From f110029acfeec1bc40d8764dd4cd1f7424421262 Mon Sep 17 00:00:00 2001 From: Wei Liu Date: Wed, 16 Nov 2022 22:29:18 +0000 Subject: [PATCH] block_util: modify or provide safety comments Signed-off-by: Wei Liu --- block_util/src/async_io.rs | 3 +++ block_util/src/raw_async.rs | 7 ++++--- block_util/src/raw_sync.rs | 3 +++ 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/block_util/src/async_io.rs b/block_util/src/async_io.rs index 2661f1ffb..f190bbfaa 100644 --- a/block_util/src/async_io.rs +++ b/block_util/src/async_io.rs @@ -54,11 +54,13 @@ enum BlockSize { impl DiskTopology { fn is_block_device(f: &mut File) -> std::io::Result { let mut stat = std::mem::MaybeUninit::::uninit(); + // SAFETY: FFI call with a valid fd and buffer let ret = unsafe { libc::fstat(f.as_raw_fd(), stat.as_mut_ptr()) }; if ret != 0 { return Err(std::io::Error::last_os_error()); } + // SAFETY: stat is valid at this point let is_block = unsafe { (*stat.as_ptr()).st_mode & S_IFMT == S_IFBLK }; Ok(is_block) } @@ -67,6 +69,7 @@ impl DiskTopology { #[allow(clippy::useless_conversion)] fn query_block_size(f: &mut File, block_size_type: BlockSize) -> std::io::Result { let mut block_size = 0; + // SAFETY: FFI call with correct arguments let ret = unsafe { ioctl( f.as_raw_fd(), diff --git a/block_util/src/raw_async.rs b/block_util/src/raw_async.rs index aab48ed87..f1ce670ad 100644 --- a/block_util/src/raw_async.rs +++ b/block_util/src/raw_async.rs @@ -81,7 +81,7 @@ impl AsyncIo for RawFileAsync { ) -> AsyncIoResult<()> { let (submitter, mut sq, _) = self.io_uring.split(); - // Safe because we know the file descriptor is valid and we + // SAFETY: we know the file descriptor is valid and we // relied on vm-memory to provide the buffer address. let _ = unsafe { sq.push( @@ -109,7 +109,7 @@ impl AsyncIo for RawFileAsync { ) -> AsyncIoResult<()> { let (submitter, mut sq, _) = self.io_uring.split(); - // Safe because we know the file descriptor is valid and we + // SAFETY: we know the file descriptor is valid and we // relied on vm-memory to provide the buffer address. let _ = unsafe { sq.push( @@ -133,7 +133,7 @@ impl AsyncIo for RawFileAsync { if let Some(user_data) = user_data { let (submitter, mut sq, _) = self.io_uring.split(); - // Safe because we know the file descriptor is valid. + // SAFETY: we know the file descriptor is valid. let _ = unsafe { sq.push( &opcode::Fsync::new(types::Fd(self.fd)) @@ -148,6 +148,7 @@ impl AsyncIo for RawFileAsync { sq.sync(); submitter.submit().map_err(AsyncIoError::Fsync)?; } else { + // SAFETY: FFI call with a valid fd unsafe { libc::fsync(self.fd) }; } diff --git a/block_util/src/raw_sync.rs b/block_util/src/raw_sync.rs index ed6f1be96..fe856a69e 100644 --- a/block_util/src/raw_sync.rs +++ b/block_util/src/raw_sync.rs @@ -68,6 +68,7 @@ impl AsyncIo for RawFileSync { iovecs: Vec, user_data: u64, ) -> AsyncIoResult<()> { + // SAFETY: FFI call with valid arguments let result = unsafe { libc::preadv( self.fd as libc::c_int, @@ -92,6 +93,7 @@ impl AsyncIo for RawFileSync { iovecs: Vec, user_data: u64, ) -> AsyncIoResult<()> { + // SAFETY: FFI call with valid arguments let result = unsafe { libc::pwritev( self.fd as libc::c_int, @@ -111,6 +113,7 @@ impl AsyncIo for RawFileSync { } fn fsync(&mut self, user_data: Option) -> AsyncIoResult<()> { + // SAFETY: FFI call let result = unsafe { libc::fsync(self.fd as libc::c_int) }; if result < 0 { return Err(AsyncIoError::Fsync(std::io::Error::last_os_error()));