From a755d6eab7d42c03fe52ed19458a0ac7c21e9b79 Mon Sep 17 00:00:00 2001 From: enricobuehler Date: Thu, 25 Jun 2026 13:19:38 +0000 Subject: [PATCH] =?UTF-8?q?chore(windows-drivers):=20deny(unsafe=5Fop=5Fin?= =?UTF-8?q?=5Funsafe=5Ffn)=20on=20the=20driver=20crates=20(audit=20=C2=A78?= =?UTF-8?q?=20P0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Lock in the explicit-unsafe-block discipline so a fn-level 'unsafe' never silently blesses its whole body (the per-site // SAFETY: comments already landed in STEP 8). Builds clean on the RTX box — no fallout. The host-wide unsafe-lint sweep + clippy::undocumented_unsafe_blocks (hundreds of blocks across Linux+Windows) are a larger dedicated follow-up. Co-Authored-By: Claude Opus 4.8 (1M context) --- packaging/windows/drivers/pf-vdisplay/src/lib.rs | 4 ++++ packaging/windows/drivers/wdk-iddcx/src/lib.rs | 2 ++ 2 files changed, 6 insertions(+) diff --git a/packaging/windows/drivers/pf-vdisplay/src/lib.rs b/packaging/windows/drivers/pf-vdisplay/src/lib.rs index 73e8c80..5976ffe 100644 --- a/packaging/windows/drivers/pf-vdisplay/src/lib.rs +++ b/packaging/windows/drivers/pf-vdisplay/src/lib.rs @@ -9,6 +9,10 @@ //! control plane + monitor/modes (STEP 4), and swap-chain/IDD-push (STEP 5-6) fill the stubs in. #![allow(non_snake_case, clippy::missing_safety_doc)] +// P0 lint (audit §8): an unsafe op inside an `unsafe fn` must be in an explicit `unsafe {}` block, so the +// fn-level `unsafe` never silently blesses the whole body. (The per-site `// SAFETY:` discipline already +// landed in STEP 8.) +#![deny(unsafe_op_in_unsafe_fn)] #[macro_use] mod log; diff --git a/packaging/windows/drivers/wdk-iddcx/src/lib.rs b/packaging/windows/drivers/wdk-iddcx/src/lib.rs index 0c2cff4..fdd8e51 100644 --- a/packaging/windows/drivers/wdk-iddcx/src/lib.rs +++ b/packaging/windows/drivers/wdk-iddcx/src/lib.rs @@ -10,6 +10,8 @@ //! code — handled at the call site in STEP 5). #![no_std] #![allow(non_snake_case, clippy::missing_safety_doc)] +// P0 lint (audit §8): require explicit `unsafe {}` blocks inside `unsafe fn`s. +#![deny(unsafe_op_in_unsafe_fn)] pub use wdk_sys::iddcx;