Reduce the scope of expected warnings

This fixes a few safety comments to avoid the warnings.
reviewable/pr1201/r1
Tamir Duberstein 2 weeks ago
parent 4101a5a55d
commit ea5f7e3015

@ -83,6 +83,7 @@ impl FuncSecInfo {
} }
/// Returns the number of [bpf_func_info] entries. /// Returns the number of [bpf_func_info] entries.
#[expect(clippy::len_without_is_empty)]
pub fn len(&self) -> usize { pub fn len(&self) -> usize {
self.func_info.len() self.func_info.len()
} }
@ -188,6 +189,7 @@ impl LineSecInfo {
} }
/// Returns the number of entries. /// Returns the number of entries.
#[expect(clippy::len_without_is_empty)]
pub fn len(&self) -> usize { pub fn len(&self) -> usize {
self.line_info.len() self.line_info.len()
} }

@ -66,7 +66,6 @@
)] )]
#![cfg_attr(docsrs, feature(doc_cfg))] #![cfg_attr(docsrs, feature(doc_cfg))]
#![deny(clippy::all, missing_docs)] #![deny(clippy::all, missing_docs)]
#![expect(clippy::len_without_is_empty)]
extern crate alloc; extern crate alloc;
#[cfg(feature = "std")] #[cfg(feature = "std")]

@ -39,6 +39,7 @@ use crate::{
}; };
/// Marker trait for types that can safely be converted to and from byte slices. /// Marker trait for types that can safely be converted to and from byte slices.
#[expect(clippy::missing_safety_doc)]
pub unsafe trait Pod: Copy + 'static {} pub unsafe trait Pod: Copy + 'static {}
macro_rules! unsafe_impl_pod { macro_rules! unsafe_impl_pod {

@ -71,7 +71,6 @@
//unused_qualifications, https://github.com/rust-lang/rust/commit/9ccc7b7 added size_of to the prelude, but we need to continue to qualify it so that we build on older compilers. //unused_qualifications, https://github.com/rust-lang/rust/commit/9ccc7b7 added size_of to the prelude, but we need to continue to qualify it so that we build on older compilers.
//unused_results, //unused_results,
)] )]
#![expect(clippy::missing_safety_doc, clippy::len_without_is_empty)]
#![cfg_attr( #![cfg_attr(
all(feature = "async_tokio", feature = "async_std"), all(feature = "async_tokio", feature = "async_std"),
expect(unused_crate_dependencies) expect(unused_crate_dependencies)

@ -49,6 +49,7 @@ impl<T: Borrow<MapData>, V: Pod> Array<T, V> {
/// Returns the number of elements in the array. /// Returns the number of elements in the array.
/// ///
/// This corresponds to the value of `bpf_map_def::max_entries` on the eBPF side. /// This corresponds to the value of `bpf_map_def::max_entries` on the eBPF side.
#[expect(clippy::len_without_is_empty)]
pub fn len(&self) -> u32 { pub fn len(&self) -> u32 {
self.inner.borrow().obj.max_entries() self.inner.borrow().obj.max_entries()
} }

@ -68,6 +68,7 @@ impl<T: Borrow<MapData>, V: Pod> PerCpuArray<T, V> {
/// Returns the number of elements in the array. /// Returns the number of elements in the array.
/// ///
/// This corresponds to the value of `bpf_map_def::max_entries` on the eBPF side. /// This corresponds to the value of `bpf_map_def::max_entries` on the eBPF side.
#[expect(clippy::len_without_is_empty)]
pub fn len(&self) -> u32 { pub fn len(&self) -> u32 {
self.inner.borrow().obj.max_entries() self.inner.borrow().obj.max_entries()
} }

@ -70,6 +70,7 @@ impl<T: Borrow<MapData>> CpuMap<T> {
/// Returns the number of elements in the array. /// Returns the number of elements in the array.
/// ///
/// This corresponds to the value of `bpf_map_def::max_entries` on the eBPF side. /// This corresponds to the value of `bpf_map_def::max_entries` on the eBPF side.
#[expect(clippy::len_without_is_empty)]
pub fn len(&self) -> u32 { pub fn len(&self) -> u32 {
self.inner.borrow().obj.max_entries() self.inner.borrow().obj.max_entries()
} }

@ -61,6 +61,7 @@ impl<T: Borrow<MapData>> DevMap<T> {
/// Returns the number of elements in the array. /// Returns the number of elements in the array.
/// ///
/// This corresponds to the value of `bpf_map_def::max_entries` on the eBPF side. /// This corresponds to the value of `bpf_map_def::max_entries` on the eBPF side.
#[expect(clippy::len_without_is_empty)]
pub fn len(&self) -> u32 { pub fn len(&self) -> u32 {
self.inner.borrow().obj.max_entries() self.inner.borrow().obj.max_entries()
} }

@ -50,6 +50,7 @@ impl<T: Borrow<MapData>> XskMap<T> {
/// Returns the number of elements in the array. /// Returns the number of elements in the array.
/// ///
/// This corresponds to the value of `bpf_map_def::max_entries` on the eBPF side. /// This corresponds to the value of `bpf_map_def::max_entries` on the eBPF side.
#[expect(clippy::len_without_is_empty)]
pub fn len(&self) -> u32 { pub fn len(&self) -> u32 {
self.inner.borrow().obj.max_entries() self.inner.borrow().obj.max_entries()
} }

@ -261,6 +261,7 @@ impl ProgramId {
/// ///
/// This method is unsafe since it doesn't check that the given `id` is a /// This method is unsafe since it doesn't check that the given `id` is a
/// valid program id. /// valid program id.
#[expect(clippy::missing_safety_doc)]
pub unsafe fn new(id: u32) -> Self { pub unsafe fn new(id: u32) -> Self {
Self(id) Self(id)
} }

@ -18,13 +18,17 @@ use crate::{bindings::bpf_raw_tracepoint_args, cty::c_void, helpers::bpf_probe_r
/// ///
/// Users should not implement this trait. /// Users should not implement this trait.
/// ///
/// SAFETY: This trait is _only_ safe to implement on primitive types that can fit into /// # Safety
///
/// This trait is _only_ safe to implement on primitive types that can fit into
/// a `u64`. For example, integers and raw pointers may be coerced from a BTF context. /// a `u64`. For example, integers and raw pointers may be coerced from a BTF context.
pub unsafe trait FromBtfArgument: Sized { pub unsafe trait FromBtfArgument: Sized {
/// Coerces a `T` from the `n`th argument from a BTF context where `n` starts /// Coerces a `T` from the `n`th argument from a BTF context where `n` starts
/// at 0 and increases by 1 for each successive argument. /// at 0 and increases by 1 for each successive argument.
/// ///
/// SAFETY: This function is deeply unsafe, as we are reading raw pointers into kernel /// # Safety
///
/// This function is deeply unsafe, as we are reading raw pointers into kernel
/// memory. In particular, the value of `n` must not exceed the number of function /// memory. In particular, the value of `n` must not exceed the number of function
/// arguments. Moreover, `ctx` must be a valid pointer to a BTF context, and `T` must /// arguments. Moreover, `ctx` must be a valid pointer to a BTF context, and `T` must
/// be the right type for the given argument. /// be the right type for the given argument.
@ -482,7 +486,7 @@ impl RawTracepointArgs {
/// Returns the n-th argument of the raw tracepoint. /// Returns the n-th argument of the raw tracepoint.
/// ///
/// ## Safety /// # Safety
/// ///
/// This method is unsafe because it performs raw pointer conversion and makes assumptions /// This method is unsafe because it performs raw pointer conversion and makes assumptions
/// about the structure of the `bpf_raw_tracepoint_args` type. The tracepoint arguments are /// about the structure of the `bpf_raw_tracepoint_args` type. The tracepoint arguments are
@ -508,10 +512,11 @@ impl RawTracepointArgs {
} }
} }
#[expect(clippy::missing_safety_doc)]
pub unsafe trait FromRawTracepointArgs: Sized { pub unsafe trait FromRawTracepointArgs: Sized {
/// Returns the n-th argument of the raw tracepoint. /// Returns the n-th argument of the raw tracepoint.
/// ///
/// ## Safety /// # Safety
/// ///
/// This method is unsafe because it performs raw pointer conversion and makes assumptions /// This method is unsafe because it performs raw pointer conversion and makes assumptions
/// about the structure of the `bpf_raw_tracepoint_args` type. The tracepoint arguments are /// about the structure of the `bpf_raw_tracepoint_args` type. The tracepoint arguments are

@ -11,7 +11,6 @@
#![cfg_attr(unstable, expect(incomplete_features), feature(generic_const_exprs))] #![cfg_attr(unstable, expect(incomplete_features), feature(generic_const_exprs))]
#![cfg_attr(unstable, feature(never_type))] #![cfg_attr(unstable, feature(never_type))]
#![cfg_attr(target_arch = "bpf", feature(asm_experimental_arch))] #![cfg_attr(target_arch = "bpf", feature(asm_experimental_arch))]
#![expect(clippy::missing_safety_doc)]
#![deny(warnings)] #![deny(warnings)]
#![warn(clippy::cast_lossless, clippy::cast_sign_loss)] #![warn(clippy::cast_lossless, clippy::cast_sign_loss)]
#![no_std] #![no_std]
@ -20,6 +19,7 @@ pub use aya_ebpf_bindings::bindings;
mod args; mod args;
pub use args::{PtRegs, RawTracepointArgs}; pub use args::{PtRegs, RawTracepointArgs};
#[expect(clippy::missing_safety_doc)]
pub mod helpers; pub mod helpers;
pub mod maps; pub mod maps;
pub mod programs; pub mod programs;
@ -62,6 +62,7 @@ pub trait EbpfContext {
} }
#[no_mangle] #[no_mangle]
#[expect(clippy::missing_safety_doc)]
pub unsafe extern "C" fn memset(s: *mut u8, c: c_int, n: usize) { pub unsafe extern "C" fn memset(s: *mut u8, c: c_int, n: usize) {
#[expect(clippy::cast_sign_loss)] #[expect(clippy::cast_sign_loss)]
let b = c as u8; let b = c as u8;
@ -71,11 +72,13 @@ pub unsafe extern "C" fn memset(s: *mut u8, c: c_int, n: usize) {
} }
#[no_mangle] #[no_mangle]
#[expect(clippy::missing_safety_doc)]
pub unsafe extern "C" fn memcpy(dest: *mut u8, src: *mut u8, n: usize) { pub unsafe extern "C" fn memcpy(dest: *mut u8, src: *mut u8, n: usize) {
copy_forward(dest, src, n); copy_forward(dest, src, n);
} }
#[no_mangle] #[no_mangle]
#[expect(clippy::missing_safety_doc)]
pub unsafe extern "C" fn memmove(dest: *mut u8, src: *mut u8, n: usize) { pub unsafe extern "C" fn memmove(dest: *mut u8, src: *mut u8, n: usize) {
let delta = (dest as usize).wrapping_sub(src as usize); let delta = (dest as usize).wrapping_sub(src as usize);
if delta >= n { if delta >= n {

@ -49,10 +49,12 @@ impl<K, V> HashMap<K, V> {
} }
/// Retrieve the value associate with `key` from the map. /// Retrieve the value associate with `key` from the map.
/// This function is unsafe. Unless the map flag `BPF_F_NO_PREALLOC` is used, the kernel does not ///
/// make guarantee on the atomicity of `insert` or `remove`, and any element removed from the /// # Safety
/// map might get aliased by another element in the map, causing garbage to be read, or ///
/// corruption in case of writes. /// Unless the map flag `BPF_F_NO_PREALLOC` is used, the kernel does not guarantee the atomicity
/// of `insert` or `remove`, and any element removed from the map might get aliased by another
/// element in the map, causing garbage to be read, or corruption in case of writes.
#[inline] #[inline]
pub unsafe fn get(&self, key: &K) -> Option<&V> { pub unsafe fn get(&self, key: &K) -> Option<&V> {
get(self.def.get(), key) get(self.def.get(), key)
@ -123,10 +125,12 @@ impl<K, V> LruHashMap<K, V> {
} }
/// Retrieve the value associate with `key` from the map. /// Retrieve the value associate with `key` from the map.
/// This function is unsafe. Unless the map flag `BPF_F_NO_PREALLOC` is used, the kernel does not ///
/// make guarantee on the atomicity of `insert` or `remove`, and any element removed from the /// # Safety
/// map might get aliased by another element in the map, causing garbage to be read, or ///
/// corruption in case of writes. /// Unless the map flag `BPF_F_NO_PREALLOC` is used, the kernel does not guarantee the atomicity
/// of `insert` or `remove`, and any element removed from the map might get aliased by another
/// element in the map, causing garbage to be read, or corruption in case of writes.
#[inline] #[inline]
pub unsafe fn get(&self, key: &K) -> Option<&V> { pub unsafe fn get(&self, key: &K) -> Option<&V> {
get(self.def.get(), key) get(self.def.get(), key)
@ -197,10 +201,12 @@ impl<K, V> PerCpuHashMap<K, V> {
} }
/// Retrieve the value associate with `key` from the map. /// Retrieve the value associate with `key` from the map.
/// This function is unsafe. Unless the map flag `BPF_F_NO_PREALLOC` is used, the kernel does not ///
/// make guarantee on the atomicity of `insert` or `remove`, and any element removed from the /// # Safety
/// map might get aliased by another element in the map, causing garbage to be read, or ///
/// corruption in case of writes. /// Unless the map flag `BPF_F_NO_PREALLOC` is used, the kernel does not guarantee the atomicity
/// of `insert` or `remove`, and any element removed from the map might get aliased by another
/// element in the map, causing garbage to be read, or corruption in case of writes.
#[inline] #[inline]
pub unsafe fn get(&self, key: &K) -> Option<&V> { pub unsafe fn get(&self, key: &K) -> Option<&V> {
get(self.def.get(), key) get(self.def.get(), key)
@ -271,10 +277,12 @@ impl<K, V> LruPerCpuHashMap<K, V> {
} }
/// Retrieve the value associate with `key` from the map. /// Retrieve the value associate with `key` from the map.
/// This function is unsafe. Unless the map flag `BPF_F_NO_PREALLOC` is used, the kernel does not ///
/// make guarantee on the atomicity of `insert` or `remove`, and any element removed from the /// # Safety
/// map might get aliased by another element in the map, causing garbage to be read, or ///
/// corruption in case of writes. /// Unless the map flag `BPF_F_NO_PREALLOC` is used, the kernel does not guarantee the atomicity
/// of `insert` or `remove`, and any element removed from the map might get aliased by another
/// element in the map, causing garbage to be read, or corruption in case of writes.
#[inline] #[inline]
pub unsafe fn get(&self, key: &K) -> Option<&V> { pub unsafe fn get(&self, key: &K) -> Option<&V> {
get(self.def.get(), key) get(self.def.get(), key)

@ -50,6 +50,7 @@ impl SockMap {
} }
} }
#[expect(clippy::missing_safety_doc)]
pub unsafe fn update( pub unsafe fn update(
&self, &self,
mut index: u32, mut index: u32,
@ -69,6 +70,7 @@ impl SockMap {
} }
} }
#[expect(clippy::missing_safety_doc)]
pub unsafe fn redirect_msg(&self, ctx: &SkMsgContext, index: u32, flags: u64) -> i64 { pub unsafe fn redirect_msg(&self, ctx: &SkMsgContext, index: u32, flags: u64) -> i64 {
bpf_msg_redirect_map( bpf_msg_redirect_map(
ctx.as_ptr() as *mut _, ctx.as_ptr() as *mut _,
@ -78,6 +80,7 @@ impl SockMap {
) )
} }
#[expect(clippy::missing_safety_doc)]
pub unsafe fn redirect_skb(&self, ctx: &SkBuffContext, index: u32, flags: u64) -> i64 { pub unsafe fn redirect_skb(&self, ctx: &SkBuffContext, index: u32, flags: u64) -> i64 {
bpf_sk_redirect_map( bpf_sk_redirect_map(
ctx.as_ptr() as *mut _, ctx.as_ptr() as *mut _,

@ -45,6 +45,7 @@ impl StackTrace {
} }
} }
#[expect(clippy::missing_safety_doc)]
pub unsafe fn get_stackid<C: EbpfContext>(&self, ctx: &C, flags: u64) -> Result<i64, i64> { pub unsafe fn get_stackid<C: EbpfContext>(&self, ctx: &C, flags: u64) -> Result<i64, i64> {
let ret = bpf_get_stackid(ctx.as_ptr(), self.def.get() as *mut _, flags); let ret = bpf_get_stackid(ctx.as_ptr(), self.def.get() as *mut _, flags);
if ret < 0 { if ret < 0 {

@ -31,6 +31,7 @@ impl FEntryContext {
/// Ok(0) /// Ok(0)
/// } /// }
/// ``` /// ```
#[expect(clippy::missing_safety_doc)]
pub unsafe fn arg<T: FromBtfArgument>(&self, n: usize) -> T { pub unsafe fn arg<T: FromBtfArgument>(&self, n: usize) -> T {
T::from_argument(self.ctx as *const _, n) T::from_argument(self.ctx as *const _, n)
} }

@ -31,6 +31,7 @@ impl FExitContext {
/// Ok(0) /// Ok(0)
/// } /// }
/// ``` /// ```
#[expect(clippy::missing_safety_doc)]
pub unsafe fn arg<T: FromBtfArgument>(&self, n: usize) -> T { pub unsafe fn arg<T: FromBtfArgument>(&self, n: usize) -> T {
T::from_argument(self.ctx as *const _, n) T::from_argument(self.ctx as *const _, n)
} }

@ -22,7 +22,9 @@ impl LsmContext {
/// this code path, or 0 if this is the first LSM program to be called. This phony /// this code path, or 0 if this is the first LSM program to be called. This phony
/// argument is always last in the argument list. /// argument is always last in the argument list.
/// ///
/// SAFETY: This function is deeply unsafe, as we are reading raw pointers into kernel memory. /// # Safety
///
/// This function is deeply unsafe, as we are reading raw pointers into kernel memory.
/// In particular, the value of `n` must not exceed the number of function arguments. /// In particular, the value of `n` must not exceed the number of function arguments.
/// Luckily, the BPF verifier will catch this for us. /// Luckily, the BPF verifier will catch this for us.
/// ///

@ -13,6 +13,7 @@ impl RawTracePointContext {
} }
} }
#[expect(clippy::missing_safety_doc)]
pub unsafe fn arg<T: FromRawTracepointArgs>(&self, n: usize) -> T { pub unsafe fn arg<T: FromRawTracepointArgs>(&self, n: usize) -> T {
T::from_argument(&*self.ctx, n) T::from_argument(&*self.ctx, n)
} }

@ -16,7 +16,9 @@ impl BtfTracePointContext {
/// You can use the tplist tool provided by bcc to get a list of tracepoints and their /// You can use the tplist tool provided by bcc to get a list of tracepoints and their
/// arguments. TODO: document this better, possibly add a tplist alternative to aya. /// arguments. TODO: document this better, possibly add a tplist alternative to aya.
/// ///
/// SAFETY: This function is deeply unsafe, as we are reading raw pointers into kernel memory. /// # Safety
///
/// This function is deeply unsafe, as we are reading raw pointers into kernel memory.
/// In particular, the value of `n` must not exceed the number of function arguments. /// In particular, the value of `n` must not exceed the number of function arguments.
/// Luckily, the BPF verifier will catch this for us. /// Luckily, the BPF verifier will catch this for us.
/// ///

@ -11,6 +11,7 @@ impl TracePointContext {
TracePointContext { ctx } TracePointContext { ctx }
} }
#[expect(clippy::missing_safety_doc)]
pub unsafe fn read_at<T>(&self, offset: usize) -> Result<T, i64> { pub unsafe fn read_at<T>(&self, offset: usize) -> Result<T, i64> {
bpf_probe_read(self.ctx.add(offset) as *const T) bpf_probe_read(self.ctx.add(offset) as *const T)
} }

Loading…
Cancel
Save