disallow (some) as conversions

See https://rust-lang.github.io/rust-clippy/master/#/as_conversions.
1 year ago · 4fef255823
parent e621a09181
commit 4fef255823
6 changed files with 24 additions and 55 deletions
--- a/bpf/aya-bpf/src/helpers.rs
+++ b/bpf/aya-bpf/src/helpers.rs
@ -272,17 +272,9 @@ pub unsafe fn bpf_probe_read_str(src: *const u8, dest: &mut [u8]) -> Result<usiz
        dest.len() as u32,
        src as *const c_void,
    );
-    if len < 0 {
+    let len = usize::try_from(len).map_err(|core::num::TryFromIntError { .. }| -1)?;
-        return Err(-1);
+    // this can never happen, it's needed to tell the verifier that len is bounded.
-    }
+    Ok(len.min(dest.len()))
    let mut len = len as usize;
    if len > dest.len() {
        // this can never happen, it's needed to tell the verifier that len is
        // bounded
        len = dest.len();
    }
    Ok(len)
 }
 /// Read a null-terminated string from _user space_ stored at `src` into `dest`.
@ -316,17 +308,9 @@ pub unsafe fn bpf_probe_read_user_str(src: *const u8, dest: &mut [u8]) -> Result
        dest.len() as u32,
        src as *const c_void,
    );
-    if len < 0 {
+    let len = usize::try_from(len).map_err(|core::num::TryFromIntError { .. }| -1)?;
-        return Err(-1);
+    // this can never happen, it's needed to tell the verifier that len is bounded.
-    }
+    Ok(len.min(dest.len()))
    let mut len = len as usize;
    if len > dest.len() {
        // this can never happen, it's needed to tell the verifier that len is
        // bounded
        len = dest.len();
    }
    Ok(len)
 }
 /// Returns a byte slice read from _user space_ address `src`.
@ -474,17 +458,9 @@ pub unsafe fn bpf_probe_read_kernel_str(src: *const u8, dest: &mut [u8]) -> Resu
        dest.len() as u32,
        src as *const c_void,
    );
-    if len < 0 {
+    let len = usize::try_from(len).map_err(|core::num::TryFromIntError { .. }| -1)?;
-        return Err(-1);
+    // this can never happen, it's needed to tell the verifier that len is bounded.
-    }
+    Ok(len.min(dest.len()))
    let mut len = len as usize;
    if len > dest.len() {
        // this can never happen, it's needed to tell the verifier that len is
        // bounded
        len = dest.len();
    }
    Ok(len)
 }
 /// Returns a byte slice read from _kernel space_ address `src`.
--- a/bpf/aya-bpf/src/lib.rs
+++ b/bpf/aya-bpf/src/lib.rs
@ -11,6 +11,7 @@
 #![cfg_attr(unstable, feature(never_type))]
 #![cfg_attr(target_arch = "bpf", feature(asm_experimental_arch))]
 #![allow(clippy::missing_safety_doc)]
 #![warn(clippy::cast_lossless, clippy::cast_sign_loss)]
 #![no_std]
 pub use aya_bpf_bindings::bindings;
@ -58,18 +59,17 @@ pub trait BpfContext {
 #[no_mangle]
 pub unsafe extern "C" fn memset(s: *mut u8, c: c_int, n: usize) {
-    let base = s as usize;
+    #[allow(clippy::cast_sign_loss)]
    let b = c as u8;
    for i in 0..n {
-        *((base + i) as *mut u8) = c as u8;
+        *s.add(i) = b;
    }
 }
 #[no_mangle]
 pub unsafe extern "C" fn memcpy(dest: *mut u8, src: *mut u8, n: usize) {
    let dest_base = dest as usize;
    let src_base = src as usize;
    for i in 0..n {
-        *((dest_base + i) as *mut u8) = *((src_base + i) as *mut u8);
+        *dest.add(i) = *src.add(i);
    }
 }
--- a/bpf/aya-bpf/src/maps/perf/perf_event_array.rs
+++ b/bpf/aya-bpf/src/maps/perf/perf_event_array.rs
@ -55,7 +55,7 @@ impl<T> PerfEventArray<T> {
    }
    pub fn output_at_index<C: BpfContext>(&self, ctx: &C, index: u32, data: &T, flags: u32) {
-        let flags = (flags as u64) << 32 | index as u64;
+        let flags = u64::from(flags) << 32 | u64::from(index);
        unsafe {
            bpf_perf_event_output(
                ctx.as_ptr(),
--- a/bpf/aya-bpf/src/maps/perf/perf_event_byte_array.rs
+++ b/bpf/aya-bpf/src/maps/perf/perf_event_byte_array.rs
@ -52,7 +52,7 @@ impl PerfEventByteArray {
    }
    pub fn output_at_index<C: BpfContext>(&self, ctx: &C, index: u32, data: &[u8], flags: u32) {
-        let flags = (flags as u64) << 32 | index as u64;
+        let flags = u64::from(flags) << 32 | u64::from(index);
        unsafe {
            bpf_perf_event_output(
                ctx.as_ptr(),
--- a/bpf/aya-bpf/src/programs/sk_buff.rs
+++ b/bpf/aya-bpf/src/programs/sk_buff.rs
@ -1,5 +1,4 @@
 use core::{
    cmp,
    ffi::c_void,
    mem::{self, MaybeUninit},
 };
@ -88,28 +87,20 @@ impl SkBuff {
    /// Read into a `PerCpuArray`.
    #[inline(always)]
    pub fn load_bytes(&self, offset: usize, dst: &mut [u8]) -> Result<usize, c_long> {
-        if offset >= self.len() as usize {
+        let len = usize::try_from(self.len()).map_err(|core::num::TryFromIntError { .. }| -1)?;
-            return Err(-1);
+        let len = len.checked_sub(offset).ok_or(-1)?;
-        }
+        let len = len.min(dst.len());
-        let len = cmp::min(self.len() as isize - offset as isize, dst.len() as isize);
+        let len_u32 = u32::try_from(len).map_err(|core::num::TryFromIntError { .. }| -1)?;
        // The verifier rejects the program if it can't see that `len > 0`.
        if len <= 0 {
            return Err(-1);
        }
        // This is only needed to ensure the verifier can see the upper bound.
        if len > dst.len() as isize {
            return Err(-1);
        }
        let ret = unsafe {
            bpf_skb_load_bytes(
                self.skb as *const _,
                offset as u32,
                dst.as_mut_ptr() as *mut _,
-                len as u32,
+                len_u32,
            )
        };
        if ret == 0 {
-            Ok(len as usize)
+            Ok(len)
        } else {
            Err(ret)
        }
--- a/bpf/aya-log-ebpf/src/lib.rs
+++ b/bpf/aya-log-ebpf/src/lib.rs
@ -1,4 +1,6 @@
 #![no_std]
 #![warn(clippy::cast_lossless, clippy::cast_sign_loss)]
 use aya_bpf::{
    macros::map,
    maps::{PerCpuArray, PerfEventByteArray},