rust-osdev
diff --git a/‎.github/workflows/build.yml
+5-6 b/‎.github/workflows/build.yml
+5-6
diff --git a/‎.github/workflows/release.yml
+1-5 b/‎.github/workflows/release.yml
+1-5
diff --git a/‎src/addr.rs
+92-4 b/‎src/addr.rs
+92-4
diff --git a/‎src/registers/control.rs
+57 b/‎src/registers/control.rs
+57
diff --git a/‎src/registers/debug.rs
+13 b/‎src/registers/debug.rs
+13
@@ -47,7 +47,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        platform: [ubuntu-latest, macos-12, macos-latest, windows-latest]
+        platform: [ubuntu-latest, macos-latest, windows-latest]
 
     runs-on: ${{ matrix.platform }}
     timeout-minutes: 15
@@ -89,9 +89,6 @@ jobs:
     runs-on: ${{ matrix.platform }}
     timeout-minutes: 15
 
-    env:
-      RUSTFLAGS: -Crelocation-model=static -Dwarnings
-
     steps:
       - name: "Checkout Repository"
         uses: actions/checkout@v4
@@ -137,9 +134,11 @@ jobs:
         run: qemu-system-x86_64 --version
 
       - name: "Run Test Framework"
-        run: cargo test
+        run: cargo test --target x86_64-unknown-none
         shell: bash
         working-directory: "testing"
+        env:
+          RUSTFLAGS: -Crelocation-model=static -Dwarnings
 
   check_formatting:
     name: "Check Formatting"
@@ -177,7 +176,7 @@ jobs:
         run: cargo +stable semver-checks check-release
 
   kani:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - uses: Swatinem/rust-cache@v2
 
@@ -21,12 +21,8 @@ jobs:
       - name: "Checkout Repository"
         uses: actions/checkout@v4
 
-      # TODO: Remove when Python 3.11 is the default on the Gihtub Actions image
-      - name: "Install Python 3.11"
-        run: sudo apt-get -y install python3.11
-
       - name: "Run release script"
-        run: "python3.11 scripts/ci-release.py"
+        run: "python scripts/ci-release.py"
         env:
           CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -364,13 +364,41 @@ impl fmt::Pointer for VirtAddr {
 
 impl Add<u64> for VirtAddr {
     type Output = Self;
+
+    #[cfg_attr(not(feature = "step_trait"), allow(rustdoc::broken_intra_doc_links))]
+    /// Add an offset to a virtual address.
+    ///
+    /// This function performs normal arithmetic addition and doesn't jump the
+    /// address gap. If you're looking for a successor operation that jumps the
+    /// address gap, use [`Step::forward`].
+    ///
+    /// # Panics
+    ///
+    /// This function will panic on overflow or if the result is not a
+    /// canonical address.
     #[inline]
     fn add(self, rhs: u64) -> Self::Output {
-        VirtAddr::new(self.0 + rhs)
+        VirtAddr::try_new(
+            self.0
+                .checked_add(rhs)
+                .expect("attempt to add with overflow"),
+        )
+        .expect("attempt to add resulted in non-canonical virtual address")
     }
 }
 
 impl AddAssign<u64> for VirtAddr {
+    #[cfg_attr(not(feature = "step_trait"), allow(rustdoc::broken_intra_doc_links))]
+    /// Add an offset to a virtual address.
+    ///
+    /// This function performs normal arithmetic addition and doesn't jump the
+    /// address gap. If you're looking for a successor operation that jumps the
+    /// address gap, use [`Step::forward`].
+    ///
+    /// # Panics
+    ///
+    /// This function will panic on overflow or if the result is not a
+    /// canonical address.
     #[inline]
     fn add_assign(&mut self, rhs: u64) {
         *self = *self + rhs;
@@ -379,13 +407,41 @@ impl AddAssign<u64> for VirtAddr {
 
 impl Sub<u64> for VirtAddr {
     type Output = Self;
+
+    #[cfg_attr(not(feature = "step_trait"), allow(rustdoc::broken_intra_doc_links))]
+    /// Subtract an offset from a virtual address.
+    ///
+    /// This function performs normal arithmetic subtraction and doesn't jump
+    /// the address gap. If you're looking for a predecessor operation that
+    /// jumps the address gap, use [`Step::backward`].
+    ///
+    /// # Panics
+    ///
+    /// This function will panic on overflow or if the result is not a
+    /// canonical address.
     #[inline]
     fn sub(self, rhs: u64) -> Self::Output {
-        VirtAddr::new(self.0.checked_sub(rhs).unwrap())
+        VirtAddr::try_new(
+            self.0
+                .checked_sub(rhs)
+                .expect("attempt to subtract with overflow"),
+        )
+        .expect("attempt to subtract resulted in non-canonical virtual address")
     }
 }
 
 impl SubAssign<u64> for VirtAddr {
+    #[cfg_attr(not(feature = "step_trait"), allow(rustdoc::broken_intra_doc_links))]
+    /// Subtract an offset from a virtual address.
+    ///
+    /// This function performs normal arithmetic subtraction and doesn't jump
+    /// the address gap. If you're looking for a predecessor operation that
+    /// jumps the address gap, use [`Step::backward`].
+    ///
+    /// # Panics
+    ///
+    /// This function will panic on overflow or if the result is not a
+    /// canonical address.
     #[inline]
     fn sub_assign(&mut self, rhs: u64) {
         *self = *self - rhs;
@@ -394,9 +450,17 @@ impl SubAssign<u64> for VirtAddr {
 
 impl Sub<VirtAddr> for VirtAddr {
     type Output = u64;
+
+    /// Returns the difference between two addresses.
+    ///
+    /// # Panics
+    ///
+    /// This function will panic on overflow.
     #[inline]
     fn sub(self, rhs: VirtAddr) -> Self::Output {
-        self.as_u64().checked_sub(rhs.as_u64()).unwrap()
+        self.as_u64()
+            .checked_sub(rhs.as_u64())
+            .expect("attempt to subtract with overflow")
     }
 }
 
@@ -593,7 +657,7 @@ impl Add<u64> for PhysAddr {
     type Output = Self;
     #[inline]
     fn add(self, rhs: u64) -> Self::Output {
-        PhysAddr::new(self.0 + rhs)
+        PhysAddr::new(self.0.checked_add(rhs).unwrap())
     }
 }
 
@@ -663,6 +727,30 @@ pub const fn align_up(addr: u64, align: u64) -> u64 {
 mod tests {
     use super::*;
 
+    #[test]
+    #[should_panic]
+    pub fn add_overflow_virtaddr() {
+        let _ = VirtAddr::new(0xffff_ffff_ffff_ffff) + 1;
+    }
+
+    #[test]
+    #[should_panic]
+    pub fn add_overflow_physaddr() {
+        let _ = PhysAddr::new(0x000f_ffff_ffff_ffff) + 0xffff_0000_0000_0000;
+    }
+
+    #[test]
+    #[should_panic]
+    pub fn sub_underflow_virtaddr() {
+        let _ = VirtAddr::new(0) - 1;
+    }
+
+    #[test]
+    #[should_panic]
+    pub fn sub_overflow_physaddr() {
+        let _ = PhysAddr::new(0) - 1;
+    }
+
     #[test]
     pub fn virtaddr_new_truncate() {
         assert_eq!(VirtAddr::new_truncate(0), VirtAddr(0));
 
@@ -361,6 +361,63 @@ mod x86_64 {
                 asm!("mov cr3, {}", in(reg) value, options(nostack, preserves_flags));
             }
         }
+
+        /// Update the P4 table address in the CR3 register.
+        ///
+        /// ## Safety
+        ///
+        /// Changing the level 4 page table is unsafe, because it's possible to violate memory safety by
+        /// changing the page mapping.
+        #[inline]
+        pub unsafe fn update<F>(f: F)
+        where
+            F: FnOnce(&mut PhysFrame, &mut Cr3Flags),
+        {
+            let (mut frame, mut flags) = Self::read();
+            f(&mut frame, &mut flags);
+            unsafe {
+                Self::write(frame, flags);
+            }
+        }
+
+        /// Updates the P4 table address in the CR3 register.
+        ///
+        /// ## Safety
+        ///
+        /// Changing the level 4 page table is unsafe, because it's possible to violate memory safety by
+        /// changing the page mapping.
+        /// [`Cr4Flags::PCID`] must be set before calling this method.
+        #[inline]
+        pub unsafe fn update_pcid<F>(f: F)
+        where
+            F: FnOnce(&mut PhysFrame, &mut Pcid),
+        {
+            let (mut frame, mut pcid) = Self::read_pcid();
+            f(&mut frame, &mut pcid);
+            unsafe {
+                Self::write_pcid(frame, pcid);
+            }
+        }
+
+        /// Updates the P4 table address in the CR3 register without flushing existing TLB entries for
+        /// the PCID.
+        ///
+        /// ## Safety
+        ///
+        /// Changing the level 4 page table is unsafe, because it's possible to violate memory safety by
+        /// changing the page mapping.
+        /// [`Cr4Flags::PCID`] must be set before calling this method.
+        #[inline]
+        pub unsafe fn update_pcid_no_flush<F>(f: F)
+        where
+            F: FnOnce(&mut PhysFrame, &mut Pcid),
+        {
+            let (mut frame, mut pcid) = Self::read_pcid();
+            f(&mut frame, &mut pcid);
+            unsafe {
+                Self::write_pcid_no_flush(frame, pcid);
+            }
+        }
     }
 
     impl Cr4 {
 
@@ -499,5 +499,18 @@ mod x86_64 {
                 asm!("mov dr7, {}", in(reg) value, options(nomem, nostack, preserves_flags));
             }
         }
+
+        /// Update the DR7 value.
+        ///
+        /// Preserves the value of reserved fields.
+        #[inline]
+        pub fn update<F>(f: F)
+        where
+            F: FnOnce(&mut Dr7Value),
+        {
+            let mut value = Self::read();
+            f(&mut value);
+            Self::write(value);
+        }
     }
 }
Original file line number	Diff line number	Diff line change
`@@ -499,5 +499,18 @@ mod x86_64 {`
`499`	`499`	`asm!("mov dr7, {}", in(reg) value, options(nomem, nostack, preserves_flags));`
`500`	`500`	`}`
`501`	`501`	`}`
	`502`	`+`
	`503`	`+ /// Update the DR7 value.`
	`504`	`+ ///`
	`505`	`+ /// Preserves the value of reserved fields.`
	`506`	`+ #[inline]`
	`507`	`+ pub fn update<F>(f: F)`
	`508`	`+ where`
	`509`	`+ F: FnOnce(&mut Dr7Value),`
	`510`	`+ {`
	`511`	`+ let mut value = Self::read();`
	`512`	`+ f(&mut value);`
	`513`	`+ Self::write(value);`
	`514`	`+ }`
`502`	`515`	`}`
`503`	`516`	`}`