From: Benno Lossin Date: Thu, 29 May 2025 08:10:23 +0000 (+0200) Subject: rust: pin-init: improve safety documentation for `impl [Pin]Init for T` X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8b3d955f72f999ccce26aabdeb09939964d05a61;p=thirdparty%2Flinux.git rust: pin-init: improve safety documentation for `impl [Pin]Init for T` The inner SAFETY comments were missing since commit 5cfe7bef6751 ("rust: enable `clippy::undocumented_unsafe_blocks` lint"). Also rework the implementation of `__pinned_init` to better justify the SAFETY comment. Link: https://github.com/Rust-for-Linux/pin-init/pull/62/commits/df925b2e27d499b7144df7e62b01acb00d4b94b8 Reviewed-by: Boqun Feng Link: https://lore.kernel.org/all/20250529081027.297648-1-lossin@kernel.org Signed-off-by: Benno Lossin --- diff --git a/rust/pin-init/src/lib.rs b/rust/pin-init/src/lib.rs index 9ab34036e6bc4..d1c3ca5cfff41 100644 --- a/rust/pin-init/src/lib.rs +++ b/rust/pin-init/src/lib.rs @@ -1390,20 +1390,22 @@ where unsafe { pin_init_from_closure(init) } } -// SAFETY: Every type can be initialized by-value. +// SAFETY: the `__init` function always returns `Ok(())` and initializes every field of `slot`. unsafe impl Init for T { unsafe fn __init(self, slot: *mut T) -> Result<(), E> { - // SAFETY: TODO. + // SAFETY: `slot` is valid for writes by the safety requirements of this function. unsafe { slot.write(self) }; Ok(()) } } -// SAFETY: Every type can be initialized by-value. `__pinned_init` calls `__init`. +// SAFETY: the `__pinned_init` function always returns `Ok(())` and initializes every field of +// `slot`. Additionally, all pinning invariants of `T` are upheld. unsafe impl PinInit for T { unsafe fn __pinned_init(self, slot: *mut T) -> Result<(), E> { - // SAFETY: TODO. - unsafe { self.__init(slot) } + // SAFETY: `slot` is valid for writes by the safety requirements of this function. + unsafe { slot.write(self) }; + Ok(()) } }