Skip to content

Commit 4823a58

Browse files
vireshkvireshk
committed
cpufreq: Convert /// SAFETY lines to # Safety sections
Replace `/// SAFETY` comments in doc comments with proper `# Safety` sections, as per rustdoc conventions. Also mark the C FFI callbacks as `unsafe` to correctly reflect their safety requirements. Reported-by: Miguel Ojeda <[email protected]> Closes: #1169 Signed-off-by: Viresh Kumar <[email protected]>
1 parent 19272b3 commit 4823a58

File tree

1 file changed

+109
-37
lines changed

1 file changed

+109
-37
lines changed

rust/kernel/cpufreq.rs

Lines changed: 109 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -1055,8 +1055,11 @@ impl<T: Driver> Registration<T> {
10551055
impl<T: Driver> Registration<T> {
10561056
/// Driver's `init` callback.
10571057
///
1058-
/// SAFETY: Called from C. Inputs must be valid pointers.
1059-
extern "C" fn init_callback(ptr: *mut bindings::cpufreq_policy) -> kernel::ffi::c_int {
1058+
/// # Safety
1059+
///
1060+
/// - This function may only be called from the cpufreq C infrastructure.
1061+
/// - The pointer arguments must be valid pointers.
1062+
unsafe extern "C" fn init_callback(ptr: *mut bindings::cpufreq_policy) -> kernel::ffi::c_int {
10601063
from_result(|| {
10611064
// SAFETY: The `ptr` is guaranteed to be valid by the contract with the C code for the
10621065
// lifetime of `policy`.
@@ -1070,8 +1073,11 @@ impl<T: Driver> Registration<T> {
10701073

10711074
/// Driver's `exit` callback.
10721075
///
1073-
/// SAFETY: Called from C. Inputs must be valid pointers.
1074-
extern "C" fn exit_callback(ptr: *mut bindings::cpufreq_policy) {
1076+
/// # Safety
1077+
///
1078+
/// - This function may only be called from the cpufreq C infrastructure.
1079+
/// - The pointer arguments must be valid pointers.
1080+
unsafe extern "C" fn exit_callback(ptr: *mut bindings::cpufreq_policy) {
10751081
// SAFETY: The `ptr` is guaranteed to be valid by the contract with the C code for the
10761082
// lifetime of `policy`.
10771083
let policy = unsafe { Policy::from_raw_mut(ptr) };
@@ -1082,8 +1088,11 @@ impl<T: Driver> Registration<T> {
10821088

10831089
/// Driver's `online` callback.
10841090
///
1085-
/// SAFETY: Called from C. Inputs must be valid pointers.
1086-
extern "C" fn online_callback(ptr: *mut bindings::cpufreq_policy) -> kernel::ffi::c_int {
1091+
/// # Safety
1092+
///
1093+
/// - This function may only be called from the cpufreq C infrastructure.
1094+
/// - The pointer arguments must be valid pointers.
1095+
unsafe extern "C" fn online_callback(ptr: *mut bindings::cpufreq_policy) -> kernel::ffi::c_int {
10871096
from_result(|| {
10881097
// SAFETY: The `ptr` is guaranteed to be valid by the contract with the C code for the
10891098
// lifetime of `policy`.
@@ -1094,8 +1103,13 @@ impl<T: Driver> Registration<T> {
10941103

10951104
/// Driver's `offline` callback.
10961105
///
1097-
/// SAFETY: Called from C. Inputs must be valid pointers.
1098-
extern "C" fn offline_callback(ptr: *mut bindings::cpufreq_policy) -> kernel::ffi::c_int {
1106+
/// # Safety
1107+
///
1108+
/// - This function may only be called from the cpufreq C infrastructure.
1109+
/// - The pointer arguments must be valid pointers.
1110+
unsafe extern "C" fn offline_callback(
1111+
ptr: *mut bindings::cpufreq_policy,
1112+
) -> kernel::ffi::c_int {
10991113
from_result(|| {
11001114
// SAFETY: The `ptr` is guaranteed to be valid by the contract with the C code for the
11011115
// lifetime of `policy`.
@@ -1106,8 +1120,13 @@ impl<T: Driver> Registration<T> {
11061120

11071121
/// Driver's `suspend` callback.
11081122
///
1109-
/// SAFETY: Called from C. Inputs must be valid pointers.
1110-
extern "C" fn suspend_callback(ptr: *mut bindings::cpufreq_policy) -> kernel::ffi::c_int {
1123+
/// # Safety
1124+
///
1125+
/// - This function may only be called from the cpufreq C infrastructure.
1126+
/// - The pointer arguments must be valid pointers.
1127+
unsafe extern "C" fn suspend_callback(
1128+
ptr: *mut bindings::cpufreq_policy,
1129+
) -> kernel::ffi::c_int {
11111130
from_result(|| {
11121131
// SAFETY: The `ptr` is guaranteed to be valid by the contract with the C code for the
11131132
// lifetime of `policy`.
@@ -1118,8 +1137,11 @@ impl<T: Driver> Registration<T> {
11181137

11191138
/// Driver's `resume` callback.
11201139
///
1121-
/// SAFETY: Called from C. Inputs must be valid pointers.
1122-
extern "C" fn resume_callback(ptr: *mut bindings::cpufreq_policy) -> kernel::ffi::c_int {
1140+
/// # Safety
1141+
///
1142+
/// - This function may only be called from the cpufreq C infrastructure.
1143+
/// - The pointer arguments must be valid pointers.
1144+
unsafe extern "C" fn resume_callback(ptr: *mut bindings::cpufreq_policy) -> kernel::ffi::c_int {
11231145
from_result(|| {
11241146
// SAFETY: The `ptr` is guaranteed to be valid by the contract with the C code for the
11251147
// lifetime of `policy`.
@@ -1130,8 +1152,11 @@ impl<T: Driver> Registration<T> {
11301152

11311153
/// Driver's `ready` callback.
11321154
///
1133-
/// SAFETY: Called from C. Inputs must be valid pointers.
1134-
extern "C" fn ready_callback(ptr: *mut bindings::cpufreq_policy) {
1155+
/// # Safety
1156+
///
1157+
/// - This function may only be called from the cpufreq C infrastructure.
1158+
/// - The pointer arguments must be valid pointers.
1159+
unsafe extern "C" fn ready_callback(ptr: *mut bindings::cpufreq_policy) {
11351160
// SAFETY: The `ptr` is guaranteed to be valid by the contract with the C code for the
11361161
// lifetime of `policy`.
11371162
let policy = unsafe { Policy::from_raw_mut(ptr) };
@@ -1140,8 +1165,13 @@ impl<T: Driver> Registration<T> {
11401165

11411166
/// Driver's `verify` callback.
11421167
///
1143-
/// SAFETY: Called from C. Inputs must be valid pointers.
1144-
extern "C" fn verify_callback(ptr: *mut bindings::cpufreq_policy_data) -> kernel::ffi::c_int {
1168+
/// # Safety
1169+
///
1170+
/// - This function may only be called from the cpufreq C infrastructure.
1171+
/// - The pointer arguments must be valid pointers.
1172+
unsafe extern "C" fn verify_callback(
1173+
ptr: *mut bindings::cpufreq_policy_data,
1174+
) -> kernel::ffi::c_int {
11451175
from_result(|| {
11461176
// SAFETY: The `ptr` is guaranteed to be valid by the contract with the C code for the
11471177
// lifetime of `policy`.
@@ -1152,8 +1182,13 @@ impl<T: Driver> Registration<T> {
11521182

11531183
/// Driver's `setpolicy` callback.
11541184
///
1155-
/// SAFETY: Called from C. Inputs must be valid pointers.
1156-
extern "C" fn setpolicy_callback(ptr: *mut bindings::cpufreq_policy) -> kernel::ffi::c_int {
1185+
/// # Safety
1186+
///
1187+
/// - This function may only be called from the cpufreq C infrastructure.
1188+
/// - The pointer arguments must be valid pointers.
1189+
unsafe extern "C" fn setpolicy_callback(
1190+
ptr: *mut bindings::cpufreq_policy,
1191+
) -> kernel::ffi::c_int {
11571192
from_result(|| {
11581193
// SAFETY: The `ptr` is guaranteed to be valid by the contract with the C code for the
11591194
// lifetime of `policy`.
@@ -1164,8 +1199,11 @@ impl<T: Driver> Registration<T> {
11641199

11651200
/// Driver's `target` callback.
11661201
///
1167-
/// SAFETY: Called from C. Inputs must be valid pointers.
1168-
extern "C" fn target_callback(
1202+
/// # Safety
1203+
///
1204+
/// - This function may only be called from the cpufreq C infrastructure.
1205+
/// - The pointer arguments must be valid pointers.
1206+
unsafe extern "C" fn target_callback(
11691207
ptr: *mut bindings::cpufreq_policy,
11701208
target_freq: u32,
11711209
relation: u32,
@@ -1180,8 +1218,11 @@ impl<T: Driver> Registration<T> {
11801218

11811219
/// Driver's `target_index` callback.
11821220
///
1183-
/// SAFETY: Called from C. Inputs must be valid pointers.
1184-
extern "C" fn target_index_callback(
1221+
/// # Safety
1222+
///
1223+
/// - This function may only be called from the cpufreq C infrastructure.
1224+
/// - The pointer arguments must be valid pointers.
1225+
unsafe extern "C" fn target_index_callback(
11851226
ptr: *mut bindings::cpufreq_policy,
11861227
index: u32,
11871228
) -> kernel::ffi::c_int {
@@ -1200,8 +1241,11 @@ impl<T: Driver> Registration<T> {
12001241

12011242
/// Driver's `fast_switch` callback.
12021243
///
1203-
/// SAFETY: Called from C. Inputs must be valid pointers.
1204-
extern "C" fn fast_switch_callback(
1244+
/// # Safety
1245+
///
1246+
/// - This function may only be called from the cpufreq C infrastructure.
1247+
/// - The pointer arguments must be valid pointers.
1248+
unsafe extern "C" fn fast_switch_callback(
12051249
ptr: *mut bindings::cpufreq_policy,
12061250
target_freq: u32,
12071251
) -> kernel::ffi::c_uint {
@@ -1212,7 +1256,11 @@ impl<T: Driver> Registration<T> {
12121256
}
12131257

12141258
/// Driver's `adjust_perf` callback.
1215-
extern "C" fn adjust_perf_callback(
1259+
///
1260+
/// # Safety
1261+
///
1262+
/// - This function may only be called from the cpufreq C infrastructure.
1263+
unsafe extern "C" fn adjust_perf_callback(
12161264
cpu: u32,
12171265
min_perf: usize,
12181266
target_perf: usize,
@@ -1225,8 +1273,11 @@ impl<T: Driver> Registration<T> {
12251273

12261274
/// Driver's `get_intermediate` callback.
12271275
///
1228-
/// SAFETY: Called from C. Inputs must be valid pointers.
1229-
extern "C" fn get_intermediate_callback(
1276+
/// # Safety
1277+
///
1278+
/// - This function may only be called from the cpufreq C infrastructure.
1279+
/// - The pointer arguments must be valid pointers.
1280+
unsafe extern "C" fn get_intermediate_callback(
12301281
ptr: *mut bindings::cpufreq_policy,
12311282
index: u32,
12321283
) -> kernel::ffi::c_uint {
@@ -1243,8 +1294,11 @@ impl<T: Driver> Registration<T> {
12431294

12441295
/// Driver's `target_intermediate` callback.
12451296
///
1246-
/// SAFETY: Called from C. Inputs must be valid pointers.
1247-
extern "C" fn target_intermediate_callback(
1297+
/// # Safety
1298+
///
1299+
/// - This function may only be called from the cpufreq C infrastructure.
1300+
/// - The pointer arguments must be valid pointers.
1301+
unsafe extern "C" fn target_intermediate_callback(
12481302
ptr: *mut bindings::cpufreq_policy,
12491303
index: u32,
12501304
) -> kernel::ffi::c_int {
@@ -1262,12 +1316,21 @@ impl<T: Driver> Registration<T> {
12621316
}
12631317

12641318
/// Driver's `get` callback.
1265-
extern "C" fn get_callback(cpu: u32) -> kernel::ffi::c_uint {
1319+
///
1320+
/// # Safety
1321+
///
1322+
/// - This function may only be called from the cpufreq C infrastructure.
1323+
unsafe extern "C" fn get_callback(cpu: u32) -> kernel::ffi::c_uint {
12661324
PolicyCpu::from_cpu(cpu).map_or(0, |mut policy| T::get(&mut policy).map_or(0, |f| f))
12671325
}
12681326

12691327
/// Driver's `update_limit` callback.
1270-
extern "C" fn update_limits_callback(ptr: *mut bindings::cpufreq_policy) {
1328+
///
1329+
/// # Safety
1330+
///
1331+
/// - This function may only be called from the cpufreq C infrastructure.
1332+
/// - The pointer arguments must be valid pointers.
1333+
unsafe extern "C" fn update_limits_callback(ptr: *mut bindings::cpufreq_policy) {
12711334
// SAFETY: The `ptr` is guaranteed to be valid by the contract with the C code for the
12721335
// lifetime of `policy`.
12731336
let policy = unsafe { Policy::from_raw_mut(ptr) };
@@ -1276,8 +1339,11 @@ impl<T: Driver> Registration<T> {
12761339

12771340
/// Driver's `bios_limit` callback.
12781341
///
1279-
/// SAFETY: Called from C. Inputs must be valid pointers.
1280-
extern "C" fn bios_limit_callback(cpu: i32, limit: *mut u32) -> kernel::ffi::c_int {
1342+
/// # Safety
1343+
///
1344+
/// - This function may only be called from the cpufreq C infrastructure.
1345+
/// - The pointer arguments must be valid pointers.
1346+
unsafe extern "C" fn bios_limit_callback(cpu: i32, limit: *mut u32) -> kernel::ffi::c_int {
12811347
from_result(|| {
12821348
let mut policy = PolicyCpu::from_cpu(cpu as u32)?;
12831349

@@ -1288,8 +1354,11 @@ impl<T: Driver> Registration<T> {
12881354

12891355
/// Driver's `set_boost` callback.
12901356
///
1291-
/// SAFETY: Called from C. Inputs must be valid pointers.
1292-
extern "C" fn set_boost_callback(
1357+
/// # Safety
1358+
///
1359+
/// - This function may only be called from the cpufreq C infrastructure.
1360+
/// - The pointer arguments must be valid pointers.
1361+
unsafe extern "C" fn set_boost_callback(
12931362
ptr: *mut bindings::cpufreq_policy,
12941363
state: i32,
12951364
) -> kernel::ffi::c_int {
@@ -1303,8 +1372,11 @@ impl<T: Driver> Registration<T> {
13031372

13041373
/// Driver's `register_em` callback.
13051374
///
1306-
/// SAFETY: Called from C. Inputs must be valid pointers.
1307-
extern "C" fn register_em_callback(ptr: *mut bindings::cpufreq_policy) {
1375+
/// # Safety
1376+
///
1377+
/// - This function may only be called from the cpufreq C infrastructure.
1378+
/// - The pointer arguments must be valid pointers.
1379+
unsafe extern "C" fn register_em_callback(ptr: *mut bindings::cpufreq_policy) {
13081380
// SAFETY: The `ptr` is guaranteed to be valid by the contract with the C code for the
13091381
// lifetime of `policy`.
13101382
let policy = unsafe { Policy::from_raw_mut(ptr) };

0 commit comments

Comments
 (0)