mark blocks inside unsafe fns unsafe

In edition 2024 unsafe code inside unsafe functions has to be explicitly marked as such. Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
2025-08-13 14:11:10 +00:00 · 2025-03-04 15:40:45 +01:00 · 2025-03-04 15:40:45 +01:00 · 51c3a31115
commit 51c3a31115
parent 9be42ea5ad
5 changed files with 40 additions and 36 deletions
--- a/proxmox-shared-memory/src/lib.rs
+++ b/proxmox-shared-memory/src/lib.rs
@ -201,7 +201,7 @@ impl<T: Sized + Init> SharedMemory<T> {
 /// This calls `Init::initialize`, it is up to the user to ensure this is safe. The value should
 /// not have been initialized at this point.
 pub unsafe fn initialize_subtype<T: Init>(this: &mut T) {
-    let data: &mut MaybeUninit<T> = std::mem::transmute(this);
+    let data: &mut MaybeUninit<T> = unsafe { std::mem::transmute(this) };
    Init::initialize(data);
 }

@ -211,6 +211,6 @@ pub unsafe fn initialize_subtype<T: Init>(this: &mut T) {
 ///
 /// This calls `Init::check_type_magic`, it is up to the user to ensure this is safe.
 pub unsafe fn check_subtype<T: Init>(this: &T) -> Result<(), Error> {
-    let data: &MaybeUninit<T> = std::mem::transmute(this);
+    let data: &MaybeUninit<T> = unsafe { std::mem::transmute(this) };
    Init::check_type_magic(data)
 }
--- a/proxmox-shared-memory/src/raw_shared_mutex.rs
+++ b/proxmox-shared-memory/src/raw_shared_mutex.rs
@ -19,31 +19,33 @@ impl RawSharedMutex {
    #[inline]
    pub unsafe fn init(&mut self) {
        let mut attr = MaybeUninit::<libc::pthread_mutexattr_t>::uninit();
-        cvt_nz(libc::pthread_mutexattr_init(attr.as_mut_ptr())).unwrap();
-        let attr = PthreadMutexAttr(&mut attr);
-        cvt_nz(libc::pthread_mutexattr_settype(
-            attr.0.as_mut_ptr(),
-            libc::PTHREAD_MUTEX_NORMAL,
-        ))
-        .unwrap();
-        cvt_nz(libc::pthread_mutexattr_setpshared(
-            attr.0.as_mut_ptr(),
-            libc::PTHREAD_PROCESS_SHARED,
-        ))
-        .unwrap();
-        cvt_nz(libc::pthread_mutexattr_setrobust(
-            attr.0.as_mut_ptr(),
-            libc::PTHREAD_MUTEX_ROBUST,
-        ))
-        .unwrap();
-        cvt_nz(libc::pthread_mutex_init(self.inner.get(), attr.0.as_ptr())).unwrap();
+        unsafe {
+            cvt_nz(libc::pthread_mutexattr_init(attr.as_mut_ptr())).unwrap();
+            let attr = PthreadMutexAttr(&mut attr);
+            cvt_nz(libc::pthread_mutexattr_settype(
+                attr.0.as_mut_ptr(),
+                libc::PTHREAD_MUTEX_NORMAL,
+            ))
+            .unwrap();
+            cvt_nz(libc::pthread_mutexattr_setpshared(
+                attr.0.as_mut_ptr(),
+                libc::PTHREAD_PROCESS_SHARED,
+            ))
+            .unwrap();
+            cvt_nz(libc::pthread_mutexattr_setrobust(
+                attr.0.as_mut_ptr(),
+                libc::PTHREAD_MUTEX_ROBUST,
+            ))
+            .unwrap();
+            cvt_nz(libc::pthread_mutex_init(self.inner.get(), attr.0.as_ptr())).unwrap();
+        }
    }

    #[inline]
    pub unsafe fn lock(&self) {
-        let mut r = libc::pthread_mutex_lock(self.inner.get());
+        let mut r = unsafe { libc::pthread_mutex_lock(self.inner.get()) };
        if r == libc::EOWNERDEAD {
-            r = libc::pthread_mutex_consistent(self.inner.get());
+            r = unsafe { libc::pthread_mutex_consistent(self.inner.get()) };
        }

        debug_assert_eq!(r, 0);
@ -51,15 +53,15 @@ impl RawSharedMutex {

    #[inline]
    pub unsafe fn unlock(&self) {
-        let r = libc::pthread_mutex_unlock(self.inner.get());
+        let r = unsafe { libc::pthread_mutex_unlock(self.inner.get()) };
        debug_assert_eq!(r, 0);
    }

    #[inline]
    pub unsafe fn try_lock(&self) -> bool {
-        let mut r = libc::pthread_mutex_trylock(self.inner.get());
+        let mut r = unsafe { libc::pthread_mutex_trylock(self.inner.get()) };
        if r == libc::EOWNERDEAD {
-            r = libc::pthread_mutex_consistent(self.inner.get());
+            r = unsafe { libc::pthread_mutex_consistent(self.inner.get()) };
        }

        r == 0
--- a/proxmox-sys/src/fs/read_dir.rs
+++ b/proxmox-sys/src/fs/read_dir.rs
@ -79,7 +79,7 @@ impl ReadDirEntry {
    /// It is up to the user to ensure that the file name is valid utf-8 *before* calling this
    /// method.
    pub unsafe fn file_name_utf8_unchecked(&self) -> &str {
-        std::str::from_utf8_unchecked(self.file_name().to_bytes())
+        unsafe { std::str::from_utf8_unchecked(self.file_name().to_bytes()) }
    }
 }

--- a/proxmox-sys/src/linux/pid.rs
+++ b/proxmox-sys/src/linux/pid.rs
@ -24,7 +24,7 @@ pub const SYS_pidfd_open: libc::c_long = 434;
 pub const SYS_pidfd_send_signal: libc::c_long = 424;

 unsafe fn pidfd_open(pid: libc::pid_t, flags: libc::c_uint) -> libc::c_long {
-    libc::syscall(SYS_pidfd_open, pid, flags)
+    unsafe { libc::syscall(SYS_pidfd_open, pid, flags) }
 }

 unsafe fn pidfd_send_signal(
@ -33,7 +33,7 @@ unsafe fn pidfd_send_signal(
    info: *mut libc::siginfo_t,
    flags: libc::c_uint,
 ) -> libc::c_long {
-    libc::syscall(SYS_pidfd_send_signal, pidfd, sig, info, flags)
+    unsafe { libc::syscall(SYS_pidfd_send_signal, pidfd, sig, info, flags) }
 }

 /// File descriptor reference to a process.
--- a/proxmox-sys/src/mmap.rs
+++ b/proxmox-sys/src/mmap.rs
@ -38,14 +38,16 @@ impl<T> Mmap<T> {

        // libc::size_t vs usize
        #[allow(clippy::useless_conversion)]
-        let data = mman::mmap(
-            None,
-            byte_len,
-            prot,
-            flags,
-            fd,
-            libc::off_t::try_from(ofs).map_err(io::Error::other)?,
-        )
+        let data = unsafe {
+            mman::mmap(
+                None,
+                byte_len,
+                prot,
+                flags,
+                fd,
+                libc::off_t::try_from(ofs).map_err(io::Error::other)?,
+            )
+        }
        .map_err(SysError::into_io_error)?;

        Ok(Self {