-
Notifications
You must be signed in to change notification settings - Fork 675
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Actually mark mmap and related functions as unsafe
#559
Conversation
The nix::sys::mman::mmap documentation says > Calls to mmap are inherently unsafe, so they must be made in an unsafe block. however, the function was not actually marked unsafe. * `munmap` should also be `unsafe` for obvious reasons. * `madvise` should be `unsafe` because of the MADV_DONTNEED flag. * `mlock` was already marked `unsafe` * `munlock` and `msync` don't strictly need to be `unsafe` despite taking pointers AFAICT, but are marked `unsafe` for consistency and in case they add additional flags in the future.
Thanks for the PR! Re
Could you explain why |
Oh and could you add a note to the changelog mentioning these changes? Thanks! |
|
I'd lean towards marking them safe, but maybe unsafe is safer initially. I'm not really all that familiar with semantics of this stuff.
Oh interesting. It sounds as though it could cause unsafety in another program that mapped an overlapping region of the same file. Marking it unsafe for now sounds right. We should ask someone with a better handle on what's considered unsafe / undefined eventually. |
Summary: I'd be fine with marking these all as unsafe, since removing unsafe later is not a breaking change. |
Ok, added a changelog entry. |
Add section headings, commenting out unused ones.
Thanks @kevinmehall! @homu r+ |
📌 Commit 902f281 has been approved by |
Actually mark mmap and related functions as `unsafe` The nix::sys::mman::mmap documentation says > Calls to mmap are inherently unsafe, so they must be made in an unsafe block. however, the function was not actually marked unsafe. * `munmap` should also be `unsafe` for obvious reasons. * `madvise` should be `unsafe` because of the `MADV_DONTNEED` flag. * `mlock` was already marked `unsafe` * `munlock` and `msync` don't strictly need to be `unsafe` despite taking pointers AFAICT, but are marked `unsafe` for consistency and in case they add additional flags in the future. [breaking-change]
☀️ Test successful - status |
The nix::sys::mman::mmap documentation says
however, the function was not actually marked unsafe.
munmap
should also beunsafe
for obvious reasons.madvise
should beunsafe
because of theMADV_DONTNEED
flag.mlock
was already markedunsafe
munlock
andmsync
don't strictly need to beunsafe
despitetaking pointers AFAICT, but are marked
unsafe
for consistency and incase they add additional flags in the future.
[breaking-change]