Make UserSlicePtr::new unsafe (#95)

* Make UserSlicePtr::new unsafe

* womp, make this pub(crate)

* fmt

* Remove unneeded unsafe

Author: alex

src/user_ptr.rs

@@ -44,13 +44,19 @@ impl UserSlicePtr {
     /// the actual pages are mapped in the current process with
     /// appropriate permissions. Those checks are handled in the read
     /// and write methods.
-    pub fn new(ptr: *mut c_types::c_void, length: usize) -> error::KernelResult<UserSlicePtr> {
+    ///
+    /// This is `unsafe` because if it is called within `set_fs(KERNEL_DS)` context then
+    /// `access_ok` will not do anything. As a result the only place you can safely use this is
+    /// with an `__user` pointer that was provided by the kernel.
+    pub(crate) unsafe fn new(
+        ptr: *mut c_types::c_void,
+        length: usize,
+    ) -> error::KernelResult<UserSlicePtr> {
         // No current access_ok implementation actually distinguishes
         // between VERIFY_READ and VERIFY_WRITE, so passing VERIFY_WRITE
         // is fine in practice and fails safe if a future implementation
         // bothers.
-        if unsafe { access_ok_helper(bindings::VERIFY_WRITE, ptr, length as c_types::c_ulong) } == 0
-        {
+        if access_ok_helper(bindings::VERIFY_WRITE, ptr, length as c_types::c_ulong) == 0 {
             return Err(error::Error::EFAULT);
         }
         return Ok(UserSlicePtr(ptr, length));