On Mon, Mar 17, 2025 at 5:34 AM Benno Lossin benno.lossin@proton.me wrote:
On Sat Mar 15, 2025 at 1:17 PM CET, Tamir Duberstein wrote:
Throughout the tree, use the strict provenance APIs stabilized in Rust 1.84.0[1]. Retain backwards-compatibility by introducing forwarding functions at the `kernel` crate root along with polyfills for rustc < 1.84.0.
Use `#[allow(clippy::incompatible_msrv)]` to avoid warnings on rustc < 1.84.0 as our MSRV is 1.78.0.
This isn't necessary, right?
It is necessary. MSRV is encoded in .clippy.toml, it doesn't matter what the *current* rustc version is.
In the `kernel` crate, enable the strict provenance lints on rustc >= 1.84.0; do this in `lib.rs` rather than `Makefile` to avoid introducing compiler flags that are dependent on the rustc version in use.
So it won't be enabled in the doctests, right?
Yes, that is correct.
Link: https://blog.rust-lang.org/2025/01/09/Rust-1.84.0.html#strict-provenance-api... [1] Suggested-by: Benno Lossin benno.lossin@proton.me Link: https://lore.kernel.org/all/D8EIXDMRXMJP.36TFCGWZBRS3Y@proton.me/ Signed-off-by: Tamir Duberstein tamird@gmail.com
init/Kconfig | 3 +++ rust/kernel/alloc.rs | 2 +- rust/kernel/devres.rs | 4 ++-- rust/kernel/io.rs | 14 +++++++------- rust/kernel/lib.rs | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++ rust/kernel/of.rs | 2 +- rust/kernel/pci.rs | 4 ++-- rust/kernel/str.rs | 16 ++++++---------- rust/kernel/uaccess.rs | 12 ++++++++---- 9 files changed, 82 insertions(+), 27 deletions(-)
diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs index 486715528587..84eb2602e79e 100644 --- a/rust/kernel/lib.rs +++ b/rust/kernel/lib.rs @@ -17,6 +17,9 @@ #![cfg_attr(not(CONFIG_RUSTC_HAS_COERCE_POINTEE), feature(coerce_unsized))] #![cfg_attr(not(CONFIG_RUSTC_HAS_COERCE_POINTEE), feature(dispatch_from_dyn))] #![cfg_attr(not(CONFIG_RUSTC_HAS_COERCE_POINTEE), feature(unsize))] +#![cfg_attr(CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE, feature(strict_provenance_lints))] +#![cfg_attr(CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE, deny(fuzzy_provenance_casts))] +#![cfg_attr(CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE, deny(lossy_provenance_casts))] #![feature(inline_const)] #![feature(lint_reasons)] // Stable in Rust 1.83 @@ -25,6 +28,55 @@ #![feature(const_ptr_write)] #![feature(const_refs_to_cell)]
+#[cfg(CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE)] +#[allow(clippy::incompatible_msrv)]
Do we still need this allow?
Yes, explained above.
+mod strict_provenance {
- #[doc(hidden)]
Why make them hidden in docs?
I've added documentation that defers to the standard library.
- pub fn expose_provenance<T>(addr: *const T) -> usize {
addr.expose_provenance()Instead of having these stubs here, you can probably just do
pub use core::ptr::expose_provenance;
This doesn't work for the methods on primitives, but it works for the free functions. Done.
- }
- #[doc(hidden)]
- pub fn without_provenance_mut<T>(addr: usize) -> *mut T {
core::ptr::without_provenance_mut(addr)- }
- #[doc(hidden)]
- pub fn with_exposed_provenance<T>(addr: usize) -> *const T {
core::ptr::with_exposed_provenance(addr)- }
- #[doc(hidden)]
- pub fn with_exposed_provenance_mut<T>(addr: usize) -> *mut T {
core::ptr::with_exposed_provenance_mut(addr)- }
+}
+#[cfg(not(CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE))] +mod strict_provenance {
- #[doc(hidden)]
I think we should document these.
Done.
Cheers, Benno
- pub fn expose_provenance<T>(addr: *const T) -> usize {
addr.cast::<()>() as usize- }
- #[doc(hidden)]
- pub fn without_provenance_mut<T>(addr: usize) -> *mut T {
addr as *mut T- }
- #[doc(hidden)]
- pub fn with_exposed_provenance<T>(addr: usize) -> *const T {
addr as *const T- }
- #[doc(hidden)]
- pub fn with_exposed_provenance_mut<T>(addr: usize) -> *mut T {
addr as *mut T- }
+}
+pub use strict_provenance::*;