summary refs log tree commit diff
path: root/crosvm_plugin
diff options
context:
space:
mode:
authorDavid Tolnay <dtolnay@chromium.org>2019-04-12 16:57:48 -0700
committerchrome-bot <chrome-bot@chromium.org>2019-04-18 19:51:29 -0700
commit4b292afafcd44ca3fc34f483a8edb455a3212cb5 (patch)
tree868bdb3122e088e33836cd48608d23518ee5a1d0 /crosvm_plugin
parentdc4effa72b214bc3bd14ca2f7772ab1b728aef5b (diff)
downloadcrosvm-4b292afafcd44ca3fc34f483a8edb455a3212cb5.tar
crosvm-4b292afafcd44ca3fc34f483a8edb455a3212cb5.tar.gz
crosvm-4b292afafcd44ca3fc34f483a8edb455a3212cb5.tar.bz2
crosvm-4b292afafcd44ca3fc34f483a8edb455a3212cb5.tar.lz
crosvm-4b292afafcd44ca3fc34f483a8edb455a3212cb5.tar.xz
crosvm-4b292afafcd44ca3fc34f483a8edb455a3212cb5.tar.zst
crosvm-4b292afafcd44ca3fc34f483a8edb455a3212cb5.zip
clippy: Resolve cast_ptr_alignment
This CL fixes four cases of what I believe are undefined behavior:

  - In vhost where the original code allocates a Vec<u8> with 1-byte
    alignment and casts the Vec's data pointer to a &mut vhost_memory
    which is required to be 8-byte aligned. Underaligned references of
    type &T or &mut T are always undefined behavior in Rust.

  - Same pattern in x86_64.

  - Same pattern in plugin::vcpu.

  - Code in crosvm_plugin that dereferences a potentially underaligned
    pointer. This is always undefined behavior in Rust.

TEST=bin/clippy
TEST=cargo test sys_util

Change-Id: I926f17b1fe022a798f69d738f9990d548f40c59b
Reviewed-on: https://chromium-review.googlesource.com/1566736
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
Diffstat (limited to 'crosvm_plugin')
-rw-r--r--crosvm_plugin/src/lib.rs17
1 files changed, 12 insertions, 5 deletions
diff --git a/crosvm_plugin/src/lib.rs b/crosvm_plugin/src/lib.rs
index eb2cf21..a334505 100644
--- a/crosvm_plugin/src/lib.rs
+++ b/crosvm_plugin/src/lib.rs
@@ -21,7 +21,7 @@ use std::mem::{size_of, swap};
 use std::os::raw::{c_int, c_void};
 use std::os::unix::io::{AsRawFd, FromRawFd, IntoRawFd, RawFd};
 use std::os::unix::net::UnixDatagram;
-use std::ptr::null_mut;
+use std::ptr::{self, null_mut};
 use std::result;
 use std::slice;
 use std::slice::{from_raw_parts, from_raw_parts_mut};
@@ -682,6 +682,13 @@ pub struct crosvm_io_event {
 }
 
 impl crosvm_io_event {
+    // Clippy: we use ptr::read_unaligned to read from pointers that may be
+    // underaligned. Dereferencing such a pointer is always undefined behavior
+    // in Rust.
+    //
+    // Lint can be unsuppressed once Clippy recognizes this pattern as correct.
+    // https://github.com/rust-lang/rust-clippy/issues/2881
+    #[allow(clippy::cast_ptr_alignment)]
     unsafe fn create(
         crosvm: &mut crosvm,
         space: u32,
@@ -691,10 +698,10 @@ impl crosvm_io_event {
     ) -> result::Result<crosvm_io_event, c_int> {
         let datamatch = match length {
             0 => 0,
-            1 => *(datamatch as *const u8) as u64,
-            2 => *(datamatch as *const u16) as u64,
-            4 => *(datamatch as *const u32) as u64,
-            8 => *(datamatch as *const u64) as u64,
+            1 => ptr::read_unaligned(datamatch as *const u8) as u64,
+            2 => ptr::read_unaligned(datamatch as *const u16) as u64,
+            4 => ptr::read_unaligned(datamatch as *const u32) as u64,
+            8 => ptr::read_unaligned(datamatch as *const u64),
             _ => return Err(EINVAL),
         };
         Self::safe_create(crosvm, space, addr, length, datamatch)
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-04-28 21:39:02 +0000