diff options
| author | Danilo Krummrich <dakr@redhat.com> | 2024-06-19 15:20:12 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-06-20 16:14:54 +0200 |
| commit | bbe98f4fde5a52aa01a1e1d754e1398228815fb0 (patch) | |
| tree | a5ca3922505d5301e36f004edc0d69560ce40be5 /rust/kernel | |
| parent | driver core: make [device_]driver_attach take a const * (diff) | |
| download | linux-bbe98f4fde5a52aa01a1e1d754e1398228815fb0.tar.xz linux-bbe98f4fde5a52aa01a1e1d754e1398228815fb0.zip | |
firmware: rust: improve safety comments
Improve the wording of safety comments to be more explicit about what
exactly is guaranteed to be valid.
Suggested-by: Benno Lossin <benno.lossin@proton.me>
Signed-off-by: Danilo Krummrich <dakr@redhat.com>
Link: https://lore.kernel.org/r/20240619132029.59296-1-dakr@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'rust/kernel')
| -rw-r--r-- | rust/kernel/firmware.rs | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/rust/kernel/firmware.rs b/rust/kernel/firmware.rs index b55ea1b45368..386c8fb44785 100644 --- a/rust/kernel/firmware.rs +++ b/rust/kernel/firmware.rs @@ -22,8 +22,7 @@ type FwFunc = /// /// The pointer is valid, and has ownership over the instance of `struct firmware`. /// -/// Once requested, the `Firmware` backing buffer is not modified until it is freed when `Firmware` -/// is dropped. +/// The `Firmware`'s backing buffer is not modified. /// /// # Examples /// @@ -72,22 +71,22 @@ impl Firmware { /// Returns the size of the requested firmware in bytes. pub fn size(&self) -> usize { - // SAFETY: Safe by the type invariant. + // SAFETY: `self.as_raw()` is valid by the type invariant. unsafe { (*self.as_raw()).size } } /// Returns the requested firmware as `&[u8]`. pub fn data(&self) -> &[u8] { - // SAFETY: Safe by the type invariant. Additionally, `bindings::firmware` guarantees, if - // successfully requested, that `bindings::firmware::data` has a size of - // `bindings::firmware::size` bytes. + // SAFETY: `self.as_raw()` is valid by the type invariant. Additionally, + // `bindings::firmware` guarantees, if successfully requested, that + // `bindings::firmware::data` has a size of `bindings::firmware::size` bytes. unsafe { core::slice::from_raw_parts((*self.as_raw()).data, self.size()) } } } impl Drop for Firmware { fn drop(&mut self) { - // SAFETY: Safe by the type invariant. + // SAFETY: `self.as_raw()` is valid by the type invariant. unsafe { bindings::release_firmware(self.as_raw()) }; } } |