On Sat Mar 15, 2025 at 1:17 PM CET, Tamir Duberstein wrote: > Throughout the tree, use the strict provenance APIs stabilized in Rust > 1.84.0[1]. Retain backwards-compatibility by introducing forwarding > functions at the `kernel` crate root along with polyfills for rustc < > 1.84.0. > > Use `#[allow(clippy::incompatible_msrv)]` to avoid warnings on rustc < > 1.84.0 as our MSRV is 1.78.0. This isn't necessary, right? > In the `kernel` crate, enable the strict provenance lints on rustc >= > 1.84.0; do this in `lib.rs` rather than `Makefile` to avoid introducing > compiler flags that are dependent on the rustc version in use. So it won't be enabled in the doctests, right? > Link: https://blog.rust-lang.org/2025/01/09/Rust-1.84.0.html#strict-provenance-apis [1] > Suggested-by: Benno Lossin <benno.lossin@xxxxxxxxx> > Link: https://lore.kernel.org/all/D8EIXDMRXMJP.36TFCGWZBRS3Y@xxxxxxxxx/ > Signed-off-by: Tamir Duberstein <tamird@xxxxxxxxx> > --- > init/Kconfig | 3 +++ > rust/kernel/alloc.rs | 2 +- > rust/kernel/devres.rs | 4 ++-- > rust/kernel/io.rs | 14 +++++++------- > rust/kernel/lib.rs | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++ > rust/kernel/of.rs | 2 +- > rust/kernel/pci.rs | 4 ++-- > rust/kernel/str.rs | 16 ++++++---------- > rust/kernel/uaccess.rs | 12 ++++++++---- > 9 files changed, 82 insertions(+), 27 deletions(-) > diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs > index 486715528587..84eb2602e79e 100644 > --- a/rust/kernel/lib.rs > +++ b/rust/kernel/lib.rs > @@ -17,6 +17,9 @@ > #![cfg_attr(not(CONFIG_RUSTC_HAS_COERCE_POINTEE), feature(coerce_unsized))] > #![cfg_attr(not(CONFIG_RUSTC_HAS_COERCE_POINTEE), feature(dispatch_from_dyn))] > #![cfg_attr(not(CONFIG_RUSTC_HAS_COERCE_POINTEE), feature(unsize))] > +#![cfg_attr(CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE, feature(strict_provenance_lints))] > +#![cfg_attr(CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE, deny(fuzzy_provenance_casts))] > +#![cfg_attr(CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE, deny(lossy_provenance_casts))] > #![feature(inline_const)] > #![feature(lint_reasons)] > // Stable in Rust 1.83 > @@ -25,6 +28,55 @@ > #![feature(const_ptr_write)] > #![feature(const_refs_to_cell)] > > +#[cfg(CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE)] > +#[allow(clippy::incompatible_msrv)] Do we still need this allow? > +mod strict_provenance { > + #[doc(hidden)] Why make them hidden in docs? > + pub fn expose_provenance<T>(addr: *const T) -> usize { > + addr.expose_provenance() Instead of having these stubs here, you can probably just do pub use core::ptr::expose_provenance; > + } > + > + #[doc(hidden)] > + pub fn without_provenance_mut<T>(addr: usize) -> *mut T { > + core::ptr::without_provenance_mut(addr) > + } > + > + #[doc(hidden)] > + pub fn with_exposed_provenance<T>(addr: usize) -> *const T { > + core::ptr::with_exposed_provenance(addr) > + } > + > + #[doc(hidden)] > + pub fn with_exposed_provenance_mut<T>(addr: usize) -> *mut T { > + core::ptr::with_exposed_provenance_mut(addr) > + } > +} > + > +#[cfg(not(CONFIG_RUSTC_HAS_STABLE_STRICT_PROVENANCE))] > +mod strict_provenance { > + #[doc(hidden)] I think we should document these. --- Cheers, Benno > + pub fn expose_provenance<T>(addr: *const T) -> usize { > + addr.cast::<()>() as usize > + } > + > + #[doc(hidden)] > + pub fn without_provenance_mut<T>(addr: usize) -> *mut T { > + addr as *mut T > + } > + > + #[doc(hidden)] > + pub fn with_exposed_provenance<T>(addr: usize) -> *const T { > + addr as *const T > + } > + > + #[doc(hidden)] > + pub fn with_exposed_provenance_mut<T>(addr: usize) -> *mut T { > + addr as *mut T > + } > +} > + > +pub use strict_provenance::*;
