On Mon Mar 17, 2025 at 3:23 PM CET, Tamir Duberstein wrote:
Throughout the tree, use the strict provenance APIs stabilized in Rust 1.84.0[1]. Retain backwards-compatibility by introducing forwarding functions at the `kernel` crate root along with polyfills for rustc < 1.84.0.
Use `#[allow(clippy::incompatible_msrv)]` to avoid warnings on rustc < 1.84.0 as our MSRV is 1.78.0.
In the `kernel` crate, enable the strict provenance lints on rustc >= 1.84.0; do this in `lib.rs` rather than `Makefile` to avoid introducing compiler flags that are dependent on the rustc version in use.
Link: https://blog.rust-lang.org/2025/01/09/Rust-1.84.0.html#strict-provenance-api... [1] Suggested-by: Benno Lossin benno.lossin@proton.me Link: https://lore.kernel.org/all/D8EIXDMRXMJP.36TFCGWZBRS3Y@proton.me/ Signed-off-by: Tamir Duberstein tamird@gmail.com
One comment below, with that fixed:
Reviewed-by: Benno Lossin benno.lossin@proton.me
init/Kconfig | 3 ++ rust/kernel/alloc.rs | 2 +- rust/kernel/devres.rs | 4 +- rust/kernel/io.rs | 14 +++---- rust/kernel/lib.rs | 108 +++++++++++++++++++++++++++++++++++++++++++++++++ rust/kernel/of.rs | 2 +- rust/kernel/pci.rs | 4 +- rust/kernel/str.rs | 16 +++----- rust/kernel/uaccess.rs | 12 ++++-- 9 files changed, 138 insertions(+), 27 deletions(-)
+#[cfg(not(CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE))] +mod strict_provenance {
- /// Gets the "address" portion of the pointer.
- ///
- /// See https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.addr.
- #[inline]
- pub fn addr<T>(ptr: *const T) -> usize {
// This is core's implementation from// https://github.com/rust-lang/rust/commit/4291332175d12e79e6061cdc3f5dccac2e28b969 through// https://github.com/rust-lang/rust/blob/1.84.0/library/core/src/ptr/const_ptr.rs#L172// which is the first version that satisfies `CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE`.#[allow(clippy::undocumented_unsafe_blocks)]unsafe {#[allow(clippy::transmutes_expressible_as_ptr_casts)]core::mem::transmute(ptr.cast::<()>())}
I think we should just use `ptr as usize` here instead. It's going away at some point and it will only affect optimizations (I don't even know if they exist at the moment) of old versions.
--- Cheers, Benno
- }
- /// Exposes the "provenance" part of the pointer for future use in
- /// [`with_exposed_provenance`] and returns the "address" portion.
- ///
- /// See https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.expose_p....
- #[inline]
- pub fn expose_provenance<T>(ptr: *const T) -> usize {
ptr.cast::<()>() as usize- }
- /// Converts an address back to a pointer, picking up some previously 'exposed'
- /// provenance.
- ///
- /// See https://doc.rust-lang.org/stable/core/ptr/fn.with_exposed_provenance.html.
- #[inline]
- pub fn with_exposed_provenance<T>(addr: usize) -> *const T {
addr as *const T- }
- /// Converts an address back to a mutable pointer, picking up some previously 'exposed'
- /// provenance.
- ///
- /// See https://doc.rust-lang.org/stable/core/ptr/fn.with_exposed_provenance_mut.htm...
- #[inline]
- pub fn with_exposed_provenance_mut<T>(addr: usize) -> *mut T {
addr as *mut T- }
- /// Creates a pointer with the given address and no [provenance][crate::ptr#provenance].
- ///
- /// See https://doc.rust-lang.org/stable/core/ptr/fn.without_provenance_mut.html.
- #[inline]
- pub fn without_provenance_mut<T>(addr: usize) -> *mut T {
addr as *mut T- }
+}
+pub use strict_provenance::*;
// Ensure conditional compilation based on the kernel configuration works; // otherwise we may silently break things like initcall handling. #[cfg(not(CONFIG_RUST))]