@@ -221,8 +221,6 @@ pub mod linux {
221221 let mut mapping = MemMapping :: new ( ) ?;
222222 let size = mapping_size ( ) ;
223223
224- check_atomic_u64_align_constraints ( ) ?;
225-
226224 // Safety: the invariants of MemMapping ensures `start_addr` is not null and comes
227225 // from a previous call to `mmap`
228226 unsafe { madvise ( mapping. start_addr , size, Advice :: LinuxDontFork ) }
@@ -273,24 +271,28 @@ pub mod linux {
273271fn update ( & mut self , payload : Vec < u8 > ) -> anyhow:: Result < ( ) > {
274272 let header = self . mapping . start_addr as * mut MappingHeader ;
275273
276- check_atomic_u64_align_constraints ( ) ?;
277-
278274 let published_at_ns = time_now_ns ( )
279275 . ok_or_else ( || anyhow:: anyhow!( "could not get the current timestamp" ) ) ?;
280276 let payload_size = payload. len ( ) . try_into ( ) . map_err ( |_| {
281277 anyhow:: anyhow!( "couldn't update process protocol: new payload too large" )
282278 } ) ?;
283279
284- // Safety: we checked the alignment constraints, and the header memory is valid for
285- // both read and writes.
280+ // Safety
281+ //
282+ // [^atomic-u64-alignment]: Page size is at minimum 4KB and will be always 8 bytes
283+ // aligned even on exotic platforms. The respective offsets of `signature` and
284+ // `published_at_ns` are 0 and 16 bytes, so they are 8-bytes aligned (`AtomicU64` has
285+ // both a size and align of 8 bytes).
286+ //
287+ // The header memory is valid for both read and writes.
286288 let published_at_atomic =
287289 unsafe { AtomicU64 :: from_ptr ( addr_of_mut ! ( ( * header) . published_at_ns) ) } ;
288290
289291 // A process shouldn't try to concurrently update its own context
290292 //
291293 // Note: be careful of early return while `published_at` is still zero, as this would
292294 // effectively "lock" any future publishing. Move throwing code above this swap, or
293- // properly restore the previous value the former can't be done.
295+ // properly restore the previous value if the former can't be done.
294296 if published_at_atomic. swap ( 0 , Ordering :: Relaxed ) == 0 {
295297 return Err ( anyhow:: anyhow!(
296298 "concurrent update of the process context is not supported"
@@ -314,24 +316,6 @@ pub mod linux {
314316 }
315317 }
316318
317- // Checks that the layout allows us to access `signature` and `published_at_ns` as
318- // atomics u64.
319- fn check_atomic_u64_align_constraints ( ) -> anyhow:: Result < ( ) > {
320- // Page size is at minimum 4KB and will be always 8 bytes aligned even on
321- // exotic platforms. The respective offsets of `signature` and `published_at_ns` are
322- // 0 and 16 bytes, so it suffices for `AtomicU64` to require an alignment of at most 8
323- // (which is the expected alignment anyway).
324- //
325- // Note that `align_of` is a `const fn`, so this is in fact a compile-time check and
326- // will be optimized away, hence the `allow(unreachable_code)`.
327- #[ allow( unreachable_code) ]
328- if std:: mem:: align_of :: < AtomicU64 > ( ) <= 8 {
329- Ok ( ( ) )
330- } else {
331- Err ( anyhow:: anyhow!( "alignment constraints forbid the use of atomics for publishing the protocol context" ) )
332- }
333- }
334-
335319 // Whether this size depends on the page size or not in the future, Rustix's `page_size()`
336320 // caches the value in a static atomic, so it's ok to call `mapping_size()` repeatedly; it
337321 // won't result in a syscall each time.
@@ -427,7 +411,7 @@ pub mod linux {
427411 // we found in /proc/self/maps. This should be safe as long as the
428412 // mapping exists and has read permissions.
429413 //
430- // The atomic alignment constraints are checked during publication .
414+ // For the alignment constraint of `AtomicU64`, see [atomic-u64-alignment] .
431415 let signature = unsafe { AtomicU64 :: from_ptr ( ptr) . load ( Ordering :: Relaxed ) } ;
432416 fence ( Ordering :: SeqCst ) ;
433417 & signature. to_ne_bytes ( ) == super :: SIGNATURE
0 commit comments