From: Danilo Krummrich <dakr@kernel.org>
Date: Sat, 15 Mar 2025 15:43:02 +0000 (+0100)
Subject: rust: alloc: add missing invariant in Vec::set_len()
X-Git-Tag: v6.16-rc1~45^2~33^2~15
X-Git-Url: https://git.kernel.dk/?a=commitdiff_plain;h=fb1bf1067de979c89ae33589e0466d6ce0dde204;p=linux-block.git

rust: alloc: add missing invariant in Vec::set_len()

When setting a new length, we have to justify that the set length
represents the exact number of elements stored in the vector.

Reviewed-by: Benno Lossin <benno.lossin@proton.me>
Reported-by: Alice Ryhl <aliceryhl@google.com>
Closes: https://lore.kernel.org/rust-for-linux/20250311-iov-iter-v1-4-f6c9134ea824@google.com
Fixes: 2aac4cd7dae3 ("rust: alloc: implement kernel `Vec` type")
Link: https://lore.kernel.org/r/20250315154436.65065-2-dakr@kernel.org
Signed-off-by: Danilo Krummrich <dakr@kernel.org>
---

diff --git a/rust/kernel/alloc/kvec.rs b/rust/kernel/alloc/kvec.rs
index ae9d072741ce..b01dabfe35aa 100644
--- a/rust/kernel/alloc/kvec.rs
+++ b/rust/kernel/alloc/kvec.rs
@@ -193,6 +193,9 @@ where
     #[inline]
     pub unsafe fn set_len(&mut self, new_len: usize) {
         debug_assert!(new_len <= self.capacity());
+
+        // INVARIANT: By the safety requirements of this method `new_len` represents the exact
+        // number of elements stored within `self`.
         self.len = new_len;
     }