Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rust: kernel: cleanup unsafe in unsafe fns warnings (E0133) #340

Closed
ojeda opened this issue Jun 3, 2021 · 8 comments · Fixed by #348
Closed

rust: kernel: cleanup unsafe in unsafe fns warnings (E0133) #340

ojeda opened this issue Jun 3, 2021 · 8 comments · Fixed by #348
Labels
good first issue Good for newcomers • lib Related to the `rust/` library.

Comments

@ojeda
Copy link
Member

ojeda commented Jun 3, 2021
edited
Loading

We enabled the warnings in #339 and we would like to move it to hard error, so we need to clean them up.

Any PR that cleans some of these is very much appreciated -- no need to do them all at once. Do not forget to add the relevant // SAFETY comment!

Current set (116 warnings) 

  --> rust/kernel/allocator.rs:17:9
17 |         bindings::krealloc(ptr::null(), layout.size(), bindings::GFP_KERNEL) as *mut u8
   |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

  --> rust/kernel/allocator.rs:21:9
21 |         bindings::kfree(ptr as *const c_types::c_void);
   |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

  --> rust/kernel/file_operations.rs:60:21
60 |         let table = &*self.ptr;
   |                     ^^^^^^^^^^ dereference of raw pointer

  --> rust/kernel/file_operations.rs:63:13
63 |             proc(file.ptr as _, cv.wait_list.get(), self.ptr)
   |             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

  --> rust/kernel/file_operations.rs:87:19
87 |         let arg = A::convert(inode, file);
   |                   ^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

  --> rust/kernel/file_operations.rs:88:27
88 |         let ptr = T::open(&*arg)?.into_pointer();
   |                           ^^^^^ dereference of raw pointer

  --> rust/kernel/file_operations.rs:89:9
89 |         (*file).private_data = ptr as *mut c_types::c_void;
   |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:101:24
101 |         let mut data = UserSlicePtr::new(buf as *mut c_types::c_void, len).writer();
    |                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/file_operations.rs:102:20
102 |         let f = &*((*file).private_data as *const T);
    |                    ^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:102:17
102 |         let f = &*((*file).private_data as *const T);
    |                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:105:28
105 |         let read = f.read(&FileRef::from_ptr(file), &mut data, (*offset).try_into()?)?;
    |                            ^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/file_operations.rs:105:64
105 |         let read = f.read(&FileRef::from_ptr(file), &mut data, (*offset).try_into()?)?;
    |                                                                ^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:106:9
106 |         (*offset) += bindings::loff_t::try_from(read).unwrap();
    |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:116:24
116 |         let mut iter = IovIter::from_ptr(raw_iter);
    |                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/file_operations.rs:117:20
117 |         let file = (*iocb).ki_filp;
    |                    ^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:118:22
118 |         let offset = (*iocb).ki_pos;
    |                      ^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:119:20
119 |         let f = &*((*file).private_data as *const T);
    |                    ^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:119:17
119 |         let f = &*((*file).private_data as *const T);
    |                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:120:28
120 |         let read = f.read(&FileRef::from_ptr(file), &mut iter, offset.try_into()?)?;
    |                            ^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/file_operations.rs:121:9
121 |         (*iocb).ki_pos += bindings::loff_t::try_from(read).unwrap();
    |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:133:24
133 |         let mut data = UserSlicePtr::new(buf as *mut c_types::c_void, len).reader();
    |                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/file_operations.rs:134:20
134 |         let f = &*((*file).private_data as *const T);
    |                    ^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:134:17
134 |         let f = &*((*file).private_data as *const T);
    |                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:137:32
137 |         let written = f.write(&FileRef::from_ptr(file), &mut data, (*offset).try_into()?)?;
    |                                ^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/file_operations.rs:137:68
137 |         let written = f.write(&FileRef::from_ptr(file), &mut data, (*offset).try_into()?)?;
    |                                                                    ^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:138:9
138 |         (*offset) += bindings::loff_t::try_from(written).unwrap();
    |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:148:24
148 |         let mut iter = IovIter::from_ptr(raw_iter);
    |                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/file_operations.rs:149:20
149 |         let file = (*iocb).ki_filp;
    |                    ^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:150:22
150 |         let offset = (*iocb).ki_pos;
    |                      ^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:151:20
151 |         let f = &*((*file).private_data as *const T);
    |                    ^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:151:17
151 |         let f = &*((*file).private_data as *const T);
    |                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:152:32
152 |         let written = f.write(&FileRef::from_ptr(file), &mut iter, offset.try_into()?)?;
    |                                ^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/file_operations.rs:153:9
153 |         (*iocb).ki_pos += bindings::loff_t::try_from(written).unwrap();
    |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:162:28
162 |     let ptr = mem::replace(&mut (*file).private_data, ptr::null_mut());
    |                            ^^^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:163:16
163 |     T::release(T::Wrapper::from_pointer(ptr as _), &FileRef::from_ptr(file));
    |                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/file_operations.rs:163:53
163 |     T::release(T::Wrapper::from_pointer(ptr as _), &FileRef::from_ptr(file));
    |                                                     ^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/file_operations.rs:179:20
179 |         let f = &*((*file).private_data as *const T);
    |                    ^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:179:17
179 |         let f = &*((*file).private_data as *const T);
    |                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:180:27
180 |         let off = f.seek(&FileRef::from_ptr(file), off)?;
    |                           ^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/file_operations.rs:191:20
191 |         let f = &*((*file).private_data as *const T);
    |                    ^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:191:17
191 |         let f = &*((*file).private_data as *const T);
    |                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:194:28
194 |         let ret = f.ioctl(&FileRef::from_ptr(file), &mut cmd)?;
    |                            ^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/file_operations.rs:205:20
205 |         let f = &*((*file).private_data as *const T);
    |                    ^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:205:17
205 |         let f = &*((*file).private_data as *const T);
    |                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:208:35
208 |         let ret = f.compat_ioctl(&FileRef::from_ptr(file), &mut cmd)?;
    |                                   ^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/file_operations.rs:218:20
218 |         let f = &*((*file).private_data as *const T);
    |                    ^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:218:17
218 |         let f = &*((*file).private_data as *const T);
    |                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:219:17
219 |         f.mmap(&FileRef::from_ptr(file), &mut *vma)?;
    |                 ^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/file_operations.rs:219:42
219 |         f.mmap(&FileRef::from_ptr(file), &mut *vma)?;
    |                                          ^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:234:20
234 |         let f = &*((*file).private_data as *const T);
    |                    ^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:234:17
234 |         let f = &*((*file).private_data as *const T);
    |                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:235:28
235 |         let res = f.fsync(&FileRef::from_ptr(file), start, end, datasync)?;
    |                            ^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/file_operations.rs:244:16
244 |     let f = &*((*file).private_data as *const T);
    |                ^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:244:13
244 |     let f = &*((*file).private_data as *const T);
    |             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/file_operations.rs:245:19
245 |     match f.poll(&FileRef::from_ptr(file), &PollTable::from_ptr(wait)) {
    |                   ^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/file_operations.rs:245:45
245 |     match f.poll(&FileRef::from_ptr(file), &PollTable::from_ptr(wait)) {
    |                                             ^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

  --> rust/kernel/miscdev.rs:88:40
88 |         let reg = crate::container_of!((*file).private_data, Self, mdev);
   |                                        ^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/lib.rs:213:9
213 |         ($ptr as *const _ as *const u8).offset(-offset) as *const $type
    |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function
    | 
   ::: rust/kernel/miscdev.rs:88:19
88  |         let reg = crate::container_of!((*file).private_data, Self, mdev);
    |                   ------------------------------------------------------ in this macro invocation

  --> rust/kernel/miscdev.rs:89:9
89 |         &(*reg).context
   |         ^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/pages.rs:110:19
110 |         ptr::copy((mapping.ptr as *mut u8).add(offset), dest, len);
    |                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/pages.rs:110:9
110 |         ptr::copy((mapping.ptr as *mut u8).add(offset), dest, len);
    |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/pages.rs:130:24
130 |         ptr::copy(src, (mapping.ptr as *mut u8).add(offset), len);
    |                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/pages.rs:130:9
130 |         ptr::copy(src, (mapping.ptr as *mut u8).add(offset), len);
    |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

  --> rust/kernel/str.rs:92:19
92 |         let len = bindings::strlen(ptr) + 1;
   |                   ^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

  --> rust/kernel/str.rs:93:45
93 |         Self::from_bytes_with_nul_unchecked(core::slice::from_raw_parts(ptr as _, len as _))
   |                                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

  --> rust/kernel/str.rs:93:9
93 |         Self::from_bytes_with_nul_unchecked(core::slice::from_raw_parts(ptr as _, len as _))
   |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/str.rs:147:9
147 |         &*(bytes as *const [u8] as *const Self)
    |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

  --> rust/kernel/linked_list.rs:36:9
36 |         Box::from_raw(ptr.as_ptr())
   |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

  --> rust/kernel/linked_list.rs:50:9
50 |         Arc::from_raw(ptr.as_ptr())
   |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

  --> rust/kernel/linked_list.rs:64:9
64 |         &*ptr.as_ptr()
   |         ^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/linked_list.rs:152:21
152 |         let entry = &*existing.as_ptr();
    |                     ^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/linked_list.rs:153:43
153 |         if !self.list.insert_after(entry, ptr.as_ref()) {
    |                                           ^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/linked_list.rs:153:13
153 |         if !self.list.insert_after(entry, ptr.as_ref()) {
    |             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/linked_list.rs:155:13
155 |             G::Wrapped::from_pointer(ptr);
    |             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/linked_list.rs:167:12
167 |         if self.list.remove(entry_ref) {
    |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/linked_list.rs:168:18
168 |             Some(G::Wrapped::from_pointer(NonNull::from(entry_ref)))
    |                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/raw_list.rs:135:25
135 |         let new_entry = &mut *links.entry.get();
    |                         ^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

  --> rust/kernel/module_param.rs:74:18
74 |             Some(CStr::from_char_ptr(val).as_bytes())
   |                  ^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

  --> rust/kernel/module_param.rs:78:33
78 |                 let old_value = (*param).__bindgen_anon_1.arg as *mut Self;
   |                                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

  --> rust/kernel/module_param.rs:78:33
78 |                 let old_value = (*param).__bindgen_anon_1.arg as *mut Self;
   |                                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ access to union field

  --> rust/kernel/module_param.rs:79:25
79 |                 let _ = core::ptr::replace(old_value, new_value);
   |                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

  --> rust/kernel/module_param.rs:98:21
98 |         let slice = core::slice::from_raw_parts_mut(buf as *mut u8, crate::PAGE_SIZE);
   |                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/module_param.rs:100:37
100 |         match write!(buf, "{}\0", *((*param).__bindgen_anon_1.arg as *mut Self)) {
    |                                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/module_param.rs:100:37
100 |         match write!(buf, "{}\0", *((*param).__bindgen_anon_1.arg as *mut Self)) {
    |                                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ access to union field

   --> rust/kernel/module_param.rs:100:35
100 |         match write!(buf, "{}\0", *((*param).__bindgen_anon_1.arg as *mut Self)) {
    |                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/module_param.rs:114:9
114 |         core::ptr::drop_in_place(arg as *mut Self);
    |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

  --> rust/kernel/print.rs:56:25
56 |     let _ = w.write_fmt(*(ptr as *const fmt::Arguments<'_>));
   |                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/print.rs:135:5
135 | /     bindings::printk(
136 | |         format_string.as_ptr() as _,
137 | |         module_name.as_ptr(),
138 | |         &args as *const _ as *const c_void,
139 | |     );
    | |_____^ call to unsafe function

   --> rust/kernel/sync/condvar.rs:135:9
135 |         bindings::__init_waitqueue_head(self.wait_list.get(), name.as_char_ptr(), key);
    |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

  --> rust/kernel/sync/mutex.rs:76:9
76 |         bindings::__mutex_init(self.mutex.get(), name.as_char_ptr(), key);
   |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

  --> rust/kernel/sync/mutex.rs:96:9
96 |         bindings::mutex_unlock(self.mutex.get());
   |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

  --> rust/kernel/sync/spinlock.rs:90:9
90 |         rust_helper_spin_lock_init(self.spin_lock.get(), name.as_char_ptr(), key);
   |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/sync/spinlock.rs:103:9
103 |         rust_helper_spin_unlock(self.spin_lock.get());
    |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/sysctl.rs:106:8
106 |     if *ppos != 0 && write == 0 {
    |        ^^^^^ dereference of raw pointer

   --> rust/kernel/sysctl.rs:107:9
107 |         *len = 0;
    |         ^^^^^^^^ dereference of raw pointer

   --> rust/kernel/sysctl.rs:111:42
111 |     let data = UserSlicePtr::new(buffer, *len);
    |                                          ^^^^ dereference of raw pointer

   --> rust/kernel/sysctl.rs:111:16
111 |     let data = UserSlicePtr::new(buffer, *len);
    |                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/sysctl.rs:112:22
112 |     let storage = &*((*ctl).data as *const T);
    |                      ^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/sysctl.rs:112:19
112 |     let storage = &*((*ctl).data as *const T);
    |                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/sysctl.rs:123:5
123 |     *len = bytes_processed;
    |     ^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

   --> rust/kernel/sysctl.rs:124:14
124 |     *ppos += *len as bindings::loff_t;
    |              ^^^^ dereference of raw pointer

   --> rust/kernel/sysctl.rs:124:5
124 |     *ppos += *len as bindings::loff_t;
    |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer

  --> rust/kernel/iov_iter.rs:73:19
73 |         let res = rust_helper_copy_to_iter(data as _, len, self.ptr);
   |                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

  --> rust/kernel/iov_iter.rs:88:19
88 |         let res = rust_helper_copy_from_iter(out as _, len, self.ptr);
   |                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

  --> rust/kernel/of.rs:72:14
72 |         Self(InnerTable::from_pointer(p))
   |              ^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

  --> rust/kernel/types.rs:57:9
57 |         Box::from_raw(ptr as _)
   |         ^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

  --> rust/kernel/types.rs:67:9
67 |         Ref::from_raw(ptr as _)
   |         ^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

  --> rust/kernel/types.rs:77:9
77 |         Arc::from_raw(ptr as _)
   |         ^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

  --> rust/kernel/types.rs:91:28
91 |         Pin::new_unchecked(T::from_pointer(p))
   |                            ^^^^^^^^^^^^^^^^^^ call to unsafe function

  --> rust/kernel/types.rs:91:9
91 |         Pin::new_unchecked(T::from_pointer(p))
   |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/user_ptr.rs:133:19
133 |         let res = rust_helper_copy_from_user(out as _, self.0, len as _);
    |                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> rust/kernel/user_ptr.rs:180:19
180 |         let res = rust_helper_copy_to_user(self.0, data as _, len as _);
    |                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> /home/runner/work/linux/linux/rust/bindings_generated.rs:102:9
102 |         ::core::slice::from_raw_parts(self.as_ptr(), len)
    |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> /home/runner/work/linux/linux/rust/bindings_generated.rs:106:9
106 |         ::core::slice::from_raw_parts_mut(self.as_mut_ptr(), len)
    |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> /home/runner/work/linux/linux/rust/bindings_generated.rs:123:9
123 |         ::core::mem::transmute(self)
    |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

   --> /home/runner/work/linux/linux/rust/bindings_generated.rs:127:9
127 |         ::core::mem::transmute(self)
    |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function

@ojeda ojeda added • lib Related to the `rust/` library. prio: high good first issue Good for newcomers labels Jun 3, 2021
@ojeda ojeda mentioned this issue Jun 3, 2021
Merged
@nbdd0121 nbdd0121 mentioned this issue Jun 3, 2021
Merged
@TheSven73
Copy link
Collaborator

Do not forget to add the relevant // SAFETY comment!

Doesn't that belong in a separate PR? Because if we add // SAFETY that wasn't there before, then we don't just fix the warnings, we're adding stuff as well? And there appear to be plenty of unsafe sections without a // SAFETY annotation, even outside of unsafe functions?

@nbdd0121
Copy link
Member

nbdd0121 commented Jun 3, 2021

Doesn't that belong in a separate PR? Because if we add // SAFETY that wasn't there before, then we don't just fix the warnings, we're adding stuff as well? And there appear to be plenty of unsafe sections without a // SAFETY annotation, even outside of unsafe functions?

The intention of having unsafe_op_in_unsafe_fn is to force all unsafe operations to be explicit and commented, so it should be the same PR; essentially we are trying to have people auditing all unsafe usages rather than just simply mute the warnings :)

@ojeda
Copy link
Member Author

ojeda commented Jun 3, 2021
edited
Loading

Doesn't that belong in a separate PR? Because if we add // SAFETY that wasn't there before, then we don't just fix the warnings, we're adding stuff as well?

Well, it is "just" comments. The idea is that we take the time to write and review the // SAFETY comment in the PRs for this, which is the main time sink (i.e. if it was just adding unsafe, I would have done in the same PR since that is just mechanical).

And there appear to be plenty of unsafe sections without a // SAFETY annotation, even outside of unsafe functions?

Indeed, these need cleanup too. The plan has been to add a tidy script in the CI to flag any unsafe block without a // SAFETY comment. So we can finish these ones first, and then I will add the tidy script and we have another round cleaning those. Sounds good? :)

@TheSven73
Copy link
Collaborator

Sounds like a plan!

@ojeda
Copy link
Member Author

ojeda commented Jun 3, 2021

For bindgen ones: rust-lang/rust-bindgen#2063

@TheSven73 TheSven73 mentioned this issue Jun 4, 2021
Merged
@TheSven73
Copy link
Collaborator

@ojeda is there merit in carrying out this work in a dedicated feature branch? Silencing the unsafe warnings involves placing new // SAFETY comments, which in many cases requires careful reasoning and review. It will take some time.

But in the meantime, other contributors will run into >100 warnings when they build their PRs. This may inhibit further development. It was certainly problematic for me while working on #335.

Moving the warning fixes to a dedicated branch would allow parallelisation, which would be beneficial to all? At the end of the week you can just merge the feature branch into rust.

@ojeda
Copy link
Member Author

ojeda commented Jun 4, 2021

It is a fair point, specially since we already have people working on downstream repos.

Let's do the following: I will send a PR to add all the unsafe blocks without the comments, clearing the warnings and making it deny (that way we advance, without having to revert the commit). Then you can rebase the two PRs we have for cleanups since we have them already there and we can merge those soon too.

Then I will add a feature branch with the tidy script enabled, and mention we want volunteers for this in the meeting.

@TheSven73
Copy link
Collaborator

Great idea! I'm 100% on board with that.

@ojeda ojeda mentioned this issue Jun 4, 2021
Merged
@ojeda ojeda closed this as completed in #348 Jun 4, 2021
ojeda pushed a commit that referenced this issue Jun 4, 2021
rust: add safety annotations in of.rs and types.rs
c732624 
See #340

Signed-off-by: Sven Van Asbroeck <[email protected]>
foxhlchen pushed a commit to foxhlchen/linux that referenced this issue Jun 6, 2021
@foxhlchen
rust: add safety annotations in of.rs and types.rs
27d102f 
See Rust-for-Linux#340

Signed-off-by: Sven Van Asbroeck <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers • lib Related to the `rust/` library.
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Clean unsafe in unsafe fns warnings ojeda/linux
3 participants
@TheSven73 @ojeda @nbdd0121