From 8b3d955f72f999ccce26aabdeb09939964d05a61 Mon Sep 17 00:00:00 2001 From: Benno Lossin Date: Thu, 29 May 2025 10:10:23 +0200 Subject: [PATCH] rust: pin-init: improve safety documentation for `impl [Pin]Init for T` The inner SAFETY comments were missing since commit 5cfe7bef6751 ("rust: enable `clippy::undocumented_unsafe_blocks` lint"). Also rework the implementation of `__pinned_init` to better justify the SAFETY comment. Link: https://github.com/Rust-for-Linux/pin-init/pull/62/commits/df925b2e27d499b7144df7e62b01acb00d4b94b8 Reviewed-by: Boqun Feng Link: https://lore.kernel.org/all/20250529081027.297648-1-lossin@kernel.org Signed-off-by: Benno Lossin --- rust/pin-init/src/lib.rs | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/rust/pin-init/src/lib.rs b/rust/pin-init/src/lib.rs index 9ab34036e6bc4..d1c3ca5cfff41 100644 --- a/rust/pin-init/src/lib.rs +++ b/rust/pin-init/src/lib.rs @@ -1390,20 +1390,22 @@ where unsafe { pin_init_from_closure(init) } } -// SAFETY: Every type can be initialized by-value. +// SAFETY: the `__init` function always returns `Ok(())` and initializes every field of `slot`. unsafe impl Init for T { unsafe fn __init(self, slot: *mut T) -> Result<(), E> { - // SAFETY: TODO. + // SAFETY: `slot` is valid for writes by the safety requirements of this function. unsafe { slot.write(self) }; Ok(()) } } -// SAFETY: Every type can be initialized by-value. `__pinned_init` calls `__init`. +// SAFETY: the `__pinned_init` function always returns `Ok(())` and initializes every field of +// `slot`. Additionally, all pinning invariants of `T` are upheld. unsafe impl PinInit for T { unsafe fn __pinned_init(self, slot: *mut T) -> Result<(), E> { - // SAFETY: TODO. - unsafe { self.__init(slot) } + // SAFETY: `slot` is valid for writes by the safety requirements of this function. + unsafe { slot.write(self) }; + Ok(()) } } -- 2.47.2