Re: [PATCH] rust: io: require proper alignment in the safety contracts of `IoCapable`
From: Gary Guo
Date: Mon Jun 08 2026 - 07:04:41 EST
On Mon Jun 8, 2026 at 9:14 AM BST, Alexandre Courbot wrote:
> The addresses passed to `io_read` and `io_write` must be properly
> aligned, but the safety contract only mentions a valid range as a
> requirement.
>
> Add alignment to the requirements. The existing call sites already
> obtain the address through `io_addr()` or `io_addr_assert(),` which
> both check alignment, so no code changes are needed to them.
>
> Signed-off-by: Alexandre Courbot <acourbot@xxxxxxxxxx>
There is
https://lore.kernel.org/rust-for-linux/20260421-io_projection-v2-4-4c251c692ef4@xxxxxxxxxxx/.
Although this patch will be gone from v3, as `IoCapable` is not going to be
unsafe anymore.
Best,
Gary
> ---
> I noticed this when reviewing the GEM SHMEM series; it is probably better to
> explicitly mention this requirement.
> ---
> rust/kernel/io.rs | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/rust/kernel/io.rs b/rust/kernel/io.rs
> index fcc7678fd9e3..854932d1cb72 100644
> --- a/rust/kernel/io.rs
> +++ b/rust/kernel/io.rs
> @@ -166,14 +166,16 @@ pub trait IoCapable<T> {
> ///
> /// # Safety
> ///
> - /// The range `[address..address + size_of::<T>()]` must be within the bounds of `Self`.
> + /// - The range `[address..address + size_of::<T>()]` must be within the bounds of `Self`.
> + /// - `address` must be properly aligned for `T`.
> unsafe fn io_read(&self, address: usize) -> T;
>
> /// Performs an I/O write of `value` at `address`.
> ///
> /// # Safety
> ///
> - /// The range `[address..address + size_of::<T>()]` must be within the bounds of `Self`.
> + /// - The range `[address..address + size_of::<T>()]` must be within the bounds of `Self`.
> + /// - `address` must be properly aligned for `T`.
> unsafe fn io_write(&self, value: T, address: usize);
> }
>
>
> ---
> base-commit: 46def663dd34da36464ba059f7cfeacf29d98e5e
> change-id: 20260607-iocapable-align-fa8bf1ac7208
>
> Best regards,
> --
> Alexandre Courbot <acourbot@xxxxxxxxxx>