diff options
| author | Danilo Krummrich <dakr@kernel.org> | 2025-03-15 16:43:02 +0100 |
|---|---|---|
| committer | Danilo Krummrich <dakr@kernel.org> | 2025-04-07 14:02:56 +0200 |
| commit | fb1bf1067de979c89ae33589e0466d6ce0dde204 (patch) | |
| tree | afc4b2bdf632b1b5c7afcd708fbd9e0fb8f2a1bf /rust/kernel/alloc/kvec.rs | |
| parent | 0af2f6be1b4281385b618cb86ad946eded089ac8 (diff) | |
rust: alloc: add missing invariant in Vec::set_len()
When setting a new length, we have to justify that the set length
represents the exact number of elements stored in the vector.
Reviewed-by: Benno Lossin <benno.lossin@proton.me>
Reported-by: Alice Ryhl <aliceryhl@google.com>
Closes: https://lore.kernel.org/rust-for-linux/20250311-iov-iter-v1-4-f6c9134ea824@google.com
Fixes: 2aac4cd7dae3 ("rust: alloc: implement kernel `Vec` type")
Link: https://lore.kernel.org/r/20250315154436.65065-2-dakr@kernel.org
Signed-off-by: Danilo Krummrich <dakr@kernel.org>
Diffstat (limited to 'rust/kernel/alloc/kvec.rs')
| -rw-r--r-- | rust/kernel/alloc/kvec.rs | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/rust/kernel/alloc/kvec.rs b/rust/kernel/alloc/kvec.rs index ae9d072741ce..b01dabfe35aa 100644 --- a/rust/kernel/alloc/kvec.rs +++ b/rust/kernel/alloc/kvec.rs @@ -193,6 +193,9 @@ where #[inline] pub unsafe fn set_len(&mut self, new_len: usize) { debug_assert!(new_len <= self.capacity()); + + // INVARIANT: By the safety requirements of this method `new_len` represents the exact + // number of elements stored within `self`. self.len = new_len; } |