mirrors/crosvm
1
0
Fork 0
mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2024-10-23 04:46:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

clippy: enforce safety doc comment

Browse source 
BUG=b:316168567
TEST=none

Change-Id: I4e0a74e509ed4ef672fb9f334654a50aa5e257f1
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5118513
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Vikram Auradkar <auradkar@google.com>
This commit is contained in:
Vikram Auradkar 2023-12-11 19:21:01 +00:00 committed by crosvm LUCI
parent 32bf962689
commit 96b82c0294
11 changed files with 75 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.cargo/config.toml
View file

@ -4,9 +4,6 @@
# https://github.com/rust-lang/cargo/issues/5034
[build]
rustflags = [
# TODO(crbug/908640): To be resolved.
"-Aclippy::missing_safety_doc", # 26 errors
# We don't care about these lints. Okay to remain suppressed globally.
"-Aclippy::bool_assert_comparison",
"-Aclippy::cast_lossless",

2
base/src/sys/linux/ioctl.rs
View file

@ -170,6 +170,7 @@ pub unsafe fn ioctl_with_val(descriptor: &dyn AsRawDescriptor, nr: IoctlNr, arg:
/// Run an ioctl with an immutable reference.
/// # Safety
///
/// The caller is responsible for determining the safety of the particular ioctl.
pub unsafe fn ioctl_with_ref<T>(descriptor: &dyn AsRawDescriptor, nr: IoctlNr, arg: &T) -> c_int {
libc::ioctl(
@ -181,6 +182,7 @@ pub unsafe fn ioctl_with_ref<T>(descriptor: &dyn AsRawDescriptor, nr: IoctlNr, a
/// Run an ioctl with a mutable reference.
/// # Safety
///
/// The caller is responsible for determining the safety of the particular ioctl.
pub unsafe fn ioctl_with_mut_ref<T>(
descriptor: &dyn AsRawDescriptor,

12
crosvm_control/src/lib.rs
View file

@ -166,6 +166,12 @@ pub unsafe extern "C" fn crosvm_client_balloon_vms(
}
/// See crosvm_client_balloon_vms.
///
/// # Safety
///
/// Function is unsafe due to raw pointer usage - a null pointer could be passed in. Usage of
/// !raw_pointer.is_null() checks should prevent unsafe behavior but the caller should ensure no
/// null pointers are passed.
#[cfg(any(target_os = "android", target_os = "linux"))]
#[no_mangle]
pub unsafe extern "C" fn crosvm_client_balloon_vms_wait_with_timeout(
@ -710,6 +716,12 @@ pub unsafe extern "C" fn crosvm_client_balloon_stats(
}
/// See crosvm_client_balloon_stats.
///
/// # Safety
///
/// Function is unsafe due to raw pointer usage - a null pointer could be passed in. Usage of
/// !raw_pointer.is_null() checks should prevent unsafe behavior but the caller should ensure no
/// null pointers are passed.
#[cfg(any(target_os = "android", target_os = "linux"))]
#[no_mangle]
pub unsafe extern "C" fn crosvm_client_balloon_stats_with_timeout(

1
crosvm_plugin/src/lib.rs
View file

@ -5,6 +5,7 @@
#![cfg(any(target_os = "android", target_os = "linux"))]
#![cfg(target_arch = "x86_64")]
#![allow(non_camel_case_types)]
#![allow(clippy::missing_safety_doc)]
//! This module implements the dynamically loaded client library API used by a crosvm plugin,
//! defined in `crosvm.h`. It implements the client half of the plugin protocol, which is defined in

2
devices/src/usb/xhci/xhci_abi.rs
View file

@ -682,6 +682,8 @@ impl TypedTrb for PortStatusChangeEventTrb {
const TY: TrbType = TrbType::PortStatusChangeEvent;
}
/// # Safety
///
/// All trb structs have the same size. One trb could be safely casted to another, though the
/// values might be invalid.
pub unsafe trait TrbCast: FromBytes + AsBytes + TypedTrb {

9
devices/src/vfio.rs
View file

@ -383,6 +383,9 @@ impl VfioContainer {
}
}
/// # Safety
///
/// The caller is responsible for determining the safety of the VFIO_IOMMU_MAP_DMA ioctl.
pub unsafe fn vfio_dma_map(
&self,
iova: u64,
@ -401,6 +404,9 @@ impl VfioContainer {
}
}
/// # Safety
///
/// The caller is responsible for determining the safety of the VFIO_IOMMU_MAP_DMA ioctl.
unsafe fn vfio_iommu_type1_dma_map(
&self,
iova: u64,
@ -1824,6 +1830,9 @@ impl VfioDevice {
}
/// Add (iova, user_addr) map into vfio container iommu table
/// # Safety
///
/// The caller is responsible for determining the safety of the VFIO_IOMMU_MAP_DMA ioctl.
pub unsafe fn vfio_dma_map(
&self,
iova: u64,

5
net_util/src/lib.rs
View file

@ -202,6 +202,11 @@ pub trait TapTCommon: Read + Write + AsRawDescriptor + Send + Sized {
fn try_clone(&self) -> Result<Self>;
/// Convert raw descriptor to
///
/// # Safety
///
/// Caller must ensure that RawDescriptor stays valid as long as the lifetime
/// of Self.
unsafe fn from_raw_descriptor(descriptor: RawDescriptor) -> Result<Self>;
}

4
rutabaga_gfx/src/rutabaga_os/mod.rs
View file

@ -17,6 +17,10 @@ pub use shm::SharedMemory;
pub use sys::platform::descriptor::RawDescriptor;
pub use sys::platform::shm::round_up_to_page_size;
/// # Safety
///
/// Caller must ensure that MappedRegion's lifetime contains the lifetime of
/// pointer returned.
pub unsafe trait MappedRegion: Send + Sync {
/// Returns a pointer to the beginning of the memory region. Should only be
/// used for passing this region to ioctls for setting guest memory.

16
usb_sys/src/lib.rs
View file

@ -29,18 +29,34 @@ impl<T> __IncompleteArrayField<T> {
pub fn new() -> Self {
__IncompleteArrayField(::std::marker::PhantomData)
}
/// # Safety
///
/// Caller must ensure that Self's size and alignment requirements matches
/// those of `T`s.
#[inline]
pub unsafe fn as_ptr(&self) -> *const T {
::std::mem::transmute(self)
}
/// # Safety
///
/// Caller must ensure that Self's size and alignment requirements matches
/// those of `T`s.
#[inline]
pub unsafe fn as_mut_ptr(&mut self) -> *mut T {
::std::mem::transmute(self)
}
/// # Safety
///
/// Caller must ensure that Self's size and alignment requirements matches
/// those of `T`s.
#[inline]
pub unsafe fn as_slice(&self, len: usize) -> &[T] {
::std::slice::from_raw_parts(self.as_ptr(), len)
}
/// # Safety
///
/// Caller must ensure that Self's size and alignment requirements matches
/// those of `T`s.
#[inline]
pub unsafe fn as_mut_slice(&mut self, len: usize) -> &mut [T] {
::std::slice::from_raw_parts_mut(self.as_mut_ptr(), len)

8
vfio_sys/src/plat.rs
View file

@ -23,10 +23,18 @@ impl<T> __IncompleteArrayField<T> {
pub fn as_mut_ptr(&mut self) -> *mut T {
self as *mut _ as *mut T
}
/// # Safety
///
/// Caller must ensure that Self's size and alignment requirements match
/// those of `T`'s.
#[inline]
pub unsafe fn as_slice(&self, len: usize) -> &[T] {
::std::slice::from_raw_parts(self.as_ptr(), len)
}
/// # Safety
///
/// Caller must ensure that Self's size and alignment requirements match
/// those of `T`'s.
#[inline]
pub unsafe fn as_mut_slice(&mut self, len: usize) -> &mut [T] {
::std::slice::from_raw_parts_mut(self.as_mut_ptr(), len)

16
x86_64/src/bootparam.rs
View file

@ -28,19 +28,35 @@ impl<T> __IncompleteArrayField<T> {
pub fn new() -> Self {
__IncompleteArrayField(::std::marker::PhantomData, [])
}
/// # Safety
///
/// Caller must ensure that Self`s size, alignment and lifetime are
/// compatible with returned values requirements.
#[inline]
pub unsafe fn as_ptr(&self) -> *const T {
::std::mem::transmute(self)
}
/// # Safety
///
/// Caller must ensure that Self`s size, alignment and lifetime are
/// compatible with returned values requirements.
#[inline]
pub unsafe fn as_mut_ptr(&mut self) -> *mut T {
::std::mem::transmute(self)
}
/// # Safety
///
/// Caller must ensure that Self`s size, alignment and lifetime are
/// compatible with returned values requirements.
#[inline]
pub unsafe fn as_slice(&self, len: usize) -> &[T] {
::std::slice::from_raw_parts(self.as_ptr(), len)
}
#[inline]
/// # Safety
///
/// Caller must ensure that Self`s size, alignment and lifetime are
/// compatible with returned values requirements.
pub unsafe fn as_mut_slice(&mut self, len: usize) -> &mut [T] {
::std::slice::from_raw_parts_mut(self.as_mut_ptr(), len)
}