Re: [PATCH v19 8/8] rust: page: add `from_raw()`

[sashiko-bot@kernel.org]

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [Medium] The `# Safety` documentation for `Page::from_raw` fails to require that `ptr` points to a valid kernel `struct page`.
--

commit 06f58b70c6165ba4fd1569c291c6f0d211dba674
Author: Andreas Hindborg <a.hindborg@kernel.org>

rust: page: add from_raw()

This commit adds a method to Page that allows construction of an instance
from a struct page pointer.

> diff --git a/rust/kernel/page.rs b/rust/kernel/page.rs
> --- a/rust/kernel/page.rs
> +++ b/rust/kernel/page.rs
[ ... ]
> +    /// Create a &Page from a raw struct page pointer.
> +    ///
> +    /// # Safety
> +    ///
> +    /// ptr must be convertible to a shared reference with a lifetime of 'a.
> +    #[inline]
> +    pub unsafe fn from_raw<'a>(ptr: *const bindings::page) -> &'a Self {

[Severity: Medium]
Does the safety documentation for from_raw() need to explicitly require
that ptr points to a valid kernel struct page?

The current safety requirements only demand that ptr is convertible to a
shared reference (non-null, aligned, valid memory). However, the internal
INVARIANT comment explicitly relies on ptr being a valid struct page.

Could a caller technically satisfy the safety requirements with a
stack-allocated or dummy struct page, but break the type invariant
and cause issues when methods like page_to_nid() are called later?

> +        // INVARIANT: By the function safety requirements, ptr refers to a valid struct page, so
> +        // the returned reference upholds the type invariant of Page.
> +        // SAFETY: By function safety requirements, ptr is not null and is convertible to a shared
> +        // reference.
> +        unsafe { &*ptr.cast() }
> +    }

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260626-unique-ref-v19-0-2607ca88dfdf@kernel.org?part=8