On Thu Mar 13, 2025 at 11:47 AM CET, Tamir Duberstein wrote: > On Wed, Mar 12, 2025 at 6:38 PM Benno Lossin <benno.lossin@xxxxxxxxx> wrote: >> >> On Wed Mar 12, 2025 at 11:24 PM CET, Tamir Duberstein wrote: >> > On Wed, Mar 12, 2025 at 5:30 PM Benno Lossin <benno.lossin@xxxxxxxxx> wrote: >> >> >> >> On Wed Mar 12, 2025 at 10:10 PM CET, Tamir Duberstein wrote: >> >> > On Wed, Mar 12, 2025 at 5:04 PM Tamir Duberstein <tamird@xxxxxxxxx> wrote: >> >> >> >> >> >> On Wed, Mar 12, 2025 at 5:01 PM Benno Lossin <benno.lossin@xxxxxxxxx> wrote: >> >> >> > Always enable the features, we have `allow(stable_features)` for this >> >> >> > reason (then you don't have to do this dance with checking if it's >> >> >> > already stable or not :) >> >> >> >> >> >> It's not so simple. In rustc < 1.84.0 the lints *and* the strict >> >> >> provenance APIs are behind `feature(strict_provenance)`. In rustc >= >> >> >> 1.84.0 the lints are behind `feature(strict_provenance_lints)`. So you >> >> >> need to read the config to learn that you need to enable >> >> >> `feature(strict_provenance_lints)`. >> >> >> >> I see... And `strict_provenance_lints` doesn't exist in <1.84? That's a >> >> bit of a bummer... >> >> >> >> But I guess we could have this config option (in `init/Kconfig`): >> >> >> >> config RUSTC_HAS_STRICT_PROVENANCE >> >> def_bool RUSTC_VERSION >= 108400 >> >> >> >> and then do this in `lib.rs`: >> >> >> >> #![cfg_attr(CONFIG_RUSTC_HAS_STRICT_PROVENANCE, feature(strict_provenance_lints))] >> > >> > Yep! That's exactly what I did, but as I mentioned up-thread, the >> > result is that we only cover the `kernel` crate. >> >> Ah I see, can't we just have the above line in the other crate roots? > > The most difficult case is doctests. You'd have to add this to every > example AFAICT. > >> >> > Actually this isn't even the only problem. It seems that >> >> > `-Astable_features` doesn't affect features enabled on the command >> >> > line at all: >> >> > >> >> > error[E0725]: the feature `strict_provenance` is not in the list of >> >> > allowed features >> >> > --> <crate attribute>:1:9 >> >> > | >> >> > 1 | feature(strict_provenance) >> >> > | ^^^^^^^^^^^^^^^^^ >> >> >> >> That's because you need to append the feature to `rust_allowed_features` >> >> in `scripts/Makefile.build` (AFAIK). >> > >> > Thanks, that's a helpful pointer, and it solves some problems but not >> > all. The root Makefile contains this bit: >> > >> >> KBUILD_HOSTRUSTFLAGS := $(rust_common_flags) -O -Cstrip=debuginfo \ >> >> -Zallow-features= $(HOSTRUSTFLAGS) >> > >> > which means we can't use the provenance lints against these host >> > targets (including e.g. `rustdoc_test_gen`). We can't remove this >> > -Zallow-features= either because then core fails to compile. >> > >> > I'm at the point where I think I need more involved help. Want to take >> > a look at my attempt? It's here: >> > https://github.com/tamird/linux/tree/b4/ptr-as-ptr. With doing `allow(clippy::incompatible_msrv)`, I meant doing that globally, not having a module to re-export the functions :) >> I'll take a look tomorrow, you're testing my knowledge of the build >> system a lot here :) > > We're guaranteed to learn something :) Yep! I managed to get it working, but it is rather janky and experimental. I don't think you should use this in your patch series unless Miguel has commented on it. Notable things in the diff below: * the hostrustflags don't get the *provenance_casts lints (which is correct, I think, but probably not the way I did it with filter-out) * the crates compiler_builtins, bindings, uapi, build_error, libmacros, ffi, etc do get them, but probably shouldn't? --- Cheers, Benno diff --git a/Makefile b/Makefile index 70bdbf2218fc..38a79337cd7b 100644 --- a/Makefile +++ b/Makefile @@ -473,6 +473,8 @@ export rust_common_flags := --edition=2021 \ -Astable_features \ -Dnon_ascii_idents \ -Dunsafe_op_in_unsafe_fn \ + -Wfuzzy_provenance_casts \ + -Wlossy_provenance_casts \ -Wmissing_docs \ -Wrust_2018_idioms \ -Wunreachable_pub \ @@ -493,7 +495,7 @@ KBUILD_HOSTCFLAGS := $(KBUILD_USERHOSTCFLAGS) $(HOST_LFS_CFLAGS) \ $(HOSTCFLAGS) -I $(srctree)/scripts/include KBUILD_HOSTCXXFLAGS := -Wall -O2 $(HOST_LFS_CFLAGS) $(HOSTCXXFLAGS) \ -I $(srctree)/scripts/include -KBUILD_HOSTRUSTFLAGS := $(rust_common_flags) -O -Cstrip=debuginfo \ +KBUILD_HOSTRUSTFLAGS := $(filter-out -Wfuzzy_provenance_casts -Wlossy_provenance_casts,$(rust_common_flags)) -O -Cstrip=debuginfo \ -Zallow-features= $(HOSTRUSTFLAGS) KBUILD_HOSTLDFLAGS := $(HOST_LFS_LDFLAGS) $(HOSTLDFLAGS) KBUILD_HOSTLDLIBS := $(HOST_LFS_LIBS) $(HOSTLDLIBS) diff --git a/init/Kconfig b/init/Kconfig index d0d021b3fa3b..82e28d6f7c3f 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -132,6 +132,9 @@ config CC_HAS_COUNTED_BY config RUSTC_HAS_COERCE_POINTEE def_bool RUSTC_VERSION >= 108400 +config RUSTC_HAS_STABLE_STRICT_PROVENANCE + def_bool RUSTC_VERSION >= 108400 + config PAHOLE_VERSION int default $(shell,$(srctree)/scripts/pahole-version.sh $(PAHOLE)) diff --git a/rust/Makefile b/rust/Makefile index ea3849eb78f6..998b57c6e5f7 100644 --- a/rust/Makefile +++ b/rust/Makefile @@ -436,7 +436,8 @@ $(obj)/helpers/helpers.o: $(src)/helpers/helpers.c $(recordmcount_source) FORCE $(obj)/exports.o: private skip_gendwarfksyms = 1 $(obj)/core.o: private skip_clippy = 1 -$(obj)/core.o: private skip_flags = -Wunreachable_pub +$(obj)/core.o: private skip_flags = -Wunreachable_pub \ + -Wfuzzy_provenance_casts -Wlossy_provenance_casts $(obj)/core.o: private rustc_objcopy = $(foreach sym,$(redirect-intrinsics),--redefine-sym $(sym)=__rust$(sym)) $(obj)/core.o: private rustc_target_flags = $(core-cfgs) $(obj)/core.o: $(RUST_LIB_SRC)/core/src/lib.rs \ diff --git a/rust/bindings/lib.rs b/rust/bindings/lib.rs index 014af0d1fc70..185bf29e44d9 100644 --- a/rust/bindings/lib.rs +++ b/rust/bindings/lib.rs @@ -9,6 +9,14 @@ //! using this crate. #![no_std] +#![cfg_attr( + not(CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE), + feature(strict_provenance) +)] +#![cfg_attr( + CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE, + feature(strict_provenance_lints) +)] // See <https://github.com/rust-lang/rust-bindgen/issues/1651>. #![cfg_attr(test, allow(deref_nullptr))] #![cfg_attr(test, allow(unaligned_references))] diff --git a/rust/build_error.rs b/rust/build_error.rs index fa24eeef9929..84e24598857f 100644 --- a/rust/build_error.rs +++ b/rust/build_error.rs @@ -18,6 +18,14 @@ //! [const-context]: https://doc.rust-lang.org/reference/const_eval.html#const-context #![no_std] +#![cfg_attr( + not(CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE), + feature(strict_provenance) +)] +#![cfg_attr( + CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE, + feature(strict_provenance_lints) +)] /// Panics if executed in [const context][const-context], or triggers a build error if not. /// diff --git a/rust/compiler_builtins.rs b/rust/compiler_builtins.rs index f14b8d7caf89..0dcb25a644f6 100644 --- a/rust/compiler_builtins.rs +++ b/rust/compiler_builtins.rs @@ -21,6 +21,14 @@ #![allow(internal_features)] #![feature(compiler_builtins)] +#![cfg_attr( + not(CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE), + feature(strict_provenance) +)] +#![cfg_attr( + CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE, + feature(strict_provenance_lints) +)] #![compiler_builtins] #![no_builtins] #![no_std] diff --git a/rust/ffi.rs b/rust/ffi.rs index 584f75b49862..28a5e9a09b70 100644 --- a/rust/ffi.rs +++ b/rust/ffi.rs @@ -8,6 +8,14 @@ //! C ABI. The kernel does not use [`core::ffi`], so it can customise the mapping that deviates from //! the platform default. +#![cfg_attr( + not(CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE), + feature(strict_provenance) +)] +#![cfg_attr( + CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE, + feature(strict_provenance_lints) +)] #![no_std] macro_rules! alias { diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs index 398242f92a96..6fd4fb2176aa 100644 --- a/rust/kernel/lib.rs +++ b/rust/kernel/lib.rs @@ -13,6 +13,14 @@ #![no_std] #![feature(arbitrary_self_types)] +#![cfg_attr( + not(CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE), + feature(strict_provenance) +)] +#![cfg_attr( + CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE, + feature(strict_provenance_lints) +)] #![cfg_attr(CONFIG_RUSTC_HAS_COERCE_POINTEE, feature(derive_coerce_pointee))] #![cfg_attr(not(CONFIG_RUSTC_HAS_COERCE_POINTEE), feature(coerce_unsized))] #![cfg_attr(not(CONFIG_RUSTC_HAS_COERCE_POINTEE), feature(dispatch_from_dyn))] diff --git a/rust/macros/lib.rs b/rust/macros/lib.rs index 8c7b786377ee..91450de998d3 100644 --- a/rust/macros/lib.rs +++ b/rust/macros/lib.rs @@ -2,6 +2,15 @@ //! Crate for all kernel procedural macros. +#![cfg_attr( + not(CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE), + feature(strict_provenance) +)] +#![cfg_attr( + CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE, + feature(strict_provenance_lints) +)] + // When fixdep scans this, it will find this string `CONFIG_RUSTC_VERSION_TEXT` // and thus add a dependency on `include/config/RUSTC_VERSION_TEXT`, which is // touched by Kconfig when the version string from the compiler changes. diff --git a/rust/uapi/lib.rs b/rust/uapi/lib.rs index 13495910271f..84ef3828e0d4 100644 --- a/rust/uapi/lib.rs +++ b/rust/uapi/lib.rs @@ -8,6 +8,14 @@ //! userspace APIs. #![no_std] +#![cfg_attr( + not(CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE), + feature(strict_provenance) +)] +#![cfg_attr( + CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE, + feature(strict_provenance_lints) +)] // See <https://github.com/rust-lang/rust-bindgen/issues/1651>. #![cfg_attr(test, allow(deref_nullptr))] #![cfg_attr(test, allow(unaligned_references))] diff --git a/scripts/Makefile.build b/scripts/Makefile.build index 993708d11874..021ee36ae8f2 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -226,7 +226,10 @@ $(obj)/%.lst: $(obj)/%.c FORCE # Compile Rust sources (.rs) # --------------------------------------------------------------------------- -rust_allowed_features := asm_const,asm_goto,arbitrary_self_types,lint_reasons +# Lints were moved to `strict_provenance_lints` when `strict_provenance` was stabilized. +# +# See https://github.com/rust-lang/rust/commit/56ee492a6e7a917b2b3f888e33dd52a13d3ecb64. +rust_allowed_features := asm_const,asm_goto,arbitrary_self_types,lint_reasons,$(if $(CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE),strict_provenance_lints,strict_provenance) # `--out-dir` is required to avoid temporaries being created by `rustc` in the # current working directory, which may be not accessible in the out-of-tree
