Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
rust: pin-init: improve safety documentation for `impl<T> [Pin]Init<T> for T`
The inner SAFETY comments were missing since commit 5cfe7bef6751 ("rust:
enable `clippy::undocumented_unsafe_blocks` lint").
Also rework the implementation of `__pinned_init` to better justify the
SAFETY comment.
Link: https://github.com/Rust-for-Linux/pin-init/pull/62/commits/df925b2e27d499b7144df7e62b01acb00d4b94b8
Reviewed-by: Boqun Feng <boqun.feng@gmail.com>
Link: https://lore.kernel.org/all/20250529081027.297648-1-lossin@kernel.org
Signed-off-by: Benno Lossin <lossin@kernel.org>
+7
-5
+7
-5
rust/pin-init/src/lib.rs
+7
-5
rust/pin-init/src/lib.rs
···
1390
1390
unsafe { pin_init_from_closure(init) }
1391
1391
}
1392
1392
1393
-
// SAFETY: Every type can be initialized by-value.
1393
+
// SAFETY: the `__init` function always returns `Ok(())` and initializes every field of `slot`.
1394
1394
unsafe impl<T, E> Init<T, E> for T {
1395
1395
unsafe fn __init(self, slot: *mut T) -> Result<(), E> {
1396
-
// SAFETY: TODO.
1396
+
// SAFETY: `slot` is valid for writes by the safety requirements of this function.
1397
1397
unsafe { slot.write(self) };
1398
1398
Ok(())
1399
1399
}
1400
1400
}
1401
1401
1402
-
// SAFETY: Every type can be initialized by-value. `__pinned_init` calls `__init`.
1402
+
// SAFETY: the `__pinned_init` function always returns `Ok(())` and initializes every field of
1403
+
// `slot`. Additionally, all pinning invariants of `T` are upheld.
1403
1404
unsafe impl<T, E> PinInit<T, E> for T {
1404
1405
unsafe fn __pinned_init(self, slot: *mut T) -> Result<(), E> {
1405
-
// SAFETY: TODO.
1406
-
unsafe { self.__init(slot) }
1406
+
// SAFETY: `slot` is valid for writes by the safety requirements of this function.
1407
+
unsafe { slot.write(self) };
1408
+
Ok(())
1407
1409
}
1408
1410
}
1409
1411