github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-12 16:18:45 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

rust: disallow use of CStr::as_ptr and CStr::from_ptr

Browse Source 
As kernel always use unsigned char and not the platform ABI's default, an
user should always use `as_char_ptr` provided via `CStrExt` instead.
Therefore configure `disallow-methods` feature of clippy to catch incorrect
usage.

Similarly, the dual `from_ptr` is also disallowed.

[ As an example, without the previous commit, we would get a warning like:

      warning: use of a disallowed method `core::ffi::CStr::as_ptr`
         --> rust/kernel/task.rs:422:54
          |
      422 |         unsafe { crate::bindings::__might_sleep(file.as_ptr().cast(), loc.line() as i32) }
          |                                                      ^^^^^^ help: kernel's `char` is always unsigned, use `as_char_ptr` instead: `kernel::prelude::CStrExt::as_char_ptr`
          |
          = help: for further information visit https://rust-lang.github.io/rust-clippy/rust-1.94.0/index.html#disallowed_methods
          = note: `-W clippy::disallowed-methods` implied by `-W clippy::all`
          = help: to override `-W clippy::all` add `#[allow(clippy::disallowed_methods)]`

    - Miguel ]

Signed-off-by: Gary Guo <gary@garyguo.net>
Reviewed-by: Tamir Duberstein <tamird@kernel.org>
Link: https://patch.msgid.link/20260203130745.868762-2-gary@kernel.org
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
This commit is contained in:
Gary Guo 2026-02-03 13:06:27 +00:00 committed by Miguel Ojeda
parent 1a933719e7
commit b3d161f22b
2 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.clippy.toml
View File

@ -9,3 +9,13 @@ disallowed-macros = [
# it here, see: https://github.com/rust-lang/rust-clippy/issues/11303. # it here, see: https://github.com/rust-lang/rust-clippy/issues/11303.
{ path = "kernel::dbg", reason = "the `dbg!` macro is intended as a debugging tool", allow-invalid = true }, { path = "kernel::dbg", reason = "the `dbg!` macro is intended as a debugging tool", allow-invalid = true },
] ]
[[disallowed-methods]]
path = "core::ffi::CStr::as_ptr"
replacement = "kernel::prelude::CStrExt::as_char_ptr"
reason = "kernel's `char` is always unsigned, use `as_char_ptr` instead"
[[disallowed-methods]]
path = "core::ffi::CStr::from_ptr"
replacement = "kernel::prelude::CStrExt::from_char_ptr"
reason = "kernel's `char` is always unsigned, use `from_char_ptr` instead"

3
rust/kernel/str.rs
View File

@ -189,6 +189,7 @@ macro_rules! b_str {
// //
// - error[E0379]: functions in trait impls cannot be declared const // - error[E0379]: functions in trait impls cannot be declared const
#[inline] #[inline]
#[expect(clippy::disallowed_methods, reason = "internal implementation")]
pub const fn as_char_ptr_in_const_context(c_str: &CStr) -> *const c_char { pub const fn as_char_ptr_in_const_context(c_str: &CStr) -> *const c_char {
c_str.as_ptr().cast() c_str.as_ptr().cast()
} }
@ -319,6 +320,7 @@ unsafe fn to_bytes_mut(s: &mut CStr) -> &mut [u8] {
impl CStrExt for CStr { impl CStrExt for CStr {
#[inline] #[inline]
#[expect(clippy::disallowed_methods, reason = "internal implementation")]
unsafe fn from_char_ptr<'a>(ptr: *const c_char) -> &'a Self { unsafe fn from_char_ptr<'a>(ptr: *const c_char) -> &'a Self {
// SAFETY: The safety preconditions are the same as for `CStr::from_ptr`. // SAFETY: The safety preconditions are the same as for `CStr::from_ptr`.
unsafe { CStr::from_ptr(ptr.cast()) } unsafe { CStr::from_ptr(ptr.cast()) }
@ -334,6 +336,7 @@ unsafe fn from_bytes_with_nul_unchecked_mut(bytes: &mut [u8]) -> &mut Self {
} }
#[inline] #[inline]
#[expect(clippy::disallowed_methods, reason = "internal implementation")]
fn as_char_ptr(&self) -> *const c_char { fn as_char_ptr(&self) -> *const c_char {
self.as_ptr().cast() self.as_ptr().cast()
} }