On Mon, Jun 9, 2025 at 8:13 PM Danilo Krummrich <dakr@xxxxxxxxxx> wrote: > > On Mon, Jun 09, 2025 at 01:24:40PM -0300, Daniel Almeida wrote: > > > > This iteration converted register() from pub to pub(crate). The idea was to > > force drivers to use the accessors. I assumed this was enough to make the API > > safe, as the few users in the kernel crate (i.e.: so far platform and pci) > > could be manually checked for correctness. > > > > To summarize my point, there is still the possibility of misusing this from the > > kernel crate itself, but that is no longer possible from a driver's > > perspective. > > Correct, you made Registration::new() crate private, such that drivers can't > access it anymore. But that doesn't make the function safe by itself. It's still > unsafe to be used from platform::Device and pci::Device. Yeah. Even if a function is fully private (i.e. not even `pub(crate)`), then it should still be marked as unsafe if it is so. Cheers, Miguel
