Standardise and add safety comments.
These will soon be required by a lint.
Bug: 290018030
Test: m rust
Change-Id: If62281a5eb2160061a11f28588b7a14e32ce265b
diff --git a/microdroid_manager/src/dice.rs b/microdroid_manager/src/dice.rs
index bacefcd..8e078ea 100644
--- a/microdroid_manager/src/dice.rs
+++ b/microdroid_manager/src/dice.rs
@@ -78,7 +78,7 @@
let mmap_size =
file.read_u64::<NativeEndian>()
.map_err(|error| Error::new(error).context("Reading driver"))? as usize;
- // It's safe to map the driver as the service will only create a single
+ // SAFETY: It's safe to map the driver as the service will only create a single
// mapping per process.
let mmap_addr = unsafe {
let fd = file.as_raw_fd();
@@ -87,10 +87,10 @@
if mmap_addr == MAP_FAILED {
bail!("Failed to mmap {:?}", driver_path);
}
- // The slice is created for the region of memory that was just
+ let mmap_buf =
+ // SAFETY: The slice is created for the region of memory that was just
// successfully mapped into the process address space so it will be
// accessible and not referenced from anywhere else.
- let mmap_buf =
unsafe { slice::from_raw_parts((mmap_addr as *const u8).as_ref().unwrap(), mmap_size) };
let bcc_handover =
bcc_handover_parse(mmap_buf).map_err(|_| anyhow!("Failed to parse Bcc Handover"))?;
@@ -149,9 +149,9 @@
impl Drop for DiceDriver<'_> {
fn drop(&mut self) {
if let &mut Self::Real { mmap_addr, mmap_size, .. } = self {
- // All references to the mapped region have the same lifetime as self. Since self is
- // being dropped, so are all the references to the mapped region meaning its safe to
- // unmap.
+ // SAFETY: All references to the mapped region have the same lifetime as self. Since
+ // self is being dropped, so are all the references to the mapped region meaning it's
+ // safe to unmap.
let ret = unsafe { munmap(mmap_addr, mmap_size) };
if ret != 0 {
log::warn!("Failed to munmap ({})", ret);