On Mon Mar 17, 2025 at 3:23 PM CET, Tamir Duberstein wrote: > Throughout the tree, use the strict provenance APIs stabilized in Rust > 1.84.0[1]. Retain backwards-compatibility by introducing forwarding > functions at the `kernel` crate root along with polyfills for rustc < > 1.84.0. > > Use `#[allow(clippy::incompatible_msrv)]` to avoid warnings on rustc < > 1.84.0 as our MSRV is 1.78.0. > > In the `kernel` crate, enable the strict provenance lints on rustc >= > 1.84.0; do this in `lib.rs` rather than `Makefile` to avoid introducing > compiler flags that are dependent on the rustc version in use. > > Link: https://blog.rust-lang.org/2025/01/09/Rust-1.84.0.html#strict-provenance-apis [1] > Suggested-by: Benno Lossin <benno.lossin@xxxxxxxxx> > Link: https://lore.kernel.org/all/D8EIXDMRXMJP.36TFCGWZBRS3Y@xxxxxxxxx/ > Signed-off-by: Tamir Duberstein <tamird@xxxxxxxxx> One comment below, with that fixed: Reviewed-by: Benno Lossin <benno.lossin@xxxxxxxxx> > --- > init/Kconfig | 3 ++ > rust/kernel/alloc.rs | 2 +- > rust/kernel/devres.rs | 4 +- > rust/kernel/io.rs | 14 +++---- > rust/kernel/lib.rs | 108 +++++++++++++++++++++++++++++++++++++++++++++++++ > rust/kernel/of.rs | 2 +- > rust/kernel/pci.rs | 4 +- > rust/kernel/str.rs | 16 +++----- > rust/kernel/uaccess.rs | 12 ++++-- > 9 files changed, 138 insertions(+), 27 deletions(-) > +#[cfg(not(CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE))] > +mod strict_provenance { > + /// Gets the "address" portion of the pointer. > + /// > + /// See https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.addr. > + #[inline] > + pub fn addr<T>(ptr: *const T) -> usize { > + // This is core's implementation from > + // https://github.com/rust-lang/rust/commit/4291332175d12e79e6061cdc3f5dccac2e28b969 through > + // https://github.com/rust-lang/rust/blob/1.84.0/library/core/src/ptr/const_ptr.rs#L172 > + // which is the first version that satisfies `CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE`. > + #[allow(clippy::undocumented_unsafe_blocks)] > + unsafe { > + #[allow(clippy::transmutes_expressible_as_ptr_casts)] > + core::mem::transmute(ptr.cast::<()>()) > + } I think we should just use `ptr as usize` here instead. It's going away at some point and it will only affect optimizations (I don't even know if they exist at the moment) of old versions. --- Cheers, Benno > + } > + > + /// Exposes the "provenance" part of the pointer for future use in > + /// [`with_exposed_provenance`] and returns the "address" portion. > + /// > + /// See https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.expose_provenance. > + #[inline] > + pub fn expose_provenance<T>(ptr: *const T) -> usize { > + ptr.cast::<()>() as usize > + } > + > + /// Converts an address back to a pointer, picking up some previously 'exposed' > + /// provenance. > + /// > + /// See https://doc.rust-lang.org/stable/core/ptr/fn.with_exposed_provenance.html. > + #[inline] > + pub fn with_exposed_provenance<T>(addr: usize) -> *const T { > + addr as *const T > + } > + > + /// Converts an address back to a mutable pointer, picking up some previously 'exposed' > + /// provenance. > + /// > + /// See https://doc.rust-lang.org/stable/core/ptr/fn.with_exposed_provenance_mut.html > + #[inline] > + pub fn with_exposed_provenance_mut<T>(addr: usize) -> *mut T { > + addr as *mut T > + } > + > + /// Creates a pointer with the given address and no [provenance][crate::ptr#provenance]. > + /// > + /// See https://doc.rust-lang.org/stable/core/ptr/fn.without_provenance_mut.html. > + #[inline] > + pub fn without_provenance_mut<T>(addr: usize) -> *mut T { > + addr as *mut T > + } > +} > + > +pub use strict_provenance::*; > + > // Ensure conditional compilation based on the kernel configuration works; > // otherwise we may silently break things like initcall handling. > #[cfg(not(CONFIG_RUST))]
