chore: mark CPUID-related functions with allow(unused_unsafe)

JamesC1305 · JamesC1305 · commit 8633fcdfe2a2 · 2026-03-20T16:23:46.000Z
As of rust toolchain version 1.94.0, CPUID-related functions from the standard library are no longer unsafe [1]. However, we cannot simply remove them as the nightly toolchain used by Kani has not been updated to a version with this change. Add TODO comments to remove unsafe blocks when Kani toolchain is updated. [1]: rust-lang/stdarch#1935 Signed-off-by: James Curtis <jxcurtis@amazon.co.uk>
diff --git a/src/vmm/src/arch/x86_64/cpu_model.rs b/src/vmm/src/arch/x86_64/cpu_model.rs
@@ -60,6 +60,8 @@ impl CpuModel {
     pub fn get_cpu_model() -> Self {
         // SAFETY: This operation is safe as long as the processor implements this CPUID function.
         // 0x1 is the defined code for getting the processor version information.
+        // TODO: Remove `unsafe` block when Kani nightly toolchain is updated to be >=1.94.0
+        #[allow(unused_unsafe)]
         let eax = unsafe { host_cpuid(0x1) }.eax;
         CpuModel::from(&eax)
     }
diff --git a/src/vmm/src/cpu_config/x86_64/cpuid/common.rs b/src/vmm/src/cpu_config/x86_64/cpuid/common.rs
@@ -25,6 +25,8 @@ pub enum GetCpuidError {
 /// - When the given `leaf` is more than `max_leaf` supported by CPUID.
 /// - When the CPUID leaf `sub-leaf` is invalid (all its register equal 0).
 pub fn get_cpuid(leaf: u32, subleaf: u32) -> Result<std::arch::x86_64::CpuidResult, GetCpuidError> {
+    // TODO: Remove `unsafe` block when Kani nightly toolchain is updated to be >=1.94.0
+    #[allow(unused_unsafe)]
     let max_leaf =
         // JUSTIFICATION: There is no safe alternative.
         // SAFETY: This is safe because the host supports the `cpuid` instruction
@@ -144,6 +146,8 @@ mod tests {
 
     #[test]
     fn get_cpuid_unsupported_leaf() {
+        // TODO: Remove `unsafe` block when Kani nightly toolchain is updated to be >=1.94.0
+        #[allow(unused_unsafe)]
         let max_leaf =
             // JUSTIFICATION: There is no safe alternative.
             // SAFETY: This is safe because the host supports the `cpuid` instruction
diff --git a/src/vmm/src/cpu_config/x86_64/cpuid/mod.rs b/src/vmm/src/cpu_config/x86_64/cpuid/mod.rs
@@ -77,6 +77,8 @@ fn cpuid(leaf: u32) -> std::arch::x86_64::CpuidResult {
 fn cpuid_count(leaf: u32, subleaf: u32) -> std::arch::x86_64::CpuidResult {
     // JUSTIFICATION: There is no safe alternative.
     // SAFETY: The `cfg(cpuid)` wrapping the `cpuid` module guarantees `CPUID` is supported.
+    // TODO: Remove `unsafe` block when Kani nightly toolchain is updated to be >=1.94.0
+    #[allow(unused_unsafe)]
     unsafe { std::arch::x86_64::__cpuid_count(leaf, subleaf) }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -60,6 +60,8 @@ impl CpuModel {`
`60`	`60`	`pub fn get_cpu_model() -> Self {`
`61`	`61`	`// SAFETY: This operation is safe as long as the processor implements this CPUID function.`
`62`	`62`	`// 0x1 is the defined code for getting the processor version information.`
	`63`	+ // TODO: Remove `unsafe` block when Kani nightly toolchain is updated to be >=1.94.0
	`64`	`+ #[allow(unused_unsafe)]`
`63`	`65`	`let eax = unsafe { host_cpuid(0x1) }.eax;`
`64`	`66`	`CpuModel::from(&eax)`
`65`	`67`	`}`
Original file line number	Diff line number	Diff line change
`@@ -77,6 +77,8 @@ fn cpuid(leaf: u32) -> std::arch::x86_64::CpuidResult {`
`77`	`77`	`fn cpuid_count(leaf: u32, subleaf: u32) -> std::arch::x86_64::CpuidResult {`
`78`	`78`	`// JUSTIFICATION: There is no safe alternative.`
`79`	`79`	// SAFETY: The `cfg(cpuid)` wrapping the `cpuid` module guarantees `CPUID` is supported.
	`80`	+ // TODO: Remove `unsafe` block when Kani nightly toolchain is updated to be >=1.94.0
	`81`	`+ #[allow(unused_unsafe)]`
`80`	`82`	`unsafe { std::arch::x86_64::__cpuid_count(leaf, subleaf) }`
`81`	`83`	`}`
`82`	`84`