From f580fe57991f0fef9ac058040e813eeb16876af2 Mon Sep 17 00:00:00 2001 From: Andrew Walbran Date: Fri, 21 Jul 2023 19:13:48 +0100 Subject: [PATCH] Add safety comments. These will soon be required by a lint. Bug: 290018030 Test: m rust Change-Id: I0b25bcaa18d167fb9c2d63e637833d4935dc8ff4 --- libstats/pull_rust/stats_pull.rs | 7 +++++-- trusty/libtrusty-rs/src/lib.rs | 2 ++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/libstats/pull_rust/stats_pull.rs b/libstats/pull_rust/stats_pull.rs index 09b26232f..d188b5fb5 100644 --- a/libstats/pull_rust/stats_pull.rs +++ b/libstats/pull_rust/stats_pull.rs @@ -111,7 +111,9 @@ lazy_static! { static ref COOKIES: Mutex StatsPullResult>> = Mutex::new(HashMap::new()); } -// Safety: We store our callbacks in the global so they are valid. +/// # Safety +/// +/// `data` must be a valid pointer with no aliases. unsafe extern "C" fn callback_wrapper( atom_tag: i32, data: *mut AStatsEventList, @@ -126,7 +128,8 @@ unsafe extern "C" fn callback_wrapper( let stats = cb(); let result = stats .iter() - .map(|stat| stat.add_astats_event(&mut *data)) + // Safety: The caller promises that `data` is valid and unaliased. + .map(|stat| stat.add_astats_event(unsafe { &mut *data })) .collect::, StatsError>>(); match result { Ok(_) => { diff --git a/trusty/libtrusty-rs/src/lib.rs b/trusty/libtrusty-rs/src/lib.rs index 28ea07505..22b894a47 100644 --- a/trusty/libtrusty-rs/src/lib.rs +++ b/trusty/libtrusty-rs/src/lib.rs @@ -102,6 +102,8 @@ impl TipcChannel { let file = File::options().read(true).write(true).open(device)?; let srv_name = CString::new(service).expect("Service name contained null bytes"); + // SAFETY: The file descriptor is valid because it came from a `File`, and the name is a + // valid C string because it came from a `CString`. unsafe { tipc_connect(file.as_raw_fd(), srv_name.as_ptr())?; }