Constructor should be unsafe.

qwandor · qwandor · commit bfe616fb2807 · 2022-04-06T15:05:10.000+01:00
diff --git a/uart8250/src/registers.rs b/uart8250/src/registers.rs
@@ -206,7 +206,7 @@ register_bitfields![
 
 impl Registers {
     /// Constructs a new instance of the UART registers starting at the given base address.
-    pub fn from_base_address(base_address: usize) -> &'static mut Self {
-        unsafe { &mut *(base_address as *mut crate::registers::Registers) }
+    pub unsafe fn from_base_address(base_address: usize) -> &'static mut Self {
+        &mut *(base_address as *mut crate::registers::Registers)
     }
 }
diff --git a/uart8250/src/uart.rs b/uart8250/src/uart.rs
@@ -21,7 +21,13 @@ pub struct MmioUart8250<'a> {
 
 impl<'a> MmioUart8250<'a> {
     /// Creates a new UART.
-    pub fn new(base_address: usize) -> Self {
+    ///
+    /// # Safety
+    ///
+    /// The given base address must point to the 8 MMIO control registers of an appropriate UART
+    /// device, which must be mapped into the address space of the process as device memory and not
+    /// have any other aliases.
+    pub unsafe fn new(base_address: usize) -> Self {
         Self {
             reg: Registers::from_base_address(base_address),
         }
@@ -49,7 +55,13 @@ impl<'a> MmioUart8250<'a> {
     }
 
     /// Sets a new base address for the UART.
-    pub fn set_base_address(&mut self, base_address: usize) {
+    ///
+    /// # Safety
+    ///
+    /// The given base address must point to the 8 MMIO control registers of an appropriate UART
+    /// device, which must be mapped into the address space of the process as device memory and not
+    /// have any other aliases.
+    pub unsafe fn set_base_address(&mut self, base_address: usize) {
         self.reg = Registers::from_base_address(base_address);
     }
 
@@ -434,7 +446,7 @@ mod tests {
         // Create a fake UART using an in-memory buffer, and check that it is initialised as
         // expected.
         let mut fake_registers: [u8; 8] = [0xff; 8];
-        let uart = MmioUart8250::new(&mut fake_registers as *mut u8 as usize);
+        let uart = unsafe { MmioUart8250::new(&mut fake_registers as *mut u8 as usize) };
 
         uart.init(11_059_200, 115200);
 
@@ -447,7 +459,7 @@ mod tests {
     #[test]
     fn write() {
         let mut fake_registers: [u8; 8] = [0; 8];
-        let uart = MmioUart8250::new(&mut fake_registers as *mut u8 as usize);
+        let uart = unsafe { MmioUart8250::new(&mut fake_registers as *mut u8 as usize) };
         uart.init(11_059_200, 115200);
 
         uart.write_byte(0x42);
@@ -458,7 +470,7 @@ mod tests {
     #[test]
     fn read() {
         let mut fake_registers: [u8; 8] = [0; 8];
-        let uart = MmioUart8250::new(&mut fake_registers as *mut u8 as usize);
+        let uart = unsafe { MmioUart8250::new(&mut fake_registers as *mut u8 as usize) };
         uart.init(11_059_200, 115200);
 
         // First try to read when there is nothing available.

Original file line number	Diff line number	Diff line change
`@@ -206,7 +206,7 @@ register_bitfields![`
`206`	`206`
`207`	`207`	`impl Registers {`
`208`	`208`	`/// Constructs a new instance of the UART registers starting at the given base address.`
`209`		`- pub fn from_base_address(base_address: usize) -> &'static mut Self {`
`210`		`- unsafe { &mut (base_address as mut crate::registers::Registers) }`
	`209`	`+ pub unsafe fn from_base_address(base_address: usize) -> &'static mut Self {`
	`210`	`+ &mut (base_address as mut crate::registers::Registers)`
`211`	`211`	`}`
`212`	`212`	`}`