[PATCH v3 2/2] rust: disallow use of `CStr::as_ptr` and `CStr::from_ptr`

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Gary Guo <gary@kernel.org>
To: "Miguel Ojeda" <ojeda@kernel.org>,
	"Boqun Feng" <boqun@kernel.org>, "Gary Guo" <gary@garyguo.net>,
	"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
	"Benno Lossin" <lossin@kernel.org>,
	"Andreas Hindborg" <a.hindborg@kernel.org>,
	"Alice Ryhl" <aliceryhl@google.com>,
	"Trevor Gross" <tmgross@umich.edu>,
	"Danilo Krummrich" <dakr@kernel.org>,
	"Panagiotis Foliadis" <pfoliadis@posteo.net>,
	"Shankari Anand" <shankari.ak0208@gmail.com>,
	"FUJITA Tomonori" <fujita.tomonori@gmail.com>,
	"Tamir Duberstein" <tamird@kernel.org>
Cc: kernel test robot <lkp@intel.com>,
	rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v3 2/2] rust: disallow use of `CStr::as_ptr` and `CStr::from_ptr`
Date: Tue,  3 Feb 2026 13:06:27 +0000	[thread overview]
Message-ID: <20260203130745.868762-2-gary@kernel.org> (raw)
In-Reply-To: <20260203130745.868762-1-gary@kernel.org>

From: Gary Guo <gary@garyguo.net>

As kernel always use unsigned char and not the platform ABI's default, an
user should always use `as_char_ptr` provided via `CStrExt` instead.
Therefore configure `disallow-methods` feature of clippy to catch incorrect
usage.

Similarly, the dual `from_ptr` is also disallowed.

Signed-off-by: Gary Guo <gary@garyguo.net>
---
Changes since v2:
- Also disallow `CStr::from_ptr`
---
 .clippy.toml       | 10 ++++++++++
 rust/kernel/str.rs |  3 +++
 2 files changed, 13 insertions(+)

diff --git a/.clippy.toml b/.clippy.toml
index 137f41d203de..a51de9a46380 100644
--- a/.clippy.toml
+++ b/.clippy.toml
@@ -9,3 +9,13 @@ disallowed-macros = [
     # it here, see: https://github.com/rust-lang/rust-clippy/issues/11303.
     { path = "kernel::dbg", reason = "the `dbg!` macro is intended as a debugging tool", allow-invalid = true },
 ]
+
+[[disallowed-methods]]
+path = "core::ffi::CStr::as_ptr"
+replacement = "kernel::prelude::CStrExt::as_char_ptr"
+reason = "kernel's `char` is always unsigned, use `as_char_ptr` instead"
+
+[[disallowed-methods]]
+path = "core::ffi::CStr::from_ptr"
+replacement = "kernel::prelude::CStrExt::from_char_ptr"
+reason = "kernel's `char` is always unsigned, use `from_char_ptr` instead"
diff --git a/rust/kernel/str.rs b/rust/kernel/str.rs
index fa87779d2253..97bf9427af59 100644
--- a/rust/kernel/str.rs
+++ b/rust/kernel/str.rs
@@ -189,6 +189,7 @@ macro_rules! b_str {
 //
 // - error[E0379]: functions in trait impls cannot be declared const
 #[inline]
+#[expect(clippy::disallowed_methods, reason = "internal implementation")]
 pub const fn as_char_ptr_in_const_context(c_str: &CStr) -> *const c_char {
     c_str.as_ptr().cast()
 }
@@ -319,6 +320,7 @@ unsafe fn to_bytes_mut(s: &mut CStr) -> &mut [u8] {
 
 impl CStrExt for CStr {
     #[inline]
+    #[expect(clippy::disallowed_methods, reason = "internal implementation")]
     unsafe fn from_char_ptr<'a>(ptr: *const c_char) -> &'a Self {
         // SAFETY: The safety preconditions are the same as for `CStr::from_ptr`.
         unsafe { CStr::from_ptr(ptr.cast()) }
@@ -334,6 +336,7 @@ unsafe fn from_bytes_with_nul_unchecked_mut(bytes: &mut [u8]) -> &mut Self {
     }
 
     #[inline]
+    #[expect(clippy::disallowed_methods, reason = "internal implementation")]
     fn as_char_ptr(&self) -> *const c_char {
         self.as_ptr().cast()
     }
-- 
2.51.2

next prev parent reply	other threads:[~2026-02-03 13:08 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-02-03 13:06 [PATCH v3 1/2] rust: task: use `as_char_ptr` instead of `as_ptr().cast()` Gary Guo
2026-02-03 13:06 ` Gary Guo [this message]
2026-02-03 15:14   ` [PATCH v3 2/2] rust: disallow use of `CStr::as_ptr` and `CStr::from_ptr` Tamir Duberstein
2026-03-11  5:45 ` [PATCH v3 1/2] rust: task: use `as_char_ptr` instead of `as_ptr().cast()` Miguel Ojeda

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:137f41d203d dfblob:a51de9a4638 dfblob:fa87779d225
dfblob:97bf9427af5 )
 OR (
bs:"[PATCH v3 2/2] rust: disallow use of `CStr::as_ptr` and `CStr::from_ptr`" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260203130745.868762-2-gary@kernel.org \
    --to=gary@kernel.org \
    --cc=a.hindborg@kernel.org \
    --cc=aliceryhl@google.com \
    --cc=bjorn3_gh@protonmail.com \
    --cc=boqun@kernel.org \
    --cc=dakr@kernel.org \
    --cc=fujita.tomonori@gmail.com \
    --cc=gary@garyguo.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lkp@intel.com \
    --cc=lossin@kernel.org \
    --cc=ojeda@kernel.org \
    --cc=pfoliadis@posteo.net \
    --cc=rust-for-linux@vger.kernel.org \
    --cc=shankari.ak0208@gmail.com \
    --cc=tamird@kernel.org \
    --cc=tmgross@umich.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.