From: Danilo Krummrich <dakr@redhat.com>
To: mcgrof@kernel.org, russ.weight@linux.dev, gregkh@linuxfoundation.org
Cc: linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org,
Danilo Krummrich <dakr@redhat.com>,
Benno Lossin <benno.lossin@proton.me>
Subject: [PATCH 1/3] firmware: rust: improve safety comments
Date: Wed, 19 Jun 2024 15:20:12 +0200 [thread overview]
Message-ID: <20240619132029.59296-1-dakr@redhat.com> (raw)
Improve the wording of safety comments to be more explicit about what
exactly is guaranteed to be valid.
Suggested-by: Benno Lossin <benno.lossin@proton.me>
Signed-off-by: Danilo Krummrich <dakr@redhat.com>
---
rust/kernel/firmware.rs | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/rust/kernel/firmware.rs b/rust/kernel/firmware.rs
index b55ea1b45368..386c8fb44785 100644
--- a/rust/kernel/firmware.rs
+++ b/rust/kernel/firmware.rs
@@ -22,8 +22,7 @@
///
/// The pointer is valid, and has ownership over the instance of `struct firmware`.
///
-/// Once requested, the `Firmware` backing buffer is not modified until it is freed when `Firmware`
-/// is dropped.
+/// The `Firmware`'s backing buffer is not modified.
///
/// # Examples
///
@@ -72,22 +71,22 @@ fn as_raw(&self) -> *mut bindings::firmware {
/// Returns the size of the requested firmware in bytes.
pub fn size(&self) -> usize {
- // SAFETY: Safe by the type invariant.
+ // SAFETY: `self.as_raw()` is valid by the type invariant.
unsafe { (*self.as_raw()).size }
}
/// Returns the requested firmware as `&[u8]`.
pub fn data(&self) -> &[u8] {
- // SAFETY: Safe by the type invariant. Additionally, `bindings::firmware` guarantees, if
- // successfully requested, that `bindings::firmware::data` has a size of
- // `bindings::firmware::size` bytes.
+ // SAFETY: `self.as_raw()` is valid by the type invariant. Additionally,
+ // `bindings::firmware` guarantees, if successfully requested, that
+ // `bindings::firmware::data` has a size of `bindings::firmware::size` bytes.
unsafe { core::slice::from_raw_parts((*self.as_raw()).data, self.size()) }
}
}
impl Drop for Firmware {
fn drop(&mut self) {
- // SAFETY: Safe by the type invariant.
+ // SAFETY: `self.as_raw()` is valid by the type invariant.
unsafe { bindings::release_firmware(self.as_raw()) };
}
}
base-commit: de6582833db0e695ba0c548e3cc2ad7dbb6aa260
--
2.45.1
next reply other threads:[~2024-06-19 13:21 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-19 13:20 Danilo Krummrich [this message]
2024-06-19 13:20 ` [PATCH 2/3] MAINTAINERS: add Rust FW abstractions to FIRMWARE LOADER Danilo Krummrich
2024-06-19 13:20 ` [PATCH 3/3] MAINTAINERS: add Danilo as FIRMWARE LOADER maintainer Danilo Krummrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240619132029.59296-1-dakr@redhat.com \
--to=dakr@redhat.com \
--cc=benno.lossin@proton.me \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=russ.weight@linux.dev \
--cc=rust-for-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).