Ensure ThisModule invariants hold
#212
Labels
• lib
Related to the `rust/` library.
Comments
This was referenced Apr 22, 2021
|
IMHO we should make stuff like ThisModule as repr transparent. Currently it probably gets optimized to that repr, but it's not guranteed. This also lets other code outside the kernel crate access the internal value with unsafe code. But that's always possible somehow. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
i.e. do not allow to create
ThisModules without going through the constructor, even inside thekernelcrate.In addition, we should ensure the pointer is not passed to other modules. A solution would be to only allow to read the pointer through an unsafe
get()method inThisModulewhich explains this restriction and making theget()private outsidekernel(i.e. kernel modules should not need to access the pointer insideThisModulesince they should not be calling the C bindings directly).Furthermore, as a bonus, it would be nice to have a lint to warn about code creating
ThisModule's objects on their own. In general, modules should only use theTHIS_MODULEstaticprovided viamodule!.Finally, update the documentation as needed (e.g. currently we don't have an
# Invariantsin the doc comments).The text was updated successfully, but these errors were encountered: