On Tue Mar 25, 2025 at 11:33 PM CET, Tamir Duberstein wrote:
On Tue, Mar 25, 2025 at 6:11 PM Benno Lossin benno.lossin@proton.me wrote:
On Tue Mar 25, 2025 at 9:07 PM CET, Tamir Duberstein wrote:
diff --git a/rust/kernel/str.rs b/rust/kernel/str.rs index 40034f77fc2f..6233af50bab7 100644 --- a/rust/kernel/str.rs +++ b/rust/kernel/str.rs @@ -29,7 +29,7 @@ pub const fn is_empty(&self) -> bool { #[inline] pub const fn from_bytes(bytes: &[u8]) -> &Self { // SAFETY: `BStr` is transparent to `[u8]`.
unsafe { &*(bytes as *const [u8] as *const BStr) }
unsafe { &*(core::mem::transmute::<*const [u8], *const Self>(bytes)) }Hmm I'm not sure about using `transmute` here. Yes the types are transparent, but I don't think that we should use it here.
What's your suggestion? I initially tried
let bytes: *const [u8] = bytes; unsafe { &*bytes.cast() }
but that doesn't compile because of the implicit Sized bound on pointer::cast.
This is AFAIK one of the only places where we cannot get rid of the `as` cast. So:
let bytes: *const [u8] = bytes; // CAST: `BStr` transparently wraps `[u8]`. let bytes = bytes as *const BStr; // SAFETY: `bytes` is derived from a reference. unsafe { &*bytes }
IMO a `transmute` is worse than an `as` cast :)
--- Cheers, Benno