pxcloud/vhost-device
5
0
Fork 0
mirror of https://github.com/rust-vmm/vhost-device.git synced 2025-12-28 16:29:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add SAFETY comments

Browse Source 
Add SAFETY comments to fix clippy warnings.

Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
This commit is contained in:
Viresh Kumar 2022-11-08 13:17:09 +05:30 committed by Viresh Kumar
parent 8171b62284
commit 56b9ef46bb
8 changed files with 40 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
crates/gpio/src/gpio.rs
View File

@ -87,6 +87,8 @@ pub(crate) struct VirtioGpioConfig {
pub(crate) gpio_names_size: Le32,
}
// SAFETY: The layout of the structure is fixed and can be initialized by
// reading its content from byte array.
unsafe impl ByteValued for VirtioGpioConfig {}
/// Trait that represents an GPIO Device.
@ -123,7 +125,11 @@ pub(crate) struct PhysDevice {
state: Vec<RwLock<PhysLineState>>,
}
// SAFETY: Safe as the structure can be sent to another thread.
unsafe impl Send for PhysDevice {}
// SAFETY: Safe as the structure can be shared with another thread as the state
// is protected with a lock.
unsafe impl Sync for PhysDevice {}
impl GpioDevice for PhysDevice {

10
crates/gpio/src/vhu_gpio.rs
View File

@ -92,6 +92,8 @@ struct VirtioGpioRequest {
gpio: Le16,
value: Le32,
}
// SAFETY: The layout of the structure is fixed and can be initialized by
// reading its content from byte array.
unsafe impl ByteValued for VirtioGpioRequest {}
/// Virtio GPIO IRQ Request / Response
@ -99,6 +101,8 @@ unsafe impl ByteValued for VirtioGpioRequest {}
struct VirtioGpioIrqRequest {
gpio: Le16,
}
// SAFETY: The layout of the structure is fixed and can be initialized by
// reading its content from byte array.
unsafe impl ByteValued for VirtioGpioIrqRequest {}
#[derive(Copy, Clone, Default)]
@ -106,6 +110,8 @@ struct VirtioGpioIrqResponse {
#[allow(dead_code)]
status: u8,
}
// SAFETY: The layout of the structure is fixed and can be initialized by
// reading its content from byte array.
unsafe impl ByteValued for VirtioGpioIrqResponse {}
/// Possible values of the interrupt status field
@ -401,6 +407,8 @@ impl<D: 'static + GpioDevice + Sync + Send> VhostUserBackendMut<VringRwLock, ()>
}
fn get_config(&self, offset: u32, size: u32) -> Vec<u8> {
// SAFETY: The layout of the structure is fixed and can be initialized by
// reading its content from byte array.
unsafe {
from_raw_parts(
self.controller
@ -1127,6 +1135,8 @@ mod tests {
assert_eq!(
backend.get_config(0, size_of::<VirtioGpioConfig>() as u32),
// SAFETY: The layout of the structure is fixed and can be initialized by
// reading its content from byte array.
unsafe {
from_raw_parts(
&config as *const _ as *const _,

12
crates/i2c/src/i2c.rs
View File

@ -145,12 +145,12 @@ union I2cSmbusData {
impl I2cSmbusData {
fn read_byte(&self) -> u8 {
// Safe as we will only read the relevant bytes
// SAFETY: Safe as we will only read the relevant bytes.
unsafe { self.byte }
}
fn read_word(&self) -> u16 {
// Safe as we will only read the relevant bytes
// SAFETY: Safe as we will only read the relevant bytes.
unsafe { self.word }
}
}
@ -342,7 +342,7 @@ impl I2cDevice for PhysDevice {
fn funcs(&mut self) -> Result<u64> {
let mut func: u64 = 0;
// Safe as the file is a valid I2C adapter, the kernel will only
// SAFETY: Safe as the file is a valid I2C adapter, the kernel will only
// update the correct amount of memory in func.
let ret = unsafe { ioctl(self.file.as_raw_fd(), I2C_FUNCS, &mut func) };
@ -375,7 +375,7 @@ impl I2cDevice for PhysDevice {
nmsgs: len as u32,
};
// Safe as the file is a valid I2C adapter, the kernel will only
// SAFETY: Safe as the file is a valid I2C adapter, the kernel will only
// update the correct amount of memory in data.
let ret = unsafe { ioctl(self.file.as_raw_fd(), I2C_RDWR, &mut data) };
@ -397,7 +397,7 @@ impl I2cDevice for PhysDevice {
},
};
// Safe as the file is a valid I2C adapter, the kernel will only
// SAFETY: Safe as the file is a valid I2C adapter, the kernel will only
// update the correct amount of memory in data.
let ret = unsafe { ioctl(self.file.as_raw_fd(), I2C_SMBUS, &mut smbus_data) };
@ -409,7 +409,7 @@ impl I2cDevice for PhysDevice {
}
fn slave(&self, addr: u64) -> Result<()> {
// Safe as the file is a valid I2C adapter.
// SAFETY: Safe as the file is a valid I2C adapter.
let ret = unsafe { ioctl(self.file.as_raw_fd(), I2C_SLAVE, addr as c_ulong) };
if ret == -1 {

4
crates/i2c/src/vhu_i2c.rs
View File

@ -84,6 +84,8 @@ struct VirtioI2cOutHdr {
padding: Le16,
flags: Le32,
}
// SAFETY: The layout of the structure is fixed and can be initialized by
// reading its content from byte array.
unsafe impl ByteValued for VirtioI2cOutHdr {}
/// VirtioI2cOutHdr Flags
@ -94,6 +96,8 @@ const VIRTIO_I2C_FLAGS_M_RD: u32 = 1 << 1;
struct VirtioI2cInHdr {
status: u8,
}
// SAFETY: The layout of the structure is fixed and can be initialized by
// reading its content from byte array.
unsafe impl ByteValued for VirtioI2cInHdr {}
pub(crate) struct VhostUserI2cBackend<D: I2cDevice> {

9
crates/vsock/src/thread_backend.rs
View File

@ -222,8 +222,12 @@ impl VsockThreadBackend {
.insert(ConnMapKey::new(pkt.dst_port(), pkt.src_port()), conn);
self.backend_rxq
.push_back(ConnMapKey::new(pkt.dst_port(), pkt.src_port()));
self.stream_map
.insert(stream_fd, unsafe { UnixStream::from_raw_fd(stream_fd) });
self.stream_map.insert(
stream_fd,
// SAFETY: Safe as the file descriptor is guaranteed to be valid.
unsafe { UnixStream::from_raw_fd(stream_fd) },
);
self.local_port_set.insert(pkt.dst_port());
VhostUserVsockThread::epoll_register(
@ -269,6 +273,7 @@ mod tests {
let mut pkt_raw = [0u8; PKT_HEADER_SIZE + DATA_LEN];
let (hdr_raw, data_raw) = pkt_raw.split_at_mut(PKT_HEADER_SIZE);
// SAFETY: Safe as hdr_raw and data_raw are guaranteed to be valid.
let mut packet = unsafe { VsockPacket::new(hdr_raw, Some(data_raw)).unwrap() };
assert_eq!(

4
crates/vsock/src/txbuf.rs
View File

@ -132,6 +132,7 @@ mod tests {
fn test_txbuf_push() {
let mut loc_tx_buf = LocalTxBuf::new();
let mut buf = [0; CONN_TX_BUF_SIZE as usize];
// SAFETY: Safe as the buffer is guaranteed to be valid here.
let data = unsafe { VolatileSlice::new(buf.as_mut_ptr(), buf.len()) };
// push data into empty tx buffer
@ -152,6 +153,7 @@ mod tests {
// only tail wraps at full
let mut buf = vec![1; 4];
// SAFETY: Safe as the buffer is guaranteed to be valid here.
let data = unsafe { VolatileSlice::new(buf.as_mut_ptr(), buf.len()) };
let mut cmp_data = vec![1; 4];
cmp_data.append(&mut vec![0; (CONN_TX_BUF_SIZE - 4) as usize]);
@ -170,6 +172,7 @@ mod tests {
// data to be flushed
let mut buf = vec![1; CONN_TX_BUF_SIZE as usize];
// SAFETY: Safe as the buffer is guaranteed to be valid here.
let data = unsafe { VolatileSlice::new(buf.as_mut_ptr(), buf.len()) };
// target to which data is flushed
@ -194,6 +197,7 @@ mod tests {
// wrapping head flush
let mut buf = vec![0; (CONN_TX_BUF_SIZE / 2) as usize];
buf.append(&mut vec![1; (CONN_TX_BUF_SIZE / 2) as usize]);
// SAFETY: Safe as the buffer is guaranteed to be valid here.
let data = unsafe { VolatileSlice::new(buf.as_mut_ptr(), buf.len()) };
loc_tx_buf.head = Wrapping(0);

2
crates/vsock/src/vhu_vsock.rs
View File

@ -196,6 +196,8 @@ struct VirtioVsockConfig {
pub guest_cid: Le64,
}
// SAFETY: The layout of the structure is fixed and can be initialized by
// reading its content from byte array.
unsafe impl ByteValued for VirtioVsockConfig {}
pub(crate) struct VhostUserVsockBackend {

1
crates/vsock/src/vhu_vsock_thread.rs
View File

@ -68,6 +68,7 @@ impl VhostUserVsockThread {
.map_err(Error::UnixBind)?;
let epoll_fd = epoll::create(true).map_err(Error::EpollFdCreate)?;
// SAFETY: Safe as the fd is guaranteed to be valid here.
let epoll_file = unsafe { File::from_raw_fd(epoll_fd) };
let host_raw_fd = host_sock.as_raw_fd();