drm/asahi: render: Clippy fixes

hoshinolina · hoshinolina · commit f5743f0b2acc · 2025-02-03T07:38:24.000+09:00
Signed-off-by: Asahi Lina &lt;lina@asahilina.net&gt;
diff --git a/drivers/gpu/drm/asahi/queue/render.rs b/drivers/gpu/drm/asahi/queue/render.rs
@@ -88,7 +88,7 @@ impl super::QueueInner::ver {
             return Err(EINVAL);
         }
 
-        // Overflow safety: all these calculations are done in u32.
+        // This is overflow safe: all these calculations are done in u32.
         // At 64Kx64K max dimensions above, this is 2**32 pixels max.
         // In terms of tiles that are always larger than one pixel,
         // this can never overflow. Note that real actual dimensions
@@ -232,6 +232,7 @@ impl super::QueueInner::ver {
 
         let cmdbuf_read_size =
             (cmd.cmd_buffer_size as usize).min(core::mem::size_of::<uapi::drm_asahi_cmd_render>());
+        // SAFETY: This is the sole UserSlicePtr instance for this cmd_buffer.
         let mut cmdbuf_reader = unsafe {
             UserSlicePtr::new(
                 cmd.cmd_buffer as usize as *mut _,
@@ -241,6 +242,8 @@ impl super::QueueInner::ver {
         };
 
         let mut cmdbuf: uapi::drm_asahi_cmd_render = Default::default();
+        // SAFETY: The output pointer is valid, and the size does not exceed the type size
+        // per the min() above, and all bit patterns are valid.
         unsafe {
             cmdbuf_reader.read_raw(&mut cmdbuf as *mut _ as *mut u8, cmdbuf_read_size)?;
         }
@@ -280,6 +283,9 @@ impl super::QueueInner::ver {
         let mut ext_ptr = cmdbuf.extensions;
         while ext_ptr != 0 {
             let ext_type = u32::from_ne_bytes(
+                // SAFETY: There is a double read from userspace here, but there is no TOCTOU
+                // issue since at worst the extension parse below will read garbage, and
+                // we do not trust any fields anyway.
                 unsafe { UserSlicePtr::new(ext_ptr as usize as *mut _, 4) }
                     .read_all()?
                     .try_into()
@@ -292,13 +298,16 @@ impl super::QueueInner::ver {
                         cls_pr_debug!(Errors, "Overrides not enabled\n");
                         return Err(EINVAL);
                     }
+                    // SAFETY: See above
                     let mut ext_reader = unsafe {
                         UserSlicePtr::new(
                             ext_ptr as usize as *mut _,
                             core::mem::size_of::<uapi::drm_asahi_cmd_render_unknowns>(),
                         )
                         .reader()
                     };
+                    // SAFETY: The output buffer is valid and of the correct size, and all bit
+                    // patterns are valid.
                     unsafe {
                         ext_reader.read_raw(
                             &mut unks as *mut _ as *mut u8,
@@ -312,13 +321,16 @@ impl super::QueueInner::ver {
                     let mut ext_user_timestamps: uapi::drm_asahi_cmd_render_user_timestamps =
                         Default::default();
 
+                    // SAFETY: See above
                     let mut ext_reader = unsafe {
                         UserSlicePtr::new(
                             ext_ptr as usize as *mut _,
                             core::mem::size_of::<uapi::drm_asahi_cmd_render_user_timestamps>(),
                         )
                         .reader()
                     };
+                    // SAFETY: The output buffer is valid and of the correct size, and all bit
+                    // patterns are valid.
                     unsafe {
                         ext_reader.read_raw(
                             &mut ext_user_timestamps as *mut _ as *mut u8,
