@@ -14,10 +14,14 @@ unsafe impl GlobalAlloc for KernelAllocator {
1414 unsafe fn alloc ( & self , layout : Layout ) -> * mut u8 {
1515 // `krealloc()` is used instead of `kmalloc()` because the latter is
1616 // an inline function and cannot be bound to as a result.
17+ // SAFETY: FFI call.
1718 unsafe { bindings:: krealloc ( ptr:: null ( ) , layout. size ( ) , bindings:: GFP_KERNEL ) as * mut u8 }
1819 }
1920
2021 unsafe fn dealloc ( & self , ptr : * mut u8 , _layout : Layout ) {
22+ // SAFETY: the caller must guarantee that `ptr` and `layout` denote memory
23+ // allocated by this allocator, so allocated with `kmalloc`.
24+ // FFI call.
2125 unsafe {
2226 bindings:: kfree ( ptr as * const c_types:: c_void ) ;
2327 }
@@ -32,16 +36,21 @@ static ALLOCATOR: KernelAllocator = KernelAllocator;
3236// let's generate them ourselves instead.
3337#[ no_mangle]
3438pub fn __rust_alloc ( size : usize , _align : usize ) -> * mut u8 {
39+ // SAFETY: FFI call.
3540 unsafe { bindings:: krealloc ( core:: ptr:: null ( ) , size, bindings:: GFP_KERNEL ) as * mut u8 }
3641}
3742
3843#[ no_mangle]
3944pub fn __rust_dealloc ( ptr : * mut u8 , _size : usize , _align : usize ) {
45+ // SAFETY: the caller must guarantee that `ptr` and `layout` denote memory
46+ // allocated by this allocator, so allocated with `kmalloc`.
47+ // FFI call.
4048 unsafe { bindings:: kfree ( ptr as * const c_types:: c_void ) } ;
4149}
4250
4351#[ no_mangle]
4452pub fn __rust_realloc ( ptr : * mut u8 , _old_size : usize , _align : usize , new_size : usize ) -> * mut u8 {
53+ // SAFETY: FFI call.
4554 unsafe {
4655 bindings:: krealloc (
4756 ptr as * const c_types:: c_void ,
@@ -53,6 +62,7 @@ pub fn __rust_realloc(ptr: *mut u8, _old_size: usize, _align: usize, new_size: u
5362
5463#[ no_mangle]
5564pub fn __rust_alloc_zeroed ( size : usize , _align : usize ) -> * mut u8 {
65+ // SAFETY: FFI call.
5666 unsafe {
5767 bindings:: krealloc (
5868 core:: ptr:: null ( ) ,
0 commit comments