Apply suggestions from code review

LawrenceEsswood · bradjc · web-flow · commit 1f5fe2b968fd · 2025-04-07T22:05:46.000+01:00
Mostly comment changes

Co-authored-by: Brad Campbell &lt;bradjc5@gmail.com&gt;
diff --git a/kernel/src/platform/mpu.rs b/kernel/src/platform/mpu.rs
@@ -125,9 +125,10 @@ pub trait MPU {
     fn enable_app_mpu(&self);
 
     /// Notify the MPU there is a new process.
+    ///
     /// We do NOT provide the config argument here
     /// as doing so blocks the MPU from allocating
-    /// in the grant region for the pprocess.
+    /// in the grant region for the process.
     fn new_process(&self, _app_id: ProcessId) {}
 
     /// Disables the MPU for userspace apps.
@@ -214,8 +215,11 @@ pub trait MPU {
         Ok(RemoveRegionResult::Sync)
     }
 
-    /// Actually revoke regions previously requested with remove_memory_region
-    /// Safety: no LiveARef or LivePRef may exist to any memory that might be revoked,
+    /// Actually revoke regions previously requested with remove_memory_region.
+    ///
+    /// ### Safety
+    ///
+    /// No LiveARef or LivePRef may exist to any memory that might be revoked,
     /// Nor may any grants be entered via the legacy mechanism if allowed memory might be revoked.
     #[allow(unused_variables)]
     unsafe fn revoke_regions(
diff --git a/kernel/src/process.rs b/kernel/src/process.rs
@@ -703,7 +703,9 @@ pub trait Process {
 
     /// Actually revoke regions previously requested with remove_memory_region.
     ///
-    /// Safety: no grants for this process can be entered/open when this is called. I.e. this
+    /// ### Safety
+    ///
+    /// No grants for this process can be entered/open when this is called. I.e. this
     /// should never be called downstream from a capsule.
     unsafe fn revoke_regions(&self) -> Result<(), ErrorCode>;
 
diff --git a/kernel/src/process_standard.rs b/kernel/src/process_standard.rs
@@ -860,9 +860,6 @@ impl<C: Chip, D: 'static + ProcessStandardDebug> Process for ProcessStandard<'_,
         })
     }
 
-    /// Actually revoke regions previously requested with remove_memory_region
-    /// Safety: no LiveARef or LivePRef may exist to any memory that might be revoked,
-    /// Nor may any grants be entered via the legacy mechanism if allowed memory might be revoked.
     unsafe fn revoke_regions(&self) -> Result<(), ErrorCode> {
         self.mpu_config.map_or(Err(ErrorCode::INVAL), |config| {
             let result = unsafe { self.chip.mpu().revoke_regions(config, self) };
diff --git a/kernel/src/utilities/capability_ptr.rs b/kernel/src/utilities/capability_ptr.rs
@@ -203,7 +203,6 @@ impl CapabilityPtr {
     /// serve as the only memory isolation primitive in the system, this method
     /// can thus break Tock's isolation model. As semi-trusted kernel code can
     /// name this type and method, it is thus marked as `unsafe`.
-    ///
     #[inline]
     pub unsafe fn new_with_authority(
         ptr: *const (),

Original file line number	Diff line number	Diff line change
`@@ -860,9 +860,6 @@ impl<C: Chip, D: 'static + ProcessStandardDebug> Process for ProcessStandard<'_,`
`860`	`860`	`})`
`861`	`861`	`}`
`862`	`862`
`863`		`- /// Actually revoke regions previously requested with remove_memory_region`
`864`		`- /// Safety: no LiveARef or LivePRef may exist to any memory that might be revoked,`
`865`		`- /// Nor may any grants be entered via the legacy mechanism if allowed memory might be revoked.`
`866`	`863`	`unsafe fn revoke_regions(&self) -> Result<(), ErrorCode> {`
`867`	`864`	`self.mpu_config.map_or(Err(ErrorCode::INVAL), \|config\| {`
`868`	`865`	`let result = unsafe { self.chip.mpu().revoke_regions(config, self) };`