[PATCH] rust: kernel: introduce `unsafe_precondition_assert!` macro

[Ritvik Gupta <ritvikfoss@gmail.com>]

Introduce a new `safety` module containing `unsafe_precondition_assert!`
macro. It is a wrapper around `debug_assert!`, intended for validating
pre-conditions of unsafe code blocks and functions.

When `CONFIG_RUST_DEBUG_ASSERTIONS` flag is enabled, this macro
performs runtime checks to ensure that the pre-conditions for unsafe
blocks hold. In release builds, the macro is a no-op.

Suggested-by: Miguel Ojeda <ojeda@kernel.org>
Link: https://github.com/Rust-for-Linux/linux/issues/1162
Link: https://rust-for-linux.zulipchat.com/#narrow/channel/291566-Library/topic/.60unsafe_precondition_assert.60.20macro/with/528457452
Signed-off-by: Ritvik Gupta <ritvikfoss@gmail.com>
---
 rust/kernel/lib.rs    |  1 +
 rust/kernel/safety.rs | 42 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+)
 create mode 100644 rust/kernel/safety.rs

diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs
index f61ac6f81f5d..a242f993f89b 100644
--- a/rust/kernel/lib.rs
+++ b/rust/kernel/lib.rs
@@ -101,6 +101,7 @@
 pub mod print;
 pub mod rbtree;
 pub mod revocable;
+pub mod safety;
 pub mod security;
 pub mod seq_file;
 pub mod sizes;
diff --git a/rust/kernel/safety.rs b/rust/kernel/safety.rs
new file mode 100644
index 000000000000..a115faa52539
--- /dev/null
+++ b/rust/kernel/safety.rs
@@ -0,0 +1,42 @@
+// SPDX-License-Identifier: GPL-2.0
+
+//! This module contains the kernel APIs for verifying invariants
+//! required by the unsafe code.
+
+/// Checks that preconditions of an unsafe code are followed.
+///
+/// The check is enabled at runtime if debug assertions (`CONFIG_RUST_DEBUG_ASSERTIONS`)
+/// are enabled. In release builds, this macro is no-op.
+///
+/// # Examples
+///
+/// ```
+/// // SAFETY: The caller ensures the size and alignment
+/// unsafe fn transmute_array<const N: usize, T: Copy, U: Copy>(input: [T; N]) -> [U; N] {
+///     unsafe_precondition_assert!(
+///         core::mem::size_of::<T>() == core::mem::size_of::<U>(),
+///         "src and dst must have the same size"
+///     );
+///
+///     unsafe_precondition_assert!(
+///         core::mem::align_of::<T>() >= core::mem::align_of::<U>(),
+///         "src alignment must be compatible with dst alignment"
+///     );
+///
+///     core::mem::transmute_copy(&input)
+/// }
+/// ```
+///
+/// # Panics
+///
+/// This will invoke the [`panic!`] macro if the provided expression cannot be evaluated
+/// to true at runtime.
+#[macro_export]
+macro_rules! unsafe_precondition_assert {
+    ($($arg:tt)*) => {
+        if cfg!(debug_assertions) {
+            crate::pr_err!("unsafe precondition(s) violated");
+            ::core::assert!($($arg)*);
+        }
+    };
+}

base-commit: 8ecb65b7b68ea48350833ba59c1257718e859768
-- 
2.50.1