub mod prelude;
 pub mod print;
-pub mod sizes;
 pub mod rbtree;
+pub mod sizes;
 mod static_assert;
 #[doc(hidden)]
 pub mod std_vendor;

rust/kernel/sync/locked_by.rs

@@ -83,8 +83,12 @@ pub struct LockedBy<T: ?Sized, U: ?Sized> {
 // SAFETY: `LockedBy` can be transferred across thread boundaries iff the data it protects can.
 unsafe impl<T: ?Sized + Send, U: ?Sized> Send for LockedBy<T, U> {}
 
-// SAFETY: `LockedBy` serialises the interior mutability it provides, so it is `Sync` as long as the
-// data it protects is `Send`.
+// SAFETY: If `T` is not `Sync`, then parallel shared access to this `LockedBy` allows you to use
+// `access_mut` to hand out `&mut T` on one thread at the time. The requirement that `T: Send` is
+// sufficient to allow that.
+//
+// If `T` is `Sync`, then the `access` method also becomes available, which allows you to obtain
+// several `&T` from several threads at once. However, this is okay as `T` is `Sync`.
 unsafe impl<T: ?Sized + Send, U: ?Sized> Sync for LockedBy<T, U> {}
 
 impl<T, U> LockedBy<T, U> {
@@ -118,7 +122,10 @@ impl<T: ?Sized, U> LockedBy<T, U> {
     ///
     /// Panics if `owner` is different from the data protected by the lock used in
     /// [`new`](LockedBy::new).
-    pub fn access<'a>(&'a self, owner: &'a U) -> &'a T {
+    pub fn access<'a>(&'a self, owner: &'a U) -> &'a T
+    where
+        T: Sync,
+    {
         build_assert!(
             size_of::<U>() > 0,
             "`U` cannot be a ZST because `owner` wouldn't be unique"
@@ -127,7 +134,10 @@ pub fn access<'a>(&'a self, owner: &'a U) -> &'a T {
             panic!("mismatched owners");
         }
 
-        // SAFETY: `owner` is evidence that the owner is locked.
+        // SAFETY: `owner` is evidence that there are only shared references to the owner for the
+        // duration of 'a, so it's not possible to use `Self::access_mut` to obtain a mutable
+        // reference to the inner value that aliases with this shared reference. The type is `Sync`
+        // so there are no other requirements.
         unsafe { &*self.data.get() }
     }