[PATCH] rust: io: require proper alignment in the safety contracts of `IoCapable`
From: Alexandre Courbot
Date: Mon Jun 08 2026 - 04:15:09 EST
The addresses passed to `io_read` and `io_write` must be properly
aligned, but the safety contract only mentions a valid range as a
requirement.
Add alignment to the requirements. The existing call sites already
obtain the address through `io_addr()` or `io_addr_assert(),` which
both check alignment, so no code changes are needed to them.
Signed-off-by: Alexandre Courbot <acourbot@xxxxxxxxxx>
---
I noticed this when reviewing the GEM SHMEM series; it is probably better to
explicitly mention this requirement.
---
rust/kernel/io.rs | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/rust/kernel/io.rs b/rust/kernel/io.rs
index fcc7678fd9e3..854932d1cb72 100644
--- a/rust/kernel/io.rs
+++ b/rust/kernel/io.rs
@@ -166,14 +166,16 @@ pub trait IoCapable<T> {
///
/// # Safety
///
- /// The range `[address..address + size_of::<T>()]` must be within the bounds of `Self`.
+ /// - The range `[address..address + size_of::<T>()]` must be within the bounds of `Self`.
+ /// - `address` must be properly aligned for `T`.
unsafe fn io_read(&self, address: usize) -> T;
/// Performs an I/O write of `value` at `address`.
///
/// # Safety
///
- /// The range `[address..address + size_of::<T>()]` must be within the bounds of `Self`.
+ /// - The range `[address..address + size_of::<T>()]` must be within the bounds of `Self`.
+ /// - `address` must be properly aligned for `T`.
unsafe fn io_write(&self, value: T, address: usize);
}
---
base-commit: 46def663dd34da36464ba059f7cfeacf29d98e5e
change-id: 20260607-iocapable-align-fa8bf1ac7208
Best regards,
--
Alexandre Courbot <acourbot@xxxxxxxxxx>