Reduce the scope of expected warnings

This fixes a few safety comments to avoid the warnings.

aya-obj/src/btf/info.rs

@@ -83,6 +83,7 @@ impl FuncSecInfo {
     }
 
     /// Returns the number of [bpf_func_info] entries.
+    #[expect(clippy::len_without_is_empty)]
     pub fn len(&self) -> usize {
         self.func_info.len()
     }
@@ -188,6 +189,7 @@ impl LineSecInfo {
     }
 
     /// Returns the number of entries.
+    #[expect(clippy::len_without_is_empty)]
     pub fn len(&self) -> usize {
         self.line_info.len()
     }

aya-obj/src/lib.rs

@@ -66,7 +66,6 @@
 )]
 #![cfg_attr(docsrs, feature(doc_cfg))]
 #![deny(clippy::all, missing_docs)]
-#![expect(clippy::len_without_is_empty)]
 
 extern crate alloc;
 #[cfg(feature = "std")]

aya/src/bpf.rs

@@ -39,6 +39,7 @@ use crate::{
 };
 
 /// Marker trait for types that can safely be converted to and from byte slices.
+#[expect(clippy::missing_safety_doc)]
 pub unsafe trait Pod: Copy + 'static {}
 
 macro_rules! unsafe_impl_pod {

aya/src/lib.rs

@@ -71,7 +71,6 @@
     //unused_qualifications, https://github.com/rust-lang/rust/commit/9ccc7b7 added size_of to the prelude, but we need to continue to qualify it so that we build on older compilers.
     //unused_results,
 )]
-#![expect(clippy::missing_safety_doc, clippy::len_without_is_empty)]
 #![cfg_attr(
     all(feature = "async_tokio", feature = "async_std"),
     expect(unused_crate_dependencies)

aya/src/maps/array/array.rs

@@ -49,6 +49,7 @@ impl<T: Borrow<MapData>, V: Pod> Array<T, V> {
     /// Returns the number of elements in the array.
     ///
     /// This corresponds to the value of `bpf_map_def::max_entries` on the eBPF side.
+    #[expect(clippy::len_without_is_empty)]
     pub fn len(&self) -> u32 {
         self.inner.borrow().obj.max_entries()
     }

aya/src/maps/array/per_cpu_array.rs

@@ -68,6 +68,7 @@ impl<T: Borrow<MapData>, V: Pod> PerCpuArray<T, V> {
     /// Returns the number of elements in the array.
     ///
     /// This corresponds to the value of `bpf_map_def::max_entries` on the eBPF side.
+    #[expect(clippy::len_without_is_empty)]
     pub fn len(&self) -> u32 {
         self.inner.borrow().obj.max_entries()
     }

aya/src/maps/xdp/cpu_map.rs

@@ -70,6 +70,7 @@ impl<T: Borrow<MapData>> CpuMap<T> {
     /// Returns the number of elements in the array.
     ///
     /// This corresponds to the value of `bpf_map_def::max_entries` on the eBPF side.
+    #[expect(clippy::len_without_is_empty)]
     pub fn len(&self) -> u32 {
         self.inner.borrow().obj.max_entries()
     }

aya/src/maps/xdp/dev_map.rs

@@ -61,6 +61,7 @@ impl<T: Borrow<MapData>> DevMap<T> {
     /// Returns the number of elements in the array.
     ///
     /// This corresponds to the value of `bpf_map_def::max_entries` on the eBPF side.
+    #[expect(clippy::len_without_is_empty)]
     pub fn len(&self) -> u32 {
         self.inner.borrow().obj.max_entries()
     }

aya/src/maps/xdp/xsk_map.rs

@@ -50,6 +50,7 @@ impl<T: Borrow<MapData>> XskMap<T> {
     /// Returns the number of elements in the array.
     ///
     /// This corresponds to the value of `bpf_map_def::max_entries` on the eBPF side.
+    #[expect(clippy::len_without_is_empty)]
     pub fn len(&self) -> u32 {
         self.inner.borrow().obj.max_entries()
     }

aya/src/programs/mod.rs

@@ -261,6 +261,7 @@ impl ProgramId {
     ///  
     /// This method is unsafe since it doesn't check that the given `id` is a
     /// valid program id.
+    #[expect(clippy::missing_safety_doc)]
     pub unsafe fn new(id: u32) -> Self {
         Self(id)
     }

ebpf/aya-ebpf/src/args.rs

@@ -18,13 +18,17 @@ use crate::{bindings::bpf_raw_tracepoint_args, cty::c_void, helpers::bpf_probe_r
 ///
 /// Users should not implement this trait.
 ///
-/// SAFETY: This trait is _only_ safe to implement on primitive types that can fit into
+/// # Safety
+///
+/// This trait is _only_ safe to implement on primitive types that can fit into
 /// a `u64`. For example, integers and raw pointers may be coerced from a BTF context.
 pub unsafe trait FromBtfArgument: Sized {
     /// Coerces a `T` from the `n`th argument from a BTF context where `n` starts
     /// at 0 and increases by 1 for each successive argument.
     ///
-    /// SAFETY: This function is deeply unsafe, as we are reading raw pointers into kernel
+    /// # Safety
+    ///
+    /// This function is deeply unsafe, as we are reading raw pointers into kernel
     /// memory. In particular, the value of `n` must not exceed the number of function
     /// arguments. Moreover, `ctx` must be a valid pointer to a BTF context, and `T` must
     /// be the right type for the given argument.
@@ -482,7 +486,7 @@ impl RawTracepointArgs {
 
     /// Returns the n-th argument of the raw tracepoint.
     ///
-    /// ## Safety
+    /// # Safety
     ///
     /// This method is unsafe because it performs raw pointer conversion and makes assumptions
     /// about the structure of the `bpf_raw_tracepoint_args` type. The tracepoint arguments are
@@ -508,10 +512,11 @@ impl RawTracepointArgs {
     }
 }
 
+#[expect(clippy::missing_safety_doc)]
 pub unsafe trait FromRawTracepointArgs: Sized {
     /// Returns the n-th argument of the raw tracepoint.
     ///
-    /// ## Safety
+    /// # Safety
     ///
     /// This method is unsafe because it performs raw pointer conversion and makes assumptions
     /// about the structure of the `bpf_raw_tracepoint_args` type. The tracepoint arguments are

ebpf/aya-ebpf/src/lib.rs

@@ -11,7 +11,6 @@
 #![cfg_attr(unstable, expect(incomplete_features), feature(generic_const_exprs))]
 #![cfg_attr(unstable, feature(never_type))]
 #![cfg_attr(target_arch = "bpf", feature(asm_experimental_arch))]
-#![expect(clippy::missing_safety_doc)]
 #![deny(warnings)]
 #![warn(clippy::cast_lossless, clippy::cast_sign_loss)]
 #![no_std]
@@ -20,6 +19,7 @@ pub use aya_ebpf_bindings::bindings;
 
 mod args;
 pub use args::{PtRegs, RawTracepointArgs};
+#[expect(clippy::missing_safety_doc)]
 pub mod helpers;
 pub mod maps;
 pub mod programs;
@@ -62,6 +62,7 @@ pub trait EbpfContext {
 }
 
 #[no_mangle]
+#[expect(clippy::missing_safety_doc)]
 pub unsafe extern "C" fn memset(s: *mut u8, c: c_int, n: usize) {
     #[expect(clippy::cast_sign_loss)]
     let b = c as u8;
@@ -71,11 +72,13 @@ pub unsafe extern "C" fn memset(s: *mut u8, c: c_int, n: usize) {
 }
 
 #[no_mangle]
+#[expect(clippy::missing_safety_doc)]
 pub unsafe extern "C" fn memcpy(dest: *mut u8, src: *mut u8, n: usize) {
     copy_forward(dest, src, n);
 }
 
 #[no_mangle]
+#[expect(clippy::missing_safety_doc)]
 pub unsafe extern "C" fn memmove(dest: *mut u8, src: *mut u8, n: usize) {
     let delta = (dest as usize).wrapping_sub(src as usize);
     if delta >= n {

ebpf/aya-ebpf/src/maps/hash_map.rs

@@ -49,10 +49,12 @@ impl<K, V> HashMap<K, V> {
     }
 
     /// Retrieve the value associate with `key` from the map.
-    /// This function is unsafe. Unless the map flag `BPF_F_NO_PREALLOC` is used, the kernel does not
-    /// make guarantee on the atomicity of `insert` or `remove`, and any element removed from the
-    /// map might get aliased by another element in the map, causing garbage to be read, or
-    /// corruption in case of writes.
+    ///
+    /// # Safety
+    ///
+    /// Unless the map flag `BPF_F_NO_PREALLOC` is used, the kernel does not guarantee the atomicity
+    /// of `insert` or `remove`, and any element removed from the map might get aliased by another
+    /// element in the map, causing garbage to be read, or corruption in case of writes.
     #[inline]
     pub unsafe fn get(&self, key: &K) -> Option<&V> {
         get(self.def.get(), key)
@@ -123,10 +125,12 @@ impl<K, V> LruHashMap<K, V> {
     }
 
     /// Retrieve the value associate with `key` from the map.
-    /// This function is unsafe. Unless the map flag `BPF_F_NO_PREALLOC` is used, the kernel does not
-    /// make guarantee on the atomicity of `insert` or `remove`, and any element removed from the
-    /// map might get aliased by another element in the map, causing garbage to be read, or
-    /// corruption in case of writes.
+    ///
+    /// # Safety
+    ///
+    /// Unless the map flag `BPF_F_NO_PREALLOC` is used, the kernel does not guarantee the atomicity
+    /// of `insert` or `remove`, and any element removed from the map might get aliased by another
+    /// element in the map, causing garbage to be read, or corruption in case of writes.
     #[inline]
     pub unsafe fn get(&self, key: &K) -> Option<&V> {
         get(self.def.get(), key)
@@ -197,10 +201,12 @@ impl<K, V> PerCpuHashMap<K, V> {
     }
 
     /// Retrieve the value associate with `key` from the map.
-    /// This function is unsafe. Unless the map flag `BPF_F_NO_PREALLOC` is used, the kernel does not
-    /// make guarantee on the atomicity of `insert` or `remove`, and any element removed from the
-    /// map might get aliased by another element in the map, causing garbage to be read, or
-    /// corruption in case of writes.
+    ///
+    /// # Safety
+    ///
+    /// Unless the map flag `BPF_F_NO_PREALLOC` is used, the kernel does not guarantee the atomicity
+    /// of `insert` or `remove`, and any element removed from the map might get aliased by another
+    /// element in the map, causing garbage to be read, or corruption in case of writes.
     #[inline]
     pub unsafe fn get(&self, key: &K) -> Option<&V> {
         get(self.def.get(), key)
@@ -271,10 +277,12 @@ impl<K, V> LruPerCpuHashMap<K, V> {
     }
 
     /// Retrieve the value associate with `key` from the map.
-    /// This function is unsafe. Unless the map flag `BPF_F_NO_PREALLOC` is used, the kernel does not
-    /// make guarantee on the atomicity of `insert` or `remove`, and any element removed from the
-    /// map might get aliased by another element in the map, causing garbage to be read, or
-    /// corruption in case of writes.
+    ///
+    /// # Safety
+    ///
+    /// Unless the map flag `BPF_F_NO_PREALLOC` is used, the kernel does not guarantee the atomicity
+    /// of `insert` or `remove`, and any element removed from the map might get aliased by another
+    /// element in the map, causing garbage to be read, or corruption in case of writes.
     #[inline]
     pub unsafe fn get(&self, key: &K) -> Option<&V> {
         get(self.def.get(), key)

ebpf/aya-ebpf/src/maps/sock_map.rs

@@ -50,6 +50,7 @@ impl SockMap {
         }
     }
 
+    #[expect(clippy::missing_safety_doc)]
     pub unsafe fn update(
         &self,
         mut index: u32,
@@ -69,6 +70,7 @@ impl SockMap {
         }
     }
 
+    #[expect(clippy::missing_safety_doc)]
     pub unsafe fn redirect_msg(&self, ctx: &SkMsgContext, index: u32, flags: u64) -> i64 {
         bpf_msg_redirect_map(
             ctx.as_ptr() as *mut _,
@@ -78,6 +80,7 @@ impl SockMap {
         )
     }
 
+    #[expect(clippy::missing_safety_doc)]
     pub unsafe fn redirect_skb(&self, ctx: &SkBuffContext, index: u32, flags: u64) -> i64 {
         bpf_sk_redirect_map(
             ctx.as_ptr() as *mut _,

ebpf/aya-ebpf/src/maps/stack_trace.rs

@@ -45,6 +45,7 @@ impl StackTrace {
         }
     }
 
+    #[expect(clippy::missing_safety_doc)]
     pub unsafe fn get_stackid<C: EbpfContext>(&self, ctx: &C, flags: u64) -> Result<i64, i64> {
         let ret = bpf_get_stackid(ctx.as_ptr(), self.def.get() as *mut _, flags);
         if ret < 0 {

ebpf/aya-ebpf/src/programs/fentry.rs

@@ -31,6 +31,7 @@ impl FEntryContext {
     ///     Ok(0)
     /// }
     /// ```
+    #[expect(clippy::missing_safety_doc)]
     pub unsafe fn arg<T: FromBtfArgument>(&self, n: usize) -> T {
         T::from_argument(self.ctx as *const _, n)
     }

ebpf/aya-ebpf/src/programs/fexit.rs

@@ -31,6 +31,7 @@ impl FExitContext {
     ///     Ok(0)
     /// }
     /// ```
+    #[expect(clippy::missing_safety_doc)]
     pub unsafe fn arg<T: FromBtfArgument>(&self, n: usize) -> T {
         T::from_argument(self.ctx as *const _, n)
     }

ebpf/aya-ebpf/src/programs/lsm.rs

@@ -22,7 +22,9 @@ impl LsmContext {
     /// this code path, or 0 if this is the first LSM program to be called. This phony
     /// argument is always last in the argument list.
     ///
-    /// SAFETY: This function is deeply unsafe, as we are reading raw pointers into kernel memory.
+    /// # Safety
+    ///
+    /// This function is deeply unsafe, as we are reading raw pointers into kernel memory.
     /// In particular, the value of `n` must not exceed the number of function arguments.
     /// Luckily, the BPF verifier will catch this for us.
     ///

ebpf/aya-ebpf/src/programs/raw_tracepoint.rs

@@ -13,6 +13,7 @@ impl RawTracePointContext {
         }
     }
 
+    #[expect(clippy::missing_safety_doc)]
     pub unsafe fn arg<T: FromRawTracepointArgs>(&self, n: usize) -> T {
         T::from_argument(&*self.ctx, n)
     }

ebpf/aya-ebpf/src/programs/tp_btf.rs

@@ -16,7 +16,9 @@ impl BtfTracePointContext {
     /// You can use the tplist tool provided by bcc to get a list of tracepoints and their
     /// arguments. TODO: document this better, possibly add a tplist alternative to aya.
     ///
-    /// SAFETY: This function is deeply unsafe, as we are reading raw pointers into kernel memory.
+    /// # Safety
+    ///
+    /// This function is deeply unsafe, as we are reading raw pointers into kernel memory.
     /// In particular, the value of `n` must not exceed the number of function arguments.
     /// Luckily, the BPF verifier will catch this for us.
     ///

ebpf/aya-ebpf/src/programs/tracepoint.rs

@@ -11,6 +11,7 @@ impl TracePointContext {
         TracePointContext { ctx }
     }
 
+    #[expect(clippy::missing_safety_doc)]
     pub unsafe fn read_at<T>(&self, offset: usize) -> Result<T, i64> {
         bpf_probe_read(self.ctx.add(offset) as *const T)
     }