From ea5f7e3015477717fc4a96fed2e5e7e496d2dd66 Mon Sep 17 00:00:00 2001 From: Tamir Duberstein Date: Mon, 3 Mar 2025 10:35:27 -0500 Subject: [PATCH] Reduce the scope of expected warnings This fixes a few safety comments to avoid the warnings. --- aya-obj/src/btf/info.rs | 2 + aya-obj/src/lib.rs | 1 - aya/src/bpf.rs | 1 + aya/src/lib.rs | 1 - aya/src/maps/array/array.rs | 1 + aya/src/maps/array/per_cpu_array.rs | 1 + aya/src/maps/xdp/cpu_map.rs | 1 + aya/src/maps/xdp/dev_map.rs | 1 + aya/src/maps/xdp/xsk_map.rs | 1 + aya/src/programs/mod.rs | 1 + ebpf/aya-ebpf/src/args.rs | 13 +++++-- ebpf/aya-ebpf/src/lib.rs | 5 ++- ebpf/aya-ebpf/src/maps/hash_map.rs | 40 ++++++++++++-------- ebpf/aya-ebpf/src/maps/sock_map.rs | 3 ++ ebpf/aya-ebpf/src/maps/stack_trace.rs | 1 + ebpf/aya-ebpf/src/programs/fentry.rs | 1 + ebpf/aya-ebpf/src/programs/fexit.rs | 1 + ebpf/aya-ebpf/src/programs/lsm.rs | 4 +- ebpf/aya-ebpf/src/programs/raw_tracepoint.rs | 1 + ebpf/aya-ebpf/src/programs/tp_btf.rs | 4 +- ebpf/aya-ebpf/src/programs/tracepoint.rs | 1 + 21 files changed, 60 insertions(+), 25 deletions(-) diff --git a/aya-obj/src/btf/info.rs b/aya-obj/src/btf/info.rs index aa5a025f..2a92e7bc 100644 --- a/aya-obj/src/btf/info.rs +++ b/aya-obj/src/btf/info.rs @@ -83,6 +83,7 @@ impl FuncSecInfo { } /// Returns the number of [bpf_func_info] entries. + #[expect(clippy::len_without_is_empty)] pub fn len(&self) -> usize { self.func_info.len() } @@ -188,6 +189,7 @@ impl LineSecInfo { } /// Returns the number of entries. + #[expect(clippy::len_without_is_empty)] pub fn len(&self) -> usize { self.line_info.len() } diff --git a/aya-obj/src/lib.rs b/aya-obj/src/lib.rs index 5220662a..30ff20b9 100644 --- a/aya-obj/src/lib.rs +++ b/aya-obj/src/lib.rs @@ -66,7 +66,6 @@ )] #![cfg_attr(docsrs, feature(doc_cfg))] #![deny(clippy::all, missing_docs)] -#![expect(clippy::len_without_is_empty)] extern crate alloc; #[cfg(feature = "std")] diff --git a/aya/src/bpf.rs b/aya/src/bpf.rs index f44ba0ce..24859809 100644 --- a/aya/src/bpf.rs +++ b/aya/src/bpf.rs @@ -39,6 +39,7 @@ use crate::{ }; /// Marker trait for types that can safely be converted to and from byte slices. +#[expect(clippy::missing_safety_doc)] pub unsafe trait Pod: Copy + 'static {} macro_rules! unsafe_impl_pod { diff --git a/aya/src/lib.rs b/aya/src/lib.rs index 011f9f91..b63bb868 100644 --- a/aya/src/lib.rs +++ b/aya/src/lib.rs @@ -71,7 +71,6 @@ //unused_qualifications, https://github.com/rust-lang/rust/commit/9ccc7b7 added size_of to the prelude, but we need to continue to qualify it so that we build on older compilers. //unused_results, )] -#![expect(clippy::missing_safety_doc, clippy::len_without_is_empty)] #![cfg_attr( all(feature = "async_tokio", feature = "async_std"), expect(unused_crate_dependencies) diff --git a/aya/src/maps/array/array.rs b/aya/src/maps/array/array.rs index b735c599..fc94d2fc 100644 --- a/aya/src/maps/array/array.rs +++ b/aya/src/maps/array/array.rs @@ -49,6 +49,7 @@ impl, V: Pod> Array { /// Returns the number of elements in the array. /// /// This corresponds to the value of `bpf_map_def::max_entries` on the eBPF side. + #[expect(clippy::len_without_is_empty)] pub fn len(&self) -> u32 { self.inner.borrow().obj.max_entries() } diff --git a/aya/src/maps/array/per_cpu_array.rs b/aya/src/maps/array/per_cpu_array.rs index d7943880..82564d6c 100644 --- a/aya/src/maps/array/per_cpu_array.rs +++ b/aya/src/maps/array/per_cpu_array.rs @@ -68,6 +68,7 @@ impl, V: Pod> PerCpuArray { /// Returns the number of elements in the array. /// /// This corresponds to the value of `bpf_map_def::max_entries` on the eBPF side. + #[expect(clippy::len_without_is_empty)] pub fn len(&self) -> u32 { self.inner.borrow().obj.max_entries() } diff --git a/aya/src/maps/xdp/cpu_map.rs b/aya/src/maps/xdp/cpu_map.rs index fbc7a467..7579650c 100644 --- a/aya/src/maps/xdp/cpu_map.rs +++ b/aya/src/maps/xdp/cpu_map.rs @@ -70,6 +70,7 @@ impl> CpuMap { /// Returns the number of elements in the array. /// /// This corresponds to the value of `bpf_map_def::max_entries` on the eBPF side. + #[expect(clippy::len_without_is_empty)] pub fn len(&self) -> u32 { self.inner.borrow().obj.max_entries() } diff --git a/aya/src/maps/xdp/dev_map.rs b/aya/src/maps/xdp/dev_map.rs index 1b0aa834..ac0c27cc 100644 --- a/aya/src/maps/xdp/dev_map.rs +++ b/aya/src/maps/xdp/dev_map.rs @@ -61,6 +61,7 @@ impl> DevMap { /// Returns the number of elements in the array. /// /// This corresponds to the value of `bpf_map_def::max_entries` on the eBPF side. + #[expect(clippy::len_without_is_empty)] pub fn len(&self) -> u32 { self.inner.borrow().obj.max_entries() } diff --git a/aya/src/maps/xdp/xsk_map.rs b/aya/src/maps/xdp/xsk_map.rs index 76520009..29f50758 100644 --- a/aya/src/maps/xdp/xsk_map.rs +++ b/aya/src/maps/xdp/xsk_map.rs @@ -50,6 +50,7 @@ impl> XskMap { /// Returns the number of elements in the array. /// /// This corresponds to the value of `bpf_map_def::max_entries` on the eBPF side. + #[expect(clippy::len_without_is_empty)] pub fn len(&self) -> u32 { self.inner.borrow().obj.max_entries() } diff --git a/aya/src/programs/mod.rs b/aya/src/programs/mod.rs index d83e882b..02f90d23 100644 --- a/aya/src/programs/mod.rs +++ b/aya/src/programs/mod.rs @@ -261,6 +261,7 @@ impl ProgramId { /// /// This method is unsafe since it doesn't check that the given `id` is a /// valid program id. + #[expect(clippy::missing_safety_doc)] pub unsafe fn new(id: u32) -> Self { Self(id) } diff --git a/ebpf/aya-ebpf/src/args.rs b/ebpf/aya-ebpf/src/args.rs index d7c4793e..d39a232e 100644 --- a/ebpf/aya-ebpf/src/args.rs +++ b/ebpf/aya-ebpf/src/args.rs @@ -18,13 +18,17 @@ use crate::{bindings::bpf_raw_tracepoint_args, cty::c_void, helpers::bpf_probe_r /// /// Users should not implement this trait. /// -/// SAFETY: This trait is _only_ safe to implement on primitive types that can fit into +/// # Safety +/// +/// This trait is _only_ safe to implement on primitive types that can fit into /// a `u64`. For example, integers and raw pointers may be coerced from a BTF context. pub unsafe trait FromBtfArgument: Sized { /// Coerces a `T` from the `n`th argument from a BTF context where `n` starts /// at 0 and increases by 1 for each successive argument. /// - /// SAFETY: This function is deeply unsafe, as we are reading raw pointers into kernel + /// # Safety + /// + /// This function is deeply unsafe, as we are reading raw pointers into kernel /// memory. In particular, the value of `n` must not exceed the number of function /// arguments. Moreover, `ctx` must be a valid pointer to a BTF context, and `T` must /// be the right type for the given argument. @@ -482,7 +486,7 @@ impl RawTracepointArgs { /// Returns the n-th argument of the raw tracepoint. /// - /// ## Safety + /// # Safety /// /// This method is unsafe because it performs raw pointer conversion and makes assumptions /// about the structure of the `bpf_raw_tracepoint_args` type. The tracepoint arguments are @@ -508,10 +512,11 @@ impl RawTracepointArgs { } } +#[expect(clippy::missing_safety_doc)] pub unsafe trait FromRawTracepointArgs: Sized { /// Returns the n-th argument of the raw tracepoint. /// - /// ## Safety + /// # Safety /// /// This method is unsafe because it performs raw pointer conversion and makes assumptions /// about the structure of the `bpf_raw_tracepoint_args` type. The tracepoint arguments are diff --git a/ebpf/aya-ebpf/src/lib.rs b/ebpf/aya-ebpf/src/lib.rs index 282c8467..1e84f0fa 100644 --- a/ebpf/aya-ebpf/src/lib.rs +++ b/ebpf/aya-ebpf/src/lib.rs @@ -11,7 +11,6 @@ #![cfg_attr(unstable, expect(incomplete_features), feature(generic_const_exprs))] #![cfg_attr(unstable, feature(never_type))] #![cfg_attr(target_arch = "bpf", feature(asm_experimental_arch))] -#![expect(clippy::missing_safety_doc)] #![deny(warnings)] #![warn(clippy::cast_lossless, clippy::cast_sign_loss)] #![no_std] @@ -20,6 +19,7 @@ pub use aya_ebpf_bindings::bindings; mod args; pub use args::{PtRegs, RawTracepointArgs}; +#[expect(clippy::missing_safety_doc)] pub mod helpers; pub mod maps; pub mod programs; @@ -62,6 +62,7 @@ pub trait EbpfContext { } #[no_mangle] +#[expect(clippy::missing_safety_doc)] pub unsafe extern "C" fn memset(s: *mut u8, c: c_int, n: usize) { #[expect(clippy::cast_sign_loss)] let b = c as u8; @@ -71,11 +72,13 @@ pub unsafe extern "C" fn memset(s: *mut u8, c: c_int, n: usize) { } #[no_mangle] +#[expect(clippy::missing_safety_doc)] pub unsafe extern "C" fn memcpy(dest: *mut u8, src: *mut u8, n: usize) { copy_forward(dest, src, n); } #[no_mangle] +#[expect(clippy::missing_safety_doc)] pub unsafe extern "C" fn memmove(dest: *mut u8, src: *mut u8, n: usize) { let delta = (dest as usize).wrapping_sub(src as usize); if delta >= n { diff --git a/ebpf/aya-ebpf/src/maps/hash_map.rs b/ebpf/aya-ebpf/src/maps/hash_map.rs index ad443c34..a39615d1 100644 --- a/ebpf/aya-ebpf/src/maps/hash_map.rs +++ b/ebpf/aya-ebpf/src/maps/hash_map.rs @@ -49,10 +49,12 @@ impl HashMap { } /// Retrieve the value associate with `key` from the map. - /// This function is unsafe. Unless the map flag `BPF_F_NO_PREALLOC` is used, the kernel does not - /// make guarantee on the atomicity of `insert` or `remove`, and any element removed from the - /// map might get aliased by another element in the map, causing garbage to be read, or - /// corruption in case of writes. + /// + /// # Safety + /// + /// Unless the map flag `BPF_F_NO_PREALLOC` is used, the kernel does not guarantee the atomicity + /// of `insert` or `remove`, and any element removed from the map might get aliased by another + /// element in the map, causing garbage to be read, or corruption in case of writes. #[inline] pub unsafe fn get(&self, key: &K) -> Option<&V> { get(self.def.get(), key) @@ -123,10 +125,12 @@ impl LruHashMap { } /// Retrieve the value associate with `key` from the map. - /// This function is unsafe. Unless the map flag `BPF_F_NO_PREALLOC` is used, the kernel does not - /// make guarantee on the atomicity of `insert` or `remove`, and any element removed from the - /// map might get aliased by another element in the map, causing garbage to be read, or - /// corruption in case of writes. + /// + /// # Safety + /// + /// Unless the map flag `BPF_F_NO_PREALLOC` is used, the kernel does not guarantee the atomicity + /// of `insert` or `remove`, and any element removed from the map might get aliased by another + /// element in the map, causing garbage to be read, or corruption in case of writes. #[inline] pub unsafe fn get(&self, key: &K) -> Option<&V> { get(self.def.get(), key) @@ -197,10 +201,12 @@ impl PerCpuHashMap { } /// Retrieve the value associate with `key` from the map. - /// This function is unsafe. Unless the map flag `BPF_F_NO_PREALLOC` is used, the kernel does not - /// make guarantee on the atomicity of `insert` or `remove`, and any element removed from the - /// map might get aliased by another element in the map, causing garbage to be read, or - /// corruption in case of writes. + /// + /// # Safety + /// + /// Unless the map flag `BPF_F_NO_PREALLOC` is used, the kernel does not guarantee the atomicity + /// of `insert` or `remove`, and any element removed from the map might get aliased by another + /// element in the map, causing garbage to be read, or corruption in case of writes. #[inline] pub unsafe fn get(&self, key: &K) -> Option<&V> { get(self.def.get(), key) @@ -271,10 +277,12 @@ impl LruPerCpuHashMap { } /// Retrieve the value associate with `key` from the map. - /// This function is unsafe. Unless the map flag `BPF_F_NO_PREALLOC` is used, the kernel does not - /// make guarantee on the atomicity of `insert` or `remove`, and any element removed from the - /// map might get aliased by another element in the map, causing garbage to be read, or - /// corruption in case of writes. + /// + /// # Safety + /// + /// Unless the map flag `BPF_F_NO_PREALLOC` is used, the kernel does not guarantee the atomicity + /// of `insert` or `remove`, and any element removed from the map might get aliased by another + /// element in the map, causing garbage to be read, or corruption in case of writes. #[inline] pub unsafe fn get(&self, key: &K) -> Option<&V> { get(self.def.get(), key) diff --git a/ebpf/aya-ebpf/src/maps/sock_map.rs b/ebpf/aya-ebpf/src/maps/sock_map.rs index bf441d88..eb1822e2 100644 --- a/ebpf/aya-ebpf/src/maps/sock_map.rs +++ b/ebpf/aya-ebpf/src/maps/sock_map.rs @@ -50,6 +50,7 @@ impl SockMap { } } + #[expect(clippy::missing_safety_doc)] pub unsafe fn update( &self, mut index: u32, @@ -69,6 +70,7 @@ impl SockMap { } } + #[expect(clippy::missing_safety_doc)] pub unsafe fn redirect_msg(&self, ctx: &SkMsgContext, index: u32, flags: u64) -> i64 { bpf_msg_redirect_map( ctx.as_ptr() as *mut _, @@ -78,6 +80,7 @@ impl SockMap { ) } + #[expect(clippy::missing_safety_doc)] pub unsafe fn redirect_skb(&self, ctx: &SkBuffContext, index: u32, flags: u64) -> i64 { bpf_sk_redirect_map( ctx.as_ptr() as *mut _, diff --git a/ebpf/aya-ebpf/src/maps/stack_trace.rs b/ebpf/aya-ebpf/src/maps/stack_trace.rs index 6685b4c5..9de8ff4b 100644 --- a/ebpf/aya-ebpf/src/maps/stack_trace.rs +++ b/ebpf/aya-ebpf/src/maps/stack_trace.rs @@ -45,6 +45,7 @@ impl StackTrace { } } + #[expect(clippy::missing_safety_doc)] pub unsafe fn get_stackid(&self, ctx: &C, flags: u64) -> Result { let ret = bpf_get_stackid(ctx.as_ptr(), self.def.get() as *mut _, flags); if ret < 0 { diff --git a/ebpf/aya-ebpf/src/programs/fentry.rs b/ebpf/aya-ebpf/src/programs/fentry.rs index 49290ff4..3bf7113a 100644 --- a/ebpf/aya-ebpf/src/programs/fentry.rs +++ b/ebpf/aya-ebpf/src/programs/fentry.rs @@ -31,6 +31,7 @@ impl FEntryContext { /// Ok(0) /// } /// ``` + #[expect(clippy::missing_safety_doc)] pub unsafe fn arg(&self, n: usize) -> T { T::from_argument(self.ctx as *const _, n) } diff --git a/ebpf/aya-ebpf/src/programs/fexit.rs b/ebpf/aya-ebpf/src/programs/fexit.rs index d05e43dd..081c204e 100644 --- a/ebpf/aya-ebpf/src/programs/fexit.rs +++ b/ebpf/aya-ebpf/src/programs/fexit.rs @@ -31,6 +31,7 @@ impl FExitContext { /// Ok(0) /// } /// ``` + #[expect(clippy::missing_safety_doc)] pub unsafe fn arg(&self, n: usize) -> T { T::from_argument(self.ctx as *const _, n) } diff --git a/ebpf/aya-ebpf/src/programs/lsm.rs b/ebpf/aya-ebpf/src/programs/lsm.rs index 87262602..82325676 100644 --- a/ebpf/aya-ebpf/src/programs/lsm.rs +++ b/ebpf/aya-ebpf/src/programs/lsm.rs @@ -22,7 +22,9 @@ impl LsmContext { /// this code path, or 0 if this is the first LSM program to be called. This phony /// argument is always last in the argument list. /// - /// SAFETY: This function is deeply unsafe, as we are reading raw pointers into kernel memory. + /// # Safety + /// + /// This function is deeply unsafe, as we are reading raw pointers into kernel memory. /// In particular, the value of `n` must not exceed the number of function arguments. /// Luckily, the BPF verifier will catch this for us. /// diff --git a/ebpf/aya-ebpf/src/programs/raw_tracepoint.rs b/ebpf/aya-ebpf/src/programs/raw_tracepoint.rs index f8d22aa2..e19721c2 100644 --- a/ebpf/aya-ebpf/src/programs/raw_tracepoint.rs +++ b/ebpf/aya-ebpf/src/programs/raw_tracepoint.rs @@ -13,6 +13,7 @@ impl RawTracePointContext { } } + #[expect(clippy::missing_safety_doc)] pub unsafe fn arg(&self, n: usize) -> T { T::from_argument(&*self.ctx, n) } diff --git a/ebpf/aya-ebpf/src/programs/tp_btf.rs b/ebpf/aya-ebpf/src/programs/tp_btf.rs index 70bd1d83..1a53e521 100644 --- a/ebpf/aya-ebpf/src/programs/tp_btf.rs +++ b/ebpf/aya-ebpf/src/programs/tp_btf.rs @@ -16,7 +16,9 @@ impl BtfTracePointContext { /// You can use the tplist tool provided by bcc to get a list of tracepoints and their /// arguments. TODO: document this better, possibly add a tplist alternative to aya. /// - /// SAFETY: This function is deeply unsafe, as we are reading raw pointers into kernel memory. + /// # Safety + /// + /// This function is deeply unsafe, as we are reading raw pointers into kernel memory. /// In particular, the value of `n` must not exceed the number of function arguments. /// Luckily, the BPF verifier will catch this for us. /// diff --git a/ebpf/aya-ebpf/src/programs/tracepoint.rs b/ebpf/aya-ebpf/src/programs/tracepoint.rs index c1f2dd66..bdc884aa 100644 --- a/ebpf/aya-ebpf/src/programs/tracepoint.rs +++ b/ebpf/aya-ebpf/src/programs/tracepoint.rs @@ -11,6 +11,7 @@ impl TracePointContext { TracePointContext { ctx } } + #[expect(clippy::missing_safety_doc)] pub unsafe fn read_at(&self, offset: usize) -> Result { bpf_probe_read(self.ctx.add(offset) as *const T) }