disallow (some) as conversions

See https://rust-lang.github.io/rust-clippy/master/#/as_conversions.

bpf/aya-bpf/src/helpers.rs

@@ -272,17 +272,9 @@ pub unsafe fn bpf_probe_read_str(src: *const u8, dest: &mut [u8]) -> Result<usiz
         dest.len() as u32,
         src as *const c_void,
     );
-    if len < 0 {
-        return Err(-1);
-    }
-
-    let mut len = len as usize;
-    if len > dest.len() {
-        // this can never happen, it's needed to tell the verifier that len is
-        // bounded
-        len = dest.len();
-    }
-    Ok(len)
+    let len = usize::try_from(len).map_err(|core::num::TryFromIntError { .. }| -1)?;
+    // this can never happen, it's needed to tell the verifier that len is bounded.
+    Ok(len.min(dest.len()))
 }
 
 /// Read a null-terminated string from _user space_ stored at `src` into `dest`.
@@ -316,17 +308,9 @@ pub unsafe fn bpf_probe_read_user_str(src: *const u8, dest: &mut [u8]) -> Result
         dest.len() as u32,
         src as *const c_void,
     );
-    if len < 0 {
-        return Err(-1);
-    }
-
-    let mut len = len as usize;
-    if len > dest.len() {
-        // this can never happen, it's needed to tell the verifier that len is
-        // bounded
-        len = dest.len();
-    }
-    Ok(len)
+    let len = usize::try_from(len).map_err(|core::num::TryFromIntError { .. }| -1)?;
+    // this can never happen, it's needed to tell the verifier that len is bounded.
+    Ok(len.min(dest.len()))
 }
 
 /// Returns a byte slice read from _user space_ address `src`.
@@ -474,17 +458,9 @@ pub unsafe fn bpf_probe_read_kernel_str(src: *const u8, dest: &mut [u8]) -> Resu
         dest.len() as u32,
         src as *const c_void,
     );
-    if len < 0 {
-        return Err(-1);
-    }
-
-    let mut len = len as usize;
-    if len > dest.len() {
-        // this can never happen, it's needed to tell the verifier that len is
-        // bounded
-        len = dest.len();
-    }
-    Ok(len)
+    let len = usize::try_from(len).map_err(|core::num::TryFromIntError { .. }| -1)?;
+    // this can never happen, it's needed to tell the verifier that len is bounded.
+    Ok(len.min(dest.len()))
 }
 
 /// Returns a byte slice read from _kernel space_ address `src`.

bpf/aya-bpf/src/lib.rs

@@ -11,6 +11,7 @@
 #![cfg_attr(unstable, feature(never_type))]
 #![cfg_attr(target_arch = "bpf", feature(asm_experimental_arch))]
 #![allow(clippy::missing_safety_doc)]
+#![warn(clippy::cast_lossless, clippy::cast_sign_loss)]
 #![no_std]
 
 pub use aya_bpf_bindings::bindings;
@@ -58,18 +59,17 @@ pub trait BpfContext {
 
 #[no_mangle]
 pub unsafe extern "C" fn memset(s: *mut u8, c: c_int, n: usize) {
-    let base = s as usize;
+    #[allow(clippy::cast_sign_loss)]
+    let b = c as u8;
     for i in 0..n {
-        *((base + i) as *mut u8) = c as u8;
+        *s.add(i) = b;
     }
 }
 
 #[no_mangle]
 pub unsafe extern "C" fn memcpy(dest: *mut u8, src: *mut u8, n: usize) {
-    let dest_base = dest as usize;
-    let src_base = src as usize;
     for i in 0..n {
-        *((dest_base + i) as *mut u8) = *((src_base + i) as *mut u8);
+        *dest.add(i) = *src.add(i);
     }
 }
 

bpf/aya-bpf/src/maps/perf/perf_event_array.rs

@@ -55,7 +55,7 @@ impl<T> PerfEventArray<T> {
     }
 
     pub fn output_at_index<C: BpfContext>(&self, ctx: &C, index: u32, data: &T, flags: u32) {
-        let flags = (flags as u64) << 32 | index as u64;
+        let flags = u64::from(flags) << 32 | u64::from(index);
         unsafe {
             bpf_perf_event_output(
                 ctx.as_ptr(),

bpf/aya-bpf/src/maps/perf/perf_event_byte_array.rs

@@ -52,7 +52,7 @@ impl PerfEventByteArray {
     }
 
     pub fn output_at_index<C: BpfContext>(&self, ctx: &C, index: u32, data: &[u8], flags: u32) {
-        let flags = (flags as u64) << 32 | index as u64;
+        let flags = u64::from(flags) << 32 | u64::from(index);
         unsafe {
             bpf_perf_event_output(
                 ctx.as_ptr(),

bpf/aya-bpf/src/programs/sk_buff.rs

@@ -1,5 +1,4 @@
 use core::{
-    cmp,
     ffi::c_void,
     mem::{self, MaybeUninit},
 };
@@ -88,28 +87,20 @@ impl SkBuff {
     /// Read into a `PerCpuArray`.
     #[inline(always)]
     pub fn load_bytes(&self, offset: usize, dst: &mut [u8]) -> Result<usize, c_long> {
-        if offset >= self.len() as usize {
-            return Err(-1);
-        }
-        let len = cmp::min(self.len() as isize - offset as isize, dst.len() as isize);
-        // The verifier rejects the program if it can't see that `len > 0`.
-        if len <= 0 {
-            return Err(-1);
-        }
-        // This is only needed to ensure the verifier can see the upper bound.
-        if len > dst.len() as isize {
-            return Err(-1);
-        }
+        let len = usize::try_from(self.len()).map_err(|core::num::TryFromIntError { .. }| -1)?;
+        let len = len.checked_sub(offset).ok_or(-1)?;
+        let len = len.min(dst.len());
+        let len_u32 = u32::try_from(len).map_err(|core::num::TryFromIntError { .. }| -1)?;
         let ret = unsafe {
             bpf_skb_load_bytes(
                 self.skb as *const _,
                 offset as u32,
                 dst.as_mut_ptr() as *mut _,
-                len as u32,
+                len_u32,
             )
         };
         if ret == 0 {
-            Ok(len as usize)
+            Ok(len)
         } else {
             Err(ret)
         }

bpf/aya-log-ebpf/src/lib.rs

@@ -1,4 +1,6 @@
 #![no_std]
+#![warn(clippy::cast_lossless, clippy::cast_sign_loss)]
+
 use aya_bpf::{
     macros::map,
     maps::{PerCpuArray, PerfEventByteArray},