block_util: modify or provide safety comments

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2025-01-21 20:15:21 +00:00 · 2022-11-16 22:29:18 +00:00 · 2022-11-16 22:29:18 +00:00 · f110029acf
commit f110029acf
parent 8a7f4b47cb
3 changed files with 10 additions and 3 deletions
--- a/block_util/src/async_io.rs
+++ b/block_util/src/async_io.rs
@ -54,11 +54,13 @@ enum BlockSize {
 impl DiskTopology {
    fn is_block_device(f: &mut File) -> std::io::Result<bool> {
        let mut stat = std::mem::MaybeUninit::<libc::stat>::uninit();
+        // SAFETY: FFI call with a valid fd and buffer
        let ret = unsafe { libc::fstat(f.as_raw_fd(), stat.as_mut_ptr()) };
        if ret != 0 {
            return Err(std::io::Error::last_os_error());
        }

+        // SAFETY: stat is valid at this point
        let is_block = unsafe { (*stat.as_ptr()).st_mode & S_IFMT == S_IFBLK };
        Ok(is_block)
    }
@ -67,6 +69,7 @@ impl DiskTopology {
    #[allow(clippy::useless_conversion)]
    fn query_block_size(f: &mut File, block_size_type: BlockSize) -> std::io::Result<u64> {
        let mut block_size = 0;
+        // SAFETY: FFI call with correct arguments
        let ret = unsafe {
            ioctl(
                f.as_raw_fd(),
--- a/block_util/src/raw_async.rs
+++ b/block_util/src/raw_async.rs
@ -81,7 +81,7 @@ impl AsyncIo for RawFileAsync {
    ) -> AsyncIoResult<()> {
        let (submitter, mut sq, _) = self.io_uring.split();

-        // Safe because we know the file descriptor is valid and we
+        // SAFETY: we know the file descriptor is valid and we
        // relied on vm-memory to provide the buffer address.
        let _ = unsafe {
            sq.push(
@ -109,7 +109,7 @@ impl AsyncIo for RawFileAsync {
    ) -> AsyncIoResult<()> {
        let (submitter, mut sq, _) = self.io_uring.split();

-        // Safe because we know the file descriptor is valid and we
+        // SAFETY: we know the file descriptor is valid and we
        // relied on vm-memory to provide the buffer address.
        let _ = unsafe {
            sq.push(
@ -133,7 +133,7 @@ impl AsyncIo for RawFileAsync {
        if let Some(user_data) = user_data {
            let (submitter, mut sq, _) = self.io_uring.split();

-            // Safe because we know the file descriptor is valid.
+            // SAFETY: we know the file descriptor is valid.
            let _ = unsafe {
                sq.push(
                    &opcode::Fsync::new(types::Fd(self.fd))
@ -148,6 +148,7 @@ impl AsyncIo for RawFileAsync {
            sq.sync();
            submitter.submit().map_err(AsyncIoError::Fsync)?;
        } else {
+            // SAFETY: FFI call with a valid fd
            unsafe { libc::fsync(self.fd) };
        }

--- a/block_util/src/raw_sync.rs
+++ b/block_util/src/raw_sync.rs
@ -68,6 +68,7 @@ impl AsyncIo for RawFileSync {
        iovecs: Vec<libc::iovec>,
        user_data: u64,
    ) -> AsyncIoResult<()> {
+        // SAFETY: FFI call with valid arguments
        let result = unsafe {
            libc::preadv(
                self.fd as libc::c_int,
@ -92,6 +93,7 @@ impl AsyncIo for RawFileSync {
        iovecs: Vec<libc::iovec>,
        user_data: u64,
    ) -> AsyncIoResult<()> {
+        // SAFETY: FFI call with valid arguments
        let result = unsafe {
            libc::pwritev(
                self.fd as libc::c_int,
@ -111,6 +113,7 @@ impl AsyncIo for RawFileSync {
    }

    fn fsync(&mut self, user_data: Option<u64>) -> AsyncIoResult<()> {
+        // SAFETY: FFI call
        let result = unsafe { libc::fsync(self.fd as libc::c_int) };
        if result < 0 {
            return Err(AsyncIoError::Fsync(std::io::Error::last_os_error()));