[pbs-devel] [PATCH proxmox 3/9] mark blocks inside unsafe fns unsafe
Maximiliano Sandoval
m.sandoval at proxmox.com
Tue Mar 4 15:40:45 CET 2025
In edition 2024 unsafe code inside unsafe functions has to be explicitly
marked as such.
Signed-off-by: Maximiliano Sandoval <m.sandoval at proxmox.com>
---
proxmox-shared-memory/src/lib.rs | 4 +-
proxmox-shared-memory/src/raw_shared_mutex.rs | 48 ++++++++++---------
proxmox-sys/src/fs/read_dir.rs | 2 +-
proxmox-sys/src/linux/pid.rs | 4 +-
proxmox-sys/src/mmap.rs | 18 +++----
5 files changed, 40 insertions(+), 36 deletions(-)
diff --git a/proxmox-shared-memory/src/lib.rs b/proxmox-shared-memory/src/lib.rs
index defe678d..4a986b09 100644
--- a/proxmox-shared-memory/src/lib.rs
+++ b/proxmox-shared-memory/src/lib.rs
@@ -201,7 +201,7 @@ impl<T: Sized + Init> SharedMemory<T> {
/// This calls `Init::initialize`, it is up to the user to ensure this is safe. The value should
/// not have been initialized at this point.
pub unsafe fn initialize_subtype<T: Init>(this: &mut T) {
- let data: &mut MaybeUninit<T> = std::mem::transmute(this);
+ let data: &mut MaybeUninit<T> = unsafe { std::mem::transmute(this) };
Init::initialize(data);
}
@@ -211,6 +211,6 @@ pub unsafe fn initialize_subtype<T: Init>(this: &mut T) {
///
/// This calls `Init::check_type_magic`, it is up to the user to ensure this is safe.
pub unsafe fn check_subtype<T: Init>(this: &T) -> Result<(), Error> {
- let data: &MaybeUninit<T> = std::mem::transmute(this);
+ let data: &MaybeUninit<T> = unsafe { std::mem::transmute(this) };
Init::check_type_magic(data)
}
diff --git a/proxmox-shared-memory/src/raw_shared_mutex.rs b/proxmox-shared-memory/src/raw_shared_mutex.rs
index 1b06d5b8..3056299d 100644
--- a/proxmox-shared-memory/src/raw_shared_mutex.rs
+++ b/proxmox-shared-memory/src/raw_shared_mutex.rs
@@ -19,31 +19,33 @@ impl RawSharedMutex {
#[inline]
pub unsafe fn init(&mut self) {
let mut attr = MaybeUninit::<libc::pthread_mutexattr_t>::uninit();
- cvt_nz(libc::pthread_mutexattr_init(attr.as_mut_ptr())).unwrap();
- let attr = PthreadMutexAttr(&mut attr);
- cvt_nz(libc::pthread_mutexattr_settype(
- attr.0.as_mut_ptr(),
- libc::PTHREAD_MUTEX_NORMAL,
- ))
- .unwrap();
- cvt_nz(libc::pthread_mutexattr_setpshared(
- attr.0.as_mut_ptr(),
- libc::PTHREAD_PROCESS_SHARED,
- ))
- .unwrap();
- cvt_nz(libc::pthread_mutexattr_setrobust(
- attr.0.as_mut_ptr(),
- libc::PTHREAD_MUTEX_ROBUST,
- ))
- .unwrap();
- cvt_nz(libc::pthread_mutex_init(self.inner.get(), attr.0.as_ptr())).unwrap();
+ unsafe {
+ cvt_nz(libc::pthread_mutexattr_init(attr.as_mut_ptr())).unwrap();
+ let attr = PthreadMutexAttr(&mut attr);
+ cvt_nz(libc::pthread_mutexattr_settype(
+ attr.0.as_mut_ptr(),
+ libc::PTHREAD_MUTEX_NORMAL,
+ ))
+ .unwrap();
+ cvt_nz(libc::pthread_mutexattr_setpshared(
+ attr.0.as_mut_ptr(),
+ libc::PTHREAD_PROCESS_SHARED,
+ ))
+ .unwrap();
+ cvt_nz(libc::pthread_mutexattr_setrobust(
+ attr.0.as_mut_ptr(),
+ libc::PTHREAD_MUTEX_ROBUST,
+ ))
+ .unwrap();
+ cvt_nz(libc::pthread_mutex_init(self.inner.get(), attr.0.as_ptr())).unwrap();
+ }
}
#[inline]
pub unsafe fn lock(&self) {
- let mut r = libc::pthread_mutex_lock(self.inner.get());
+ let mut r = unsafe { libc::pthread_mutex_lock(self.inner.get()) };
if r == libc::EOWNERDEAD {
- r = libc::pthread_mutex_consistent(self.inner.get());
+ r = unsafe { libc::pthread_mutex_consistent(self.inner.get()) };
}
debug_assert_eq!(r, 0);
@@ -51,15 +53,15 @@ impl RawSharedMutex {
#[inline]
pub unsafe fn unlock(&self) {
- let r = libc::pthread_mutex_unlock(self.inner.get());
+ let r = unsafe { libc::pthread_mutex_unlock(self.inner.get()) };
debug_assert_eq!(r, 0);
}
#[inline]
pub unsafe fn try_lock(&self) -> bool {
- let mut r = libc::pthread_mutex_trylock(self.inner.get());
+ let mut r = unsafe { libc::pthread_mutex_trylock(self.inner.get()) };
if r == libc::EOWNERDEAD {
- r = libc::pthread_mutex_consistent(self.inner.get());
+ r = unsafe { libc::pthread_mutex_consistent(self.inner.get()) };
}
r == 0
diff --git a/proxmox-sys/src/fs/read_dir.rs b/proxmox-sys/src/fs/read_dir.rs
index 3119274b..09dbac3d 100644
--- a/proxmox-sys/src/fs/read_dir.rs
+++ b/proxmox-sys/src/fs/read_dir.rs
@@ -79,7 +79,7 @@ impl ReadDirEntry {
/// It is up to the user to ensure that the file name is valid utf-8 *before* calling this
/// method.
pub unsafe fn file_name_utf8_unchecked(&self) -> &str {
- std::str::from_utf8_unchecked(self.file_name().to_bytes())
+ unsafe { std::str::from_utf8_unchecked(self.file_name().to_bytes()) }
}
}
diff --git a/proxmox-sys/src/linux/pid.rs b/proxmox-sys/src/linux/pid.rs
index 7d50ac44..03464551 100644
--- a/proxmox-sys/src/linux/pid.rs
+++ b/proxmox-sys/src/linux/pid.rs
@@ -24,7 +24,7 @@ pub const SYS_pidfd_open: libc::c_long = 434;
pub const SYS_pidfd_send_signal: libc::c_long = 424;
unsafe fn pidfd_open(pid: libc::pid_t, flags: libc::c_uint) -> libc::c_long {
- libc::syscall(SYS_pidfd_open, pid, flags)
+ unsafe { libc::syscall(SYS_pidfd_open, pid, flags) }
}
unsafe fn pidfd_send_signal(
@@ -33,7 +33,7 @@ unsafe fn pidfd_send_signal(
info: *mut libc::siginfo_t,
flags: libc::c_uint,
) -> libc::c_long {
- libc::syscall(SYS_pidfd_send_signal, pidfd, sig, info, flags)
+ unsafe { libc::syscall(SYS_pidfd_send_signal, pidfd, sig, info, flags) }
}
/// File descriptor reference to a process.
diff --git a/proxmox-sys/src/mmap.rs b/proxmox-sys/src/mmap.rs
index 0ba5337b..6110d676 100644
--- a/proxmox-sys/src/mmap.rs
+++ b/proxmox-sys/src/mmap.rs
@@ -38,14 +38,16 @@ impl<T> Mmap<T> {
// libc::size_t vs usize
#[allow(clippy::useless_conversion)]
- let data = mman::mmap(
- None,
- byte_len,
- prot,
- flags,
- fd,
- libc::off_t::try_from(ofs).map_err(io::Error::other)?,
- )
+ let data = unsafe {
+ mman::mmap(
+ None,
+ byte_len,
+ prot,
+ flags,
+ fd,
+ libc::off_t::try_from(ofs).map_err(io::Error::other)?,
+ )
+ }
.map_err(SysError::into_io_error)?;
Ok(Self {
--
2.39.5
More information about the pbs-devel
mailing list