From d7c67f8c4d647c44587604cca8f5494b5f095878 Mon Sep 17 00:00:00 2001
From: Steve Lau <stevelauc@outlook.com>
Date: Sun, 19 Nov 2023 20:55:55 +0800
Subject: [PATCH] refactor: enable lint unsafe_op_in_unsafe_fn

---
 src/env.rs                |   2 +-
 src/errno.rs              |  12 ++---
 src/ifaddrs.rs            |  26 ++++-----
 src/lib.rs                |   1 +
 src/pty.rs                |   8 +--
 src/sched.rs              |  24 +++++----
 src/sys/inotify.rs        |   2 +-
 src/sys/ioctl/mod.rs      |  68 +++++++++++++++++-------
 src/sys/mman.rs           |  80 ++++++++++++++++++----------
 src/sys/ptrace/bsd.rs     |  16 +++---
 src/sys/ptrace/linux.rs   |  22 ++++----
 src/sys/signal.rs         |  46 ++++++++--------
 src/sys/socket/addr.rs    | 107 +++++++++++++++++++-------------------
 src/sys/socket/mod.rs     |  94 ++++++++++++++++++---------------
 src/sys/socket/sockopt.rs |  10 ++--
 src/sys/timerfd.rs        |   2 +-
 src/sys/wait.rs           |   4 +-
 src/unistd.rs             |  12 ++---
 18 files changed, 308 insertions(+), 228 deletions(-)

diff --git a/src/env.rs b/src/env.rs
index 95177a1d2a..e4ad0a628a 100644
--- a/src/env.rs
+++ b/src/env.rs
@@ -46,7 +46,7 @@ pub unsafe fn clearenv() -> std::result::Result<(), ClearEnvError> {
                      target_os = "linux",
                      target_os = "android",
                      target_os = "emscripten"))] {
-            let ret = libc::clearenv();
+            let ret = unsafe { libc::clearenv() };
         } else {
             use std::env;
             for (name, _) in env::vars_os() {
diff --git a/src/errno.rs b/src/errno.rs
index 6b69ccac00..869413eaf5 100644
--- a/src/errno.rs
+++ b/src/errno.rs
@@ -10,32 +10,32 @@ cfg_if! {
     if #[cfg(any(target_os = "freebsd",
                  apple_targets,))] {
         unsafe fn errno_location() -> *mut c_int {
-            libc::__error()
+            unsafe { libc::__error() }
         }
     } else if #[cfg(any(target_os = "android",
                         target_os = "netbsd",
                         target_os = "openbsd"))] {
         unsafe fn errno_location() -> *mut c_int {
-            libc::__errno()
+            unsafe { libc::__errno() }
         }
     } else if #[cfg(any(target_os = "linux",
                         target_os = "redox",
                         target_os = "dragonfly",
                         target_os = "fuchsia"))] {
         unsafe fn errno_location() -> *mut c_int {
-            libc::__errno_location()
+            unsafe { libc::__errno_location() }
         }
     } else if #[cfg(any(target_os = "illumos", target_os = "solaris"))] {
         unsafe fn errno_location() -> *mut c_int {
-            libc::___errno()
+            unsafe { libc::___errno() }
         }
     } else if #[cfg(any(target_os = "haiku",))] {
         unsafe fn errno_location() -> *mut c_int {
-            libc::_errnop()
+            unsafe { libc::_errnop() }
         }
     } else if #[cfg(any(target_os = "aix"))] {
         unsafe fn errno_location() -> *mut c_int {
-            libc::_Errno()
+            unsafe { libc::_Errno() }
         }
     }
 }
diff --git a/src/ifaddrs.rs b/src/ifaddrs.rs
index 75795dfe9e..e90b26d012 100644
--- a/src/ifaddrs.rs
+++ b/src/ifaddrs.rs
@@ -62,22 +62,24 @@ unsafe fn workaround_xnu_bug(info: &libc::ifaddrs) -> Option<SockaddrStorage> {
 
     let mut dst_sock = mem::MaybeUninit::<libc::sockaddr_storage>::zeroed();
 
-    // memcpy only sa_len bytes, assume the rest is zero
-    std::ptr::copy_nonoverlapping(
-        src_sock as *const u8,
-        dst_sock.as_mut_ptr().cast(),
-        (*src_sock).sa_len.into(),
-    );
-
-    // Initialize ss_len to sizeof(libc::sockaddr_storage).
-    (*dst_sock.as_mut_ptr()).ss_len =
-        u8::try_from(mem::size_of::<libc::sockaddr_storage>()).unwrap();
-    let dst_sock = dst_sock.assume_init();
+    let dst_sock = unsafe {
+        // memcpy only sa_len bytes, assume the rest is zero
+        std::ptr::copy_nonoverlapping(
+            src_sock as *const u8,
+            dst_sock.as_mut_ptr().cast(),
+            (*src_sock).sa_len.into(),
+        );
+
+        // Initialize ss_len to sizeof(libc::sockaddr_storage).
+        (*dst_sock.as_mut_ptr()).ss_len =
+            u8::try_from(mem::size_of::<libc::sockaddr_storage>()).unwrap();
+        dst_sock.assume_init()
+    };
 
     let dst_sock_ptr =
         &dst_sock as *const libc::sockaddr_storage as *const libc::sockaddr;
 
-    SockaddrStorage::from_raw(dst_sock_ptr, None)
+    unsafe { SockaddrStorage::from_raw(dst_sock_ptr, None) }
 }
 
 impl InterfaceAddress {
diff --git a/src/lib.rs b/src/lib.rs
index 7bf5ce983c..467b839d56 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -89,6 +89,7 @@
 #![warn(missing_docs)]
 #![cfg_attr(docsrs, feature(doc_cfg))]
 #![deny(clippy::cast_ptr_alignment)]
+#![deny(unsafe_op_in_unsafe_fn)]
 
 // Re-exported external crates
 pub use libc;
diff --git a/src/pty.rs b/src/pty.rs
index 3cbb118ac5..0b5f3e1085 100644
--- a/src/pty.rs
+++ b/src/pty.rs
@@ -169,12 +169,12 @@ pub fn posix_openpt(flags: fcntl::OFlag) -> Result<PtyMaster> {
 /// For a threadsafe and non-`unsafe` alternative on Linux, see `ptsname_r()`.
 #[inline]
 pub unsafe fn ptsname(fd: &PtyMaster) -> Result<String> {
-    let name_ptr = libc::ptsname(fd.as_raw_fd());
+    let name_ptr = unsafe { libc::ptsname(fd.as_raw_fd()) };
     if name_ptr.is_null() {
         return Err(Errno::last());
     }
 
-    let name = CStr::from_ptr(name_ptr);
+    let name = unsafe { CStr::from_ptr(name_ptr) };
     Ok(name.to_string_lossy().into_owned())
 }
 
@@ -341,7 +341,7 @@ pub unsafe fn forkpty<'a, 'b, T: Into<Option<&'a Winsize>>, U: Into<Option<&'b T
         .map(|ws| ws as *const Winsize as *mut _)
         .unwrap_or(ptr::null_mut());
 
-    let res = libc::forkpty(master.as_mut_ptr(), ptr::null_mut(), term, win);
+    let res = unsafe { libc::forkpty(master.as_mut_ptr(), ptr::null_mut(), term, win) };
 
     let fork_result = Errno::result(res).map(|res| match res {
         0 => ForkResult::Child,
@@ -349,7 +349,7 @@ pub unsafe fn forkpty<'a, 'b, T: Into<Option<&'a Winsize>>, U: Into<Option<&'b T
     })?;
 
     Ok(ForkptyResult {
-        master: OwnedFd::from_raw_fd(master.assume_init()),
+        master: unsafe { OwnedFd::from_raw_fd( master.assume_init() ) },
         fork_result,
     })
 }
diff --git a/src/sched.rs b/src/sched.rs
index 175fc466e5..f11d600545 100644
--- a/src/sched.rs
+++ b/src/sched.rs
@@ -116,17 +116,19 @@ mod sched_linux_like {
         }
 
         let combined = flags.bits() | signal.unwrap_or(0);
-        let ptr = stack.as_mut_ptr().add(stack.len());
-        let ptr_aligned = ptr.sub(ptr as usize % 16);
-        let res = libc::clone(
-            mem::transmute(
-                callback
-                    as extern "C" fn(*mut Box<dyn FnMut() -> isize>) -> i32,
-            ),
-            ptr_aligned as *mut c_void,
-            combined,
-            &mut cb as *mut _ as *mut c_void,
-        );
+        let res = unsafe {
+            let ptr = stack.as_mut_ptr().add(stack.len());
+            let ptr_aligned = ptr.sub(ptr as usize % 16);
+            libc::clone(
+                mem::transmute(
+                    callback
+                        as extern "C" fn(*mut Box<dyn FnMut() -> isize>) -> i32,
+                ),
+                ptr_aligned as *mut c_void,
+                combined,
+                &mut cb as *mut _ as *mut c_void,
+            )
+        };
 
         Errno::result(res).map(Pid::from_raw)
     }
diff --git a/src/sys/inotify.rs b/src/sys/inotify.rs
index a3a037689f..9cbeb53973 100644
--- a/src/sys/inotify.rs
+++ b/src/sys/inotify.rs
@@ -244,7 +244,7 @@ impl Inotify {
 impl FromRawFd for Inotify {
     unsafe fn from_raw_fd(fd: RawFd) -> Self {
         Inotify {
-            fd: OwnedFd::from_raw_fd(fd),
+            fd: unsafe { OwnedFd::from_raw_fd(fd) },
         }
     }
 }
diff --git a/src/sys/ioctl/mod.rs b/src/sys/ioctl/mod.rs
index 1eda874966..9694f204f6 100644
--- a/src/sys/ioctl/mod.rs
+++ b/src/sys/ioctl/mod.rs
@@ -72,7 +72,7 @@
 //! # const SPI_IOC_MAGIC: u8 = b'k'; // Defined in linux/spi/spidev.h
 //! # const SPI_IOC_TYPE_MODE: u8 = 1;
 //! pub unsafe fn spi_read_mode(fd: c_int, data: *mut u8) -> Result<c_int> {
-//!     let res = libc::ioctl(fd, request_code_read!(SPI_IOC_MAGIC, SPI_IOC_TYPE_MODE, mem::size_of::<u8>()), data);
+//!     let res = unsafe { libc::ioctl(fd, request_code_read!(SPI_IOC_MAGIC, SPI_IOC_TYPE_MODE, mem::size_of::<u8>()), data) };
 //!     Errno::result(res)
 //! }
 //! # fn main() {}
@@ -179,9 +179,13 @@
 //! # const SPI_IOC_TYPE_MESSAGE: u8 = 0;
 //! # pub struct spi_ioc_transfer(u64);
 //! pub unsafe fn spi_message(fd: c_int, data: &mut [spi_ioc_transfer]) -> Result<c_int> {
-//!     let res = libc::ioctl(fd,
-//!                           request_code_write!(SPI_IOC_MAGIC, SPI_IOC_TYPE_MESSAGE, data.len() * mem::size_of::<spi_ioc_transfer>()),
-//!                           data.as_ptr());
+//!     let res = unsafe {
+//!         libc::ioctl(
+//!             fd,
+//!             request_code_write!(SPI_IOC_MAGIC, SPI_IOC_TYPE_MESSAGE, data.len() * mem::size_of::<spi_ioc_transfer>()),
+//!             data
+//!         )
+//!     };
 //!     Errno::result(res)
 //! }
 //! # fn main() {}
@@ -303,7 +307,9 @@ macro_rules! ioctl_none {
         $(#[$attr])*
         pub unsafe fn $name(fd: $crate::libc::c_int)
                             -> $crate::Result<$crate::libc::c_int> {
-            convert_ioctl_res!($crate::libc::ioctl(fd, request_code_none!($ioty, $nr) as $crate::sys::ioctl::ioctl_num_type))
+            unsafe {
+                convert_ioctl_res!($crate::libc::ioctl(fd, request_code_none!($ioty, $nr) as $crate::sys::ioctl::ioctl_num_type))
+            }
         }
     )
 }
@@ -343,7 +349,9 @@ macro_rules! ioctl_none_bad {
         $(#[$attr])*
         pub unsafe fn $name(fd: $crate::libc::c_int)
                             -> $crate::Result<$crate::libc::c_int> {
-            convert_ioctl_res!($crate::libc::ioctl(fd, $nr as $crate::sys::ioctl::ioctl_num_type))
+            unsafe {
+                convert_ioctl_res!($crate::libc::ioctl(fd, $nr as $crate::sys::ioctl::ioctl_num_type))
+            }
         }
     )
 }
@@ -381,7 +389,9 @@ macro_rules! ioctl_read {
         pub unsafe fn $name(fd: $crate::libc::c_int,
                             data: *mut $ty)
                             -> $crate::Result<$crate::libc::c_int> {
-            convert_ioctl_res!($crate::libc::ioctl(fd, request_code_read!($ioty, $nr, ::std::mem::size_of::<$ty>()) as $crate::sys::ioctl::ioctl_num_type, data))
+            unsafe {
+                convert_ioctl_res!($crate::libc::ioctl(fd, request_code_read!($ioty, $nr, ::std::mem::size_of::<$ty>()) as $crate::sys::ioctl::ioctl_num_type, data))
+            }
         }
     )
 }
@@ -417,7 +427,9 @@ macro_rules! ioctl_read_bad {
         pub unsafe fn $name(fd: $crate::libc::c_int,
                             data: *mut $ty)
                             -> $crate::Result<$crate::libc::c_int> {
-            convert_ioctl_res!($crate::libc::ioctl(fd, $nr as $crate::sys::ioctl::ioctl_num_type, data))
+            unsafe {
+                convert_ioctl_res!($crate::libc::ioctl(fd, $nr as $crate::sys::ioctl::ioctl_num_type, data))
+            }
         }
     )
 }
@@ -454,7 +466,9 @@ macro_rules! ioctl_write_ptr {
         pub unsafe fn $name(fd: $crate::libc::c_int,
                             data: *const $ty)
                             -> $crate::Result<$crate::libc::c_int> {
-            convert_ioctl_res!($crate::libc::ioctl(fd, request_code_write!($ioty, $nr, ::std::mem::size_of::<$ty>()) as $crate::sys::ioctl::ioctl_num_type, data))
+            unsafe {
+                convert_ioctl_res!($crate::libc::ioctl(fd, request_code_write!($ioty, $nr, ::std::mem::size_of::<$ty>()) as $crate::sys::ioctl::ioctl_num_type, data))
+            }
         }
     )
 }
@@ -490,7 +504,9 @@ macro_rules! ioctl_write_ptr_bad {
         pub unsafe fn $name(fd: $crate::libc::c_int,
                             data: *const $ty)
                             -> $crate::Result<$crate::libc::c_int> {
-            convert_ioctl_res!($crate::libc::ioctl(fd, $nr as $crate::sys::ioctl::ioctl_num_type, data))
+            unsafe {
+                convert_ioctl_res!($crate::libc::ioctl(fd, $nr as $crate::sys::ioctl::ioctl_num_type, data))
+            }
         }
     )
 }
@@ -531,7 +547,9 @@ cfg_if! {
                 pub unsafe fn $name(fd: $crate::libc::c_int,
                                     data: $crate::sys::ioctl::ioctl_param_type)
                                     -> $crate::Result<$crate::libc::c_int> {
-                    convert_ioctl_res!($crate::libc::ioctl(fd, request_code_write_int!($ioty, $nr) as $crate::sys::ioctl::ioctl_num_type, data))
+                    unsafe {
+                        convert_ioctl_res!($crate::libc::ioctl(fd, request_code_write_int!($ioty, $nr) as $crate::sys::ioctl::ioctl_num_type, data))
+                    }
                 }
             )
         }
@@ -572,7 +590,9 @@ cfg_if! {
                 pub unsafe fn $name(fd: $crate::libc::c_int,
                                     data: $crate::sys::ioctl::ioctl_param_type)
                                     -> $crate::Result<$crate::libc::c_int> {
-                    convert_ioctl_res!($crate::libc::ioctl(fd, request_code_write!($ioty, $nr, ::std::mem::size_of::<$crate::libc::c_int>()) as $crate::sys::ioctl::ioctl_num_type, data))
+                    unsafe {
+                        convert_ioctl_res!($crate::libc::ioctl(fd, request_code_write!($ioty, $nr, ::std::mem::size_of::<$crate::libc::c_int>()) as $crate::sys::ioctl::ioctl_num_type, data))
+                    }
                 }
             )
         }
@@ -616,7 +636,9 @@ macro_rules! ioctl_write_int_bad {
         pub unsafe fn $name(fd: $crate::libc::c_int,
                             data: $crate::libc::c_int)
                             -> $crate::Result<$crate::libc::c_int> {
-            convert_ioctl_res!($crate::libc::ioctl(fd, $nr as $crate::sys::ioctl::ioctl_num_type, data))
+            unsafe {
+                convert_ioctl_res!($crate::libc::ioctl(fd, $nr as $crate::sys::ioctl::ioctl_num_type, data))
+            }
         }
     )
 }
@@ -653,7 +675,9 @@ macro_rules! ioctl_readwrite {
         pub unsafe fn $name(fd: $crate::libc::c_int,
                             data: *mut $ty)
                             -> $crate::Result<$crate::libc::c_int> {
-            convert_ioctl_res!($crate::libc::ioctl(fd, request_code_readwrite!($ioty, $nr, ::std::mem::size_of::<$ty>()) as $crate::sys::ioctl::ioctl_num_type, data))
+            unsafe {
+                convert_ioctl_res!($crate::libc::ioctl(fd, request_code_readwrite!($ioty, $nr, ::std::mem::size_of::<$ty>()) as $crate::sys::ioctl::ioctl_num_type, data))
+            }
         }
     )
 }
@@ -681,7 +705,9 @@ macro_rules! ioctl_readwrite_bad {
         pub unsafe fn $name(fd: $crate::libc::c_int,
                             data: *mut $ty)
                             -> $crate::Result<$crate::libc::c_int> {
-            convert_ioctl_res!($crate::libc::ioctl(fd, $nr as $crate::sys::ioctl::ioctl_num_type, data))
+            unsafe {
+                convert_ioctl_res!($crate::libc::ioctl(fd, $nr as $crate::sys::ioctl::ioctl_num_type, data))
+            }
         }
     )
 }
@@ -710,7 +736,9 @@ macro_rules! ioctl_read_buf {
         pub unsafe fn $name(fd: $crate::libc::c_int,
                             data: &mut [$ty])
                             -> $crate::Result<$crate::libc::c_int> {
-            convert_ioctl_res!($crate::libc::ioctl(fd, request_code_read!($ioty, $nr, ::std::mem::size_of_val(data)) as $crate::sys::ioctl::ioctl_num_type, data.as_mut_ptr()))
+            unsafe {
+                convert_ioctl_res!($crate::libc::ioctl(fd, request_code_read!($ioty, $nr, ::std::mem::size_of_val(data)) as $crate::sys::ioctl::ioctl_num_type, data.as_mut_ptr()))
+            }
         }
     )
 }
@@ -749,7 +777,9 @@ macro_rules! ioctl_write_buf {
         pub unsafe fn $name(fd: $crate::libc::c_int,
                             data: &[$ty])
                             -> $crate::Result<$crate::libc::c_int> {
-            convert_ioctl_res!($crate::libc::ioctl(fd, request_code_write!($ioty, $nr, ::std::mem::size_of_val(data)) as $crate::sys::ioctl::ioctl_num_type, data.as_ptr()))
+            unsafe {
+                convert_ioctl_res!($crate::libc::ioctl(fd, request_code_write!($ioty, $nr, ::std::mem::size_of_val(data)) as $crate::sys::ioctl::ioctl_num_type, data.as_ptr()))
+            }
         }
     )
 }
@@ -778,7 +808,9 @@ macro_rules! ioctl_readwrite_buf {
         pub unsafe fn $name(fd: $crate::libc::c_int,
                             data: &mut [$ty])
                             -> $crate::Result<$crate::libc::c_int> {
-            convert_ioctl_res!($crate::libc::ioctl(fd, request_code_readwrite!($ioty, $nr, ::std::mem::size_of_val(data)) as $crate::sys::ioctl::ioctl_num_type, data.as_mut_ptr()))
+            unsafe {
+                convert_ioctl_res!($crate::libc::ioctl(fd, request_code_readwrite!($ioty, $nr, ::std::mem::size_of_val(data)) as $crate::sys::ioctl::ioctl_num_type, data.as_mut_ptr()))
+            }
         }
     )
 }
diff --git a/src/sys/mman.rs b/src/sys/mman.rs
index 4230014e8e..289bdda942 100644
--- a/src/sys/mman.rs
+++ b/src/sys/mman.rs
@@ -8,8 +8,11 @@ use crate::Result;
 #[cfg(feature = "fs")]
 use crate::{fcntl::OFlag, sys::stat::Mode};
 use libc::{self, c_int, c_void, off_t, size_t};
-use std::{num::NonZeroUsize, os::unix::io::{AsRawFd, AsFd}};
 use std::ptr::NonNull;
+use std::{
+    num::NonZeroUsize,
+    os::unix::io::{AsFd, AsRawFd},
+};
 
 libc_bitflags! {
     /// Desired memory protection of a memory mapping.
@@ -170,7 +173,9 @@ impl MapFlags {
     // will be released
     #[cfg(target_os = "linux")]
     #[cfg_attr(docsrs, doc(cfg(all())))]
-    pub fn map_hugetlb_with_size_log2(huge_page_size_log2: u32) -> Option<Self> {
+    pub fn map_hugetlb_with_size_log2(
+        huge_page_size_log2: u32,
+    ) -> Option<Self> {
         if (16..=63).contains(&huge_page_size_log2) {
             let flag = libc::MAP_HUGETLB
                 | (huge_page_size_log2 << libc::MAP_HUGE_SHIFT) as i32;
@@ -341,7 +346,7 @@ libc_bitflags! {
 ///
 /// [`mlock(2)`]: https://man7.org/linux/man-pages/man2/mlock.2.html
 pub unsafe fn mlock(addr: NonNull<c_void>, length: size_t) -> Result<()> {
-    Errno::result(libc::mlock(addr.as_ptr(), length)).map(drop)
+    unsafe { Errno::result(libc::mlock(addr.as_ptr(), length)).map(drop) }
 }
 
 /// Unlocks all memory pages that contain part of the address range with
@@ -354,7 +359,7 @@ pub unsafe fn mlock(addr: NonNull<c_void>, length: size_t) -> Result<()> {
 ///
 /// [`munlock(2)`]: https://man7.org/linux/man-pages/man2/munlock.2.html
 pub unsafe fn munlock(addr: NonNull<c_void>, length: size_t) -> Result<()> {
-    Errno::result(libc::munlock(addr.as_ptr(), length)).map(drop)
+    unsafe { Errno::result(libc::munlock(addr.as_ptr(), length)).map(drop) }
 }
 
 /// Locks all memory pages mapped into this process' address space.
@@ -397,17 +402,17 @@ pub unsafe fn mmap<F: AsFd>(
     let ptr = addr.map_or(std::ptr::null_mut(), |a| a.get() as *mut c_void);
 
     let fd = f.as_fd().as_raw_fd();
-    let ret =
-        libc::mmap(ptr, length.into(), prot.bits(), flags.bits(), fd, offset);
+    let ret = unsafe {
+        libc::mmap(ptr, length.into(), prot.bits(), flags.bits(), fd, offset)
+    };
 
     if ret == libc::MAP_FAILED {
         Err(Errno::last())
-    }
-    else {
+    } else {
         // SAFETY: `libc::mmap` returns a valid non-null pointer or `libc::MAP_FAILED`, thus `ret`
         // will be non-null here.
         Ok(unsafe { NonNull::new_unchecked(ret) })
-    } 
+    }
 }
 
 /// Create an anonymous memory mapping.
@@ -429,7 +434,9 @@ pub unsafe fn mmap_anonymous(
     let ptr = addr.map_or(std::ptr::null_mut(), |a| a.get() as *mut c_void);
 
     let flags = MapFlags::MAP_ANONYMOUS | flags;
-    let ret = libc::mmap(ptr, length.into(), prot.bits(), flags.bits(), -1, 0);
+    let ret = unsafe {
+        libc::mmap(ptr, length.into(), prot.bits(), flags.bits(), -1, 0)
+    };
 
     if ret == libc::MAP_FAILED {
         Err(Errno::last())
@@ -456,21 +463,29 @@ pub unsafe fn mremap(
     new_address: Option<NonNull<c_void>>,
 ) -> Result<NonNull<c_void>> {
     #[cfg(target_os = "linux")]
-    let ret = libc::mremap(
-        addr.as_ptr(),
-        old_size,
-        new_size,
-        flags.bits(),
-        new_address.map(NonNull::as_ptr).unwrap_or(std::ptr::null_mut()),
-    );
+    let ret = unsafe {
+        libc::mremap(
+            addr.as_ptr(),
+            old_size,
+            new_size,
+            flags.bits(),
+            new_address
+                .map(NonNull::as_ptr)
+                .unwrap_or(std::ptr::null_mut()),
+        )
+    };
     #[cfg(target_os = "netbsd")]
-    let ret = libc::mremap(
-        addr.as_ptr(),
-        old_size,
-        new_address.map(NonNull::as_ptr).unwrap_or(std::ptr::null_mut()),
-        new_size,
-        flags.bits(),
-    );
+    let ret = unsafe {
+        libc::mremap(
+            addr.as_ptr(),
+            old_size,
+            new_address
+                .map(NonNull::as_ptr)
+                .unwrap_or(std::ptr::null_mut()),
+            new_size,
+            flags.bits(),
+        )
+    };
 
     if ret == libc::MAP_FAILED {
         Err(Errno::last())
@@ -490,7 +505,7 @@ pub unsafe fn mremap(
 ///
 /// [`munmap(2)`]: https://man7.org/linux/man-pages/man2/munmap.2.html
 pub unsafe fn munmap(addr: NonNull<c_void>, len: size_t) -> Result<()> {
-    Errno::result(libc::munmap(addr.as_ptr(), len)).map(drop)
+    unsafe { Errno::result(libc::munmap(addr.as_ptr(), len)).map(drop) }
 }
 
 /// give advice about use of memory
@@ -506,7 +521,10 @@ pub unsafe fn madvise(
     length: size_t,
     advise: MmapAdvise,
 ) -> Result<()> {
-    Errno::result(libc::madvise(addr.as_ptr(), length, advise as i32)).map(drop)
+    unsafe {
+        Errno::result(libc::madvise(addr.as_ptr(), length, advise as i32))
+            .map(drop)
+    }
 }
 
 /// Set protection of memory mapping.
@@ -541,7 +559,10 @@ pub unsafe fn mprotect(
     length: size_t,
     prot: ProtFlags,
 ) -> Result<()> {
-    Errno::result(libc::mprotect(addr.as_ptr(), length, prot.bits())).map(drop)
+    unsafe {
+        Errno::result(libc::mprotect(addr.as_ptr(), length, prot.bits()))
+            .map(drop)
+    }
 }
 
 /// synchronize a mapped region
@@ -557,7 +578,10 @@ pub unsafe fn msync(
     length: size_t,
     flags: MsFlags,
 ) -> Result<()> {
-    Errno::result(libc::msync(addr.as_ptr(), length, flags.bits())).map(drop)
+    unsafe {
+        Errno::result(libc::msync(addr.as_ptr(), length, flags.bits()))
+            .map(drop)
+    }
 }
 
 #[cfg(not(target_os = "android"))]
diff --git a/src/sys/ptrace/bsd.rs b/src/sys/ptrace/bsd.rs
index 4c382446f7..2945d5cdd1 100644
--- a/src/sys/ptrace/bsd.rs
+++ b/src/sys/ptrace/bsd.rs
@@ -61,13 +61,15 @@ unsafe fn ptrace_other(
     addr: AddressType,
     data: c_int,
 ) -> Result<c_int> {
-    Errno::result(libc::ptrace(
-        request as RequestType,
-        libc::pid_t::from(pid),
-        addr,
-        data,
-    ))
-    .map(|_| 0)
+    unsafe {
+        Errno::result(libc::ptrace(
+            request as RequestType,
+            libc::pid_t::from(pid),
+            addr,
+            data,
+        ))
+            .map(|_| 0)
+    }
 }
 
 /// Sets the process as traceable, as with `ptrace(PT_TRACEME, ...)`
diff --git a/src/sys/ptrace/linux.rs b/src/sys/ptrace/linux.rs
index f1ada80c27..26544e134b 100644
--- a/src/sys/ptrace/linux.rs
+++ b/src/sys/ptrace/linux.rs
@@ -278,13 +278,15 @@ unsafe fn ptrace_other(
     addr: AddressType,
     data: *mut c_void,
 ) -> Result<c_long> {
-    Errno::result(libc::ptrace(
-        request as RequestType,
-        libc::pid_t::from(pid),
-        addr,
-        data,
-    ))
-    .map(|_| 0)
+    unsafe {
+        Errno::result(libc::ptrace(
+            request as RequestType,
+            libc::pid_t::from(pid),
+            addr,
+            data,
+        ))
+        .map(|_| 0)
+    }
 }
 
 /// Set options, as with `ptrace(PTRACE_SETOPTIONS, ...)`.
@@ -551,7 +553,7 @@ pub unsafe fn write(
     addr: AddressType,
     data: *mut c_void,
 ) -> Result<()> {
-    ptrace_other(Request::PTRACE_POKEDATA, pid, addr, data).map(drop)
+    unsafe { ptrace_other(Request::PTRACE_POKEDATA, pid, addr, data).map(drop) }
 }
 
 /// Reads a word from a user area at `offset`, as with ptrace(PTRACE_PEEKUSER, ...).
@@ -572,5 +574,7 @@ pub unsafe fn write_user(
     offset: AddressType,
     data: *mut c_void,
 ) -> Result<()> {
-    ptrace_other(Request::PTRACE_POKEUSER, pid, offset, data).map(drop)
+    unsafe {
+        ptrace_other(Request::PTRACE_POKEUSER, pid, offset, data).map(drop)
+    }
 }
diff --git a/src/sys/signal.rs b/src/sys/signal.rs
index d9f2e7bc4a..3250539969 100644
--- a/src/sys/signal.rs
+++ b/src/sys/signal.rs
@@ -757,23 +757,27 @@ impl SigAction {
     pub fn new(handler: SigHandler, flags: SaFlags, mask: SigSet) -> SigAction {
         #[cfg(not(target_os = "aix"))]
         unsafe fn install_sig(p: *mut libc::sigaction, handler: SigHandler) {
-            (*p).sa_sigaction = match handler {
-                SigHandler::SigDfl => libc::SIG_DFL,
-                SigHandler::SigIgn => libc::SIG_IGN,
-                SigHandler::Handler(f) => f as *const extern fn(libc::c_int) as usize,
-                #[cfg(not(target_os = "redox"))]
-                SigHandler::SigAction(f) => f as *const extern fn(libc::c_int, *mut libc::siginfo_t, *mut libc::c_void) as usize,
-            };
+            unsafe {
+                 (*p).sa_sigaction = match handler {
+                    SigHandler::SigDfl => libc::SIG_DFL,
+                    SigHandler::SigIgn => libc::SIG_IGN,
+                    SigHandler::Handler(f) => f as *const extern fn(libc::c_int) as usize,
+                    #[cfg(not(target_os = "redox"))]
+                    SigHandler::SigAction(f) => f as *const extern fn(libc::c_int, *mut libc::siginfo_t, *mut libc::c_void) as usize,
+                };
+            }
         }
 
         #[cfg(target_os = "aix")]
         unsafe fn install_sig(p: *mut libc::sigaction, handler: SigHandler) {
-            (*p).sa_union.__su_sigaction = match handler {
-                SigHandler::SigDfl => mem::transmute::<usize, extern "C" fn(libc::c_int, *mut libc::siginfo_t, *mut libc::c_void)>(libc::SIG_DFL),
-                SigHandler::SigIgn => mem::transmute::<usize, extern "C" fn(libc::c_int, *mut libc::siginfo_t, *mut libc::c_void)>(libc::SIG_IGN),
-                SigHandler::Handler(f) => mem::transmute::<extern "C" fn(i32), extern "C" fn(i32, *mut libc::siginfo_t, *mut libc::c_void)>(f),
-                SigHandler::SigAction(f) => f,
-            };
+            unsafe {
+                (*p).sa_union.__su_sigaction = match handler {
+                    SigHandler::SigDfl => unsafe { mem::transmute::<usize, extern "C" fn(libc::c_int, *mut libc::siginfo_t, *mut libc::c_void)>(libc::SIG_DFL) },
+                    SigHandler::SigIgn => unsafe { mem::transmute::<usize, extern "C" fn(libc::c_int, *mut libc::siginfo_t, *mut libc::c_void)>(libc::SIG_IGN) },
+                    SigHandler::Handler(f) => unsafe { mem::transmute::<extern "C" fn(i32), extern "C" fn(i32, *mut libc::siginfo_t, *mut libc::c_void)>(f) },
+                    SigHandler::SigAction(f) => f,
+                };
+            }
         }
 
         let mut s = mem::MaybeUninit::<libc::sigaction>::uninit();
@@ -878,11 +882,11 @@ impl SigAction {
 pub unsafe fn sigaction(signal: Signal, sigaction: &SigAction) -> Result<SigAction> {
     let mut oldact = mem::MaybeUninit::<libc::sigaction>::uninit();
 
-    let res = libc::sigaction(signal as libc::c_int,
+    let res = unsafe { libc::sigaction(signal as libc::c_int,
                               &sigaction.sigaction as *const libc::sigaction,
-                              oldact.as_mut_ptr());
+                              oldact.as_mut_ptr()) };
 
-    Errno::result(res).map(|_| SigAction { sigaction: oldact.assume_init() })
+    Errno::result(res).map(|_| SigAction { sigaction: unsafe { oldact.assume_init() } })
 }
 
 /// Signal management (see [signal(3p)](https://pubs.opengroup.org/onlinepubs/9699919799/functions/signal.html))
@@ -940,9 +944,9 @@ pub unsafe fn sigaction(signal: Signal, sigaction: &SigAction) -> Result<SigActi
 pub unsafe fn signal(signal: Signal, handler: SigHandler) -> Result<SigHandler> {
     let signal = signal as libc::c_int;
     let res = match handler {
-        SigHandler::SigDfl => libc::signal(signal, libc::SIG_DFL),
-        SigHandler::SigIgn => libc::signal(signal, libc::SIG_IGN),
-        SigHandler::Handler(handler) => libc::signal(signal, handler as libc::sighandler_t),
+        SigHandler::SigDfl => unsafe { libc::signal(signal, libc::SIG_DFL) },
+        SigHandler::SigIgn => unsafe { libc::signal(signal, libc::SIG_IGN) },
+        SigHandler::Handler(handler) => unsafe { libc::signal(signal, handler as libc::sighandler_t) },
         #[cfg(not(target_os = "redox"))]
         SigHandler::SigAction(_) => return Err(Errno::ENOTSUP),
     };
@@ -951,9 +955,7 @@ pub unsafe fn signal(signal: Signal, handler: SigHandler) -> Result<SigHandler>
             libc::SIG_DFL => SigHandler::SigDfl,
             libc::SIG_IGN => SigHandler::SigIgn,
             p => SigHandler::Handler(
-                *(&p as *const usize
-                     as *const extern fn(libc::c_int))
-                as extern fn(libc::c_int)),
+                unsafe { *(&p as *const usize as *const extern fn(libc::c_int)) } as extern fn(libc::c_int)),
         }
     })
 }
diff --git a/src/sys/socket/addr.rs b/src/sys/socket/addr.rs
index c896c63827..eb39d97f88 100644
--- a/src/sys/socket/addr.rs
+++ b/src/sys/socket/addr.rs
@@ -437,14 +437,17 @@ impl<'a> UnixAddrKind<'a> {
         }
         #[cfg(any(target_os = "android", target_os = "linux"))]
         if sun.sun_path[0] == 0 {
-            let name = slice::from_raw_parts(
-                sun.sun_path.as_ptr().add(1).cast(),
-                path_len - 1,
-            );
+            let name = unsafe {
+                slice::from_raw_parts(
+                    sun.sun_path.as_ptr().add(1).cast(),
+                    path_len - 1,
+                )
+            };
             return Self::Abstract(name);
         }
-        let pathname =
-            slice::from_raw_parts(sun.sun_path.as_ptr().cast(), path_len);
+        let pathname = unsafe {
+            slice::from_raw_parts(sun.sun_path.as_ptr().cast(), path_len)
+        };
         if pathname.last() == Some(&0) {
             // A trailing NUL is not considered part of the path, and it does
             // not need to be included in the addrlen passed to functions like
@@ -674,10 +677,10 @@ impl SockaddrLike for UnixAddr {
                 return None;
             }
         }
-        if (*addr).sa_family as i32 != libc::AF_UNIX {
+        if unsafe { (*addr).sa_family as i32 != libc::AF_UNIX } {
             return None;
         }
-        let mut su: libc::sockaddr_un = mem::zeroed();
+        let mut su: libc::sockaddr_un = unsafe { mem::zeroed() };
         let sup = &mut su as *mut libc::sockaddr_un as *mut u8;
         cfg_if! {
             if #[cfg(any(target_os = "android",
@@ -690,11 +693,11 @@ impl SockaddrLike for UnixAddr {
                     mem::size_of::<libc::sockaddr_un>() as libc::socklen_t
                 );
             } else {
-                let su_len = len.unwrap_or((*addr).sa_len as libc::socklen_t);
+                let su_len = unsafe { len.unwrap_or((*addr).sa_len as libc::socklen_t) };
             }
-        };
-        ptr::copy(addr as *const u8, sup, su_len as usize);
-        Some(Self::from_raw_parts(su, su_len as u8))
+        }
+        unsafe { ptr::copy(addr as *const u8, sup, su_len as usize) };
+        Some(unsafe { Self::from_raw_parts(su, su_len as u8) })
     }
 
     fn size() -> libc::socklen_t
@@ -996,10 +999,10 @@ impl SockaddrLike for SockaddrIn {
                 return None;
             }
         }
-        if (*addr).sa_family as i32 != libc::AF_INET {
+        if unsafe { (*addr).sa_family as i32 != libc::AF_INET } {
             return None;
         }
-        Some(Self(ptr::read_unaligned(addr as *const _)))
+        Some(Self(unsafe { ptr::read_unaligned(addr as *const _) }))
     }
 }
 
@@ -1125,10 +1128,10 @@ impl SockaddrLike for SockaddrIn6 {
                 return None;
             }
         }
-        if (*addr).sa_family as i32 != libc::AF_INET6 {
+        if unsafe { (*addr).sa_family as i32 != libc::AF_INET6 } {
             return None;
         }
-        Some(Self(ptr::read_unaligned(addr as *const _)))
+        Some(Self(unsafe { ptr::read_unaligned(addr as *const _) }))
     }
 }
 
@@ -1264,9 +1267,9 @@ impl SockaddrLike for SockaddrStorage {
             {
                 None
             } else {
-                let mut ss: libc::sockaddr_storage = mem::zeroed();
+                let mut ss: libc::sockaddr_storage = unsafe { mem::zeroed() };
                 let ssp = &mut ss as *mut libc::sockaddr_storage as *mut u8;
-                ptr::copy(addr as *const u8, ssp, len as usize);
+                unsafe { ptr::copy(addr as *const u8, ssp, len as usize) };
                 #[cfg(any(
                     target_os = "android",
                     target_os = "fuchsia",
@@ -1276,9 +1279,11 @@ impl SockaddrLike for SockaddrStorage {
                 if i32::from(ss.ss_family) == libc::AF_UNIX {
                     // Safe because we UnixAddr is strictly smaller than
                     // SockaddrStorage, and we just initialized the structure.
-                    (*(&mut ss as *mut libc::sockaddr_storage
-                        as *mut UnixAddr))
-                        .sun_len = len as u8;
+                    unsafe {
+                        (*(&mut ss as *mut libc::sockaddr_storage
+                            as *mut UnixAddr))
+                            .sun_len = len as u8;
+                    }
                 }
                 Some(Self { ss })
             }
@@ -1286,19 +1291,19 @@ impl SockaddrLike for SockaddrStorage {
             // If length is not available and addr is of a fixed-length type,
             // copy it.  If addr is of a variable length type and len is not
             // available, then there's nothing we can do.
-            match (*addr).sa_family as i32 {
+            match unsafe { (*addr).sa_family as i32 } {
                 #[cfg(any(target_os = "android", target_os = "linux"))]
-                libc::AF_ALG => {
+                libc::AF_ALG => unsafe {
                     AlgAddr::from_raw(addr, l).map(|alg| Self { alg })
-                }
+                },
                 #[cfg(feature = "net")]
-                libc::AF_INET => {
+                libc::AF_INET => unsafe {
                     SockaddrIn::from_raw(addr, l).map(|sin| Self { sin })
-                }
+                },
                 #[cfg(feature = "net")]
-                libc::AF_INET6 => {
+                libc::AF_INET6 => unsafe {
                     SockaddrIn6::from_raw(addr, l).map(|sin6| Self { sin6 })
-                }
+                },
                 #[cfg(any(
                     target_os = "dragonfly",
                     target_os = "freebsd",
@@ -1309,34 +1314,30 @@ impl SockaddrLike for SockaddrStorage {
                     target_os = "openbsd"
                 ))]
                 #[cfg(feature = "net")]
-                libc::AF_LINK => {
+                libc::AF_LINK => unsafe {
                     LinkAddr::from_raw(addr, l).map(|dl| Self { dl })
                 }
                 #[cfg(any(target_os = "android", target_os = "linux"))]
-                libc::AF_NETLINK => {
+                libc::AF_NETLINK => unsafe {
                     NetlinkAddr::from_raw(addr, l).map(|nl| Self { nl })
-                }
+                },
                 #[cfg(any(
                     target_os = "android",
                     target_os = "fuchsia",
                     target_os = "linux"
                 ))]
                 #[cfg(feature = "net")]
-                libc::AF_PACKET => {
+                libc::AF_PACKET => unsafe {
                     LinkAddr::from_raw(addr, l).map(|dl| Self { dl })
                 }
                 #[cfg(all(feature = "ioctl", apple_targets))]
-                libc::AF_SYSTEM => {
+                libc::AF_SYSTEM => unsafe {
                     SysControlAddr::from_raw(addr, l).map(|sctl| Self { sctl })
                 }
-                #[cfg(any(
-                    target_os = "android",
-                    target_os = "linux",
-                    target_os = "macos"
-                ))]
-                libc::AF_VSOCK => {
+                #[cfg(any(target_os = "android", target_os = "linux", target_os = "macos" ))]
+                libc::AF_VSOCK => unsafe {
                     VsockAddr::from_raw(addr, l).map(|vsock| Self { vsock })
-                }
+                },
                 _ => None,
             }
         }
@@ -1362,7 +1363,7 @@ impl SockaddrLike for SockaddrStorage {
         new_length: usize,
     ) -> std::result::Result<(), SocketAddressLengthNotDynamic> {
         match self.as_unix_addr_mut() {
-            Some(addr) => addr.set_length(new_length),
+            Some(addr) => unsafe { addr.set_length(new_length) },
             None => Err(SocketAddressLengthNotDynamic),
         }
     }
@@ -1764,10 +1765,10 @@ pub mod netlink {
                     return None;
                 }
             }
-            if (*addr).sa_family as i32 != libc::AF_NETLINK {
+            if unsafe { (*addr).sa_family as i32 != libc::AF_NETLINK } {
                 return None;
             }
-            Some(Self(ptr::read_unaligned(addr as *const _)))
+            Some(Self(unsafe { ptr::read_unaligned(addr as *const _) }))
         }
     }
 
@@ -1812,10 +1813,10 @@ pub mod alg {
                     return None;
                 }
             }
-            if (*addr).sa_family as i32 != libc::AF_ALG {
+            if unsafe { (*addr).sa_family as i32 != libc::AF_ALG } {
                 return None;
             }
-            Some(Self(ptr::read_unaligned(addr as *const _)))
+            Some(Self(unsafe { ptr::read_unaligned(addr as *const _) }))
         }
     }
 
@@ -1948,10 +1949,10 @@ pub mod sys_control {
                     return None;
                 }
             }
-            if (*addr).sa_family as i32 != libc::AF_SYSTEM {
+            if unsafe { (*addr).sa_family as i32 != libc::AF_SYSTEM } {
                 return None;
             }
-            Some(Self(ptr::read_unaligned(addr as *const _)))
+            Some(Self(unsafe { ptr::read_unaligned(addr as *const _) } ))
         }
     }
 
@@ -2089,10 +2090,10 @@ mod datalink {
                     return None;
                 }
             }
-            if (*addr).sa_family as i32 != libc::AF_PACKET {
+            if unsafe { (*addr).sa_family as i32 != libc::AF_PACKET } {
                 return None;
             }
-            Some(Self(ptr::read_unaligned(addr as *const _)))
+            Some(Self(unsafe { ptr::read_unaligned(addr as *const _) }))
         }
     }
 
@@ -2212,10 +2213,10 @@ mod datalink {
                     return None;
                 }
             }
-            if (*addr).sa_family as i32 != libc::AF_LINK {
+            if unsafe { (*addr).sa_family as i32 != libc::AF_LINK } {
                 return None;
             }
-            Some(Self(ptr::read_unaligned(addr as *const _)))
+            Some(Self(unsafe { ptr::read_unaligned(addr as *const _) }))
         }
     }
 
@@ -2258,10 +2259,10 @@ pub mod vsock {
                     return None;
                 }
             }
-            if (*addr).sa_family as i32 != libc::AF_VSOCK {
+            if unsafe { (*addr).sa_family as i32 != libc::AF_VSOCK } {
                 return None;
             }
-            Some(Self(ptr::read_unaligned(addr as *const _)))
+            unsafe { Some(Self(ptr::read_unaligned(addr as *const _))) }
         }
     }
 
diff --git a/src/sys/socket/mod.rs b/src/sys/socket/mod.rs
index 5a3134956b..76e09641c0 100644
--- a/src/sys/socket/mod.rs
+++ b/src/sys/socket/mod.rs
@@ -889,7 +889,7 @@ impl ControlMessageOwned {
     #[allow(clippy::cast_ptr_alignment)]
     unsafe fn decode_from(header: &cmsghdr) -> ControlMessageOwned
     {
-        let p = CMSG_DATA(header);
+        let p = unsafe { CMSG_DATA(header) };
         // The cast is not unnecessary on all platforms.
         #[allow(clippy::unnecessary_cast)]
         let len = header as *const _ as usize + header.cmsg_len as usize
@@ -899,39 +899,41 @@ impl ControlMessageOwned {
                 let n = len / mem::size_of::<RawFd>();
                 let mut fds = Vec::with_capacity(n);
                 for i in 0..n {
-                    let fdp = (p as *const RawFd).add(i);
-                    fds.push(ptr::read_unaligned(fdp));
+                    unsafe {
+                        let fdp = (p as *const RawFd).add(i);
+                        fds.push(ptr::read_unaligned(fdp));
+                    }
                 }
                 ControlMessageOwned::ScmRights(fds)
             },
             #[cfg(any(target_os = "android", target_os = "linux"))]
             (libc::SOL_SOCKET, libc::SCM_CREDENTIALS) => {
-                let cred: libc::ucred = ptr::read_unaligned(p as *const _);
+                let cred: libc::ucred = unsafe { ptr::read_unaligned(p as *const _) };
                 ControlMessageOwned::ScmCredentials(cred.into())
             }
             #[cfg(any(target_os = "freebsd", target_os = "dragonfly"))]
             (libc::SOL_SOCKET, libc::SCM_CREDS) => {
-                let cred: libc::cmsgcred = ptr::read_unaligned(p as *const _);
+                let cred: libc::cmsgcred = unsafe { ptr::read_unaligned(p as *const _) };
                 ControlMessageOwned::ScmCreds(cred.into())
             }
             #[cfg(not(any(target_os = "aix", target_os = "haiku")))]
             (libc::SOL_SOCKET, libc::SCM_TIMESTAMP) => {
-                let tv: libc::timeval = ptr::read_unaligned(p as *const _);
+                let tv: libc::timeval = unsafe { ptr::read_unaligned(p as *const _) };
                 ControlMessageOwned::ScmTimestamp(TimeVal::from(tv))
             },
             #[cfg(any(target_os = "android", target_os = "linux"))]
             (libc::SOL_SOCKET, libc::SCM_TIMESTAMPNS) => {
-                let ts: libc::timespec = ptr::read_unaligned(p as *const _);
+                let ts: libc::timespec = unsafe { ptr::read_unaligned(p as *const _) };
                 ControlMessageOwned::ScmTimestampns(TimeSpec::from(ts))
             }
             #[cfg(any(target_os = "android", target_os = "linux"))]
             (libc::SOL_SOCKET, libc::SCM_TIMESTAMPING) => {
                 let tp = p as *const libc::timespec;
-                let ts: libc::timespec = ptr::read_unaligned(tp);
+                let ts: libc::timespec = unsafe { ptr::read_unaligned(tp) };
                 let system = TimeSpec::from(ts);
-                let ts: libc::timespec = ptr::read_unaligned(tp.add(1));
+                let ts: libc::timespec = unsafe { ptr::read_unaligned(tp.add(1)) };
                 let hw_trans = TimeSpec::from(ts);
-                let ts: libc::timespec = ptr::read_unaligned(tp.add(2));
+                let ts: libc::timespec = unsafe { ptr::read_unaligned(tp.add(2)) };
                 let hw_raw = TimeSpec::from(ts);
                 let timestamping = Timestamps { system, hw_trans, hw_raw };
                 ControlMessageOwned::ScmTimestampsns(timestamping)
@@ -944,7 +946,7 @@ impl ControlMessageOwned {
             ))]
             #[cfg(feature = "net")]
             (libc::IPPROTO_IPV6, libc::IPV6_PKTINFO) => {
-                let info = ptr::read_unaligned(p as *const libc::in6_pktinfo);
+                let info = unsafe { ptr::read_unaligned(p as *const libc::in6_pktinfo) };
                 ControlMessageOwned::Ipv6PacketInfo(info)
             }
             #[cfg(any(
@@ -955,7 +957,7 @@ impl ControlMessageOwned {
             ))]
             #[cfg(feature = "net")]
             (libc::IPPROTO_IP, libc::IP_PKTINFO) => {
-                let info = ptr::read_unaligned(p as *const libc::in_pktinfo);
+                let info = unsafe { ptr::read_unaligned(p as *const libc::in_pktinfo) };
                 ControlMessageOwned::Ipv4PacketInfo(info)
             }
             #[cfg(any(
@@ -966,7 +968,7 @@ impl ControlMessageOwned {
             ))]
             #[cfg(feature = "net")]
             (libc::IPPROTO_IP, libc::IP_RECVIF) => {
-                let dl = ptr::read_unaligned(p as *const libc::sockaddr_dl);
+                let dl = unsafe { ptr::read_unaligned(p as *const libc::sockaddr_dl) };
                 ControlMessageOwned::Ipv4RecvIf(dl)
             },
             #[cfg(any(
@@ -977,51 +979,51 @@ impl ControlMessageOwned {
             ))]
             #[cfg(feature = "net")]
             (libc::IPPROTO_IP, libc::IP_RECVDSTADDR) => {
-                let dl = ptr::read_unaligned(p as *const libc::in_addr);
+                let dl = unsafe { ptr::read_unaligned(p as *const libc::in_addr) };
                 ControlMessageOwned::Ipv4RecvDstAddr(dl)
             },
             #[cfg(any(target_os = "android", target_os = "freebsd", target_os = "linux"))]
             #[cfg(feature = "net")]
             (libc::IPPROTO_IP, libc::IP_ORIGDSTADDR) => {
-                let dl = ptr::read_unaligned(p as *const libc::sockaddr_in);
+                let dl = unsafe { ptr::read_unaligned(p as *const libc::sockaddr_in) };
                 ControlMessageOwned::Ipv4OrigDstAddr(dl)
             },
             #[cfg(target_os = "linux")]
             #[cfg(feature = "net")]
             (libc::SOL_UDP, libc::UDP_GRO) => {
-                let gso_size: u16 = ptr::read_unaligned(p as *const _);
+                let gso_size: u16 = unsafe { ptr::read_unaligned(p as *const _) };
                 ControlMessageOwned::UdpGroSegments(gso_size)
             },
             #[cfg(any(target_os = "android", target_os = "fuchsia", target_os = "linux"))]
             (libc::SOL_SOCKET, libc::SO_RXQ_OVFL) => {
-                let drop_counter = ptr::read_unaligned(p as *const u32);
+                let drop_counter = unsafe { ptr::read_unaligned(p as *const u32) };
                 ControlMessageOwned::RxqOvfl(drop_counter)
             },
             #[cfg(any(target_os = "android", target_os = "linux"))]
             #[cfg(feature = "net")]
             (libc::IPPROTO_IP, libc::IP_RECVERR) => {
-                let (err, addr) = Self::recv_err_helper::<sockaddr_in>(p, len);
+                let (err, addr) = unsafe { Self::recv_err_helper::<sockaddr_in>(p, len) };
                 ControlMessageOwned::Ipv4RecvErr(err, addr)
             },
             #[cfg(any(target_os = "android", target_os = "linux"))]
             #[cfg(feature = "net")]
             (libc::IPPROTO_IPV6, libc::IPV6_RECVERR) => {
-                let (err, addr) = Self::recv_err_helper::<sockaddr_in6>(p, len);
+                let (err, addr) = unsafe { Self::recv_err_helper::<sockaddr_in6>(p, len) };
                 ControlMessageOwned::Ipv6RecvErr(err, addr)
             },
             #[cfg(any(target_os = "android", target_os = "freebsd", target_os = "linux"))]
             #[cfg(feature = "net")]
             (libc::IPPROTO_IPV6, libc::IPV6_ORIGDSTADDR) => {
-                let dl = ptr::read_unaligned(p as *const libc::sockaddr_in6);
+                let dl = unsafe { ptr::read_unaligned(p as *const libc::sockaddr_in6) };
                 ControlMessageOwned::Ipv6OrigDstAddr(dl)
             },
             #[cfg(any(target_os = "linux"))]
             (libc::SOL_TLS, libc::TLS_GET_RECORD_TYPE) => {
-                let content_type = ptr::read_unaligned(p as *const u8);
+                let content_type = unsafe { ptr::read_unaligned(p as *const u8) };
                 ControlMessageOwned::TlsGetRecordType(content_type.into())
             },
             (_, _) => {
-                let sl = std::slice::from_raw_parts(p, len);
+                let sl = unsafe { std::slice::from_raw_parts(p, len) };
                 let ucmsg = UnknownCmsg(*header, Vec::<u8>::from(sl));
                 ControlMessageOwned::Unknown(ucmsg)
             }
@@ -1033,18 +1035,18 @@ impl ControlMessageOwned {
     #[allow(clippy::cast_ptr_alignment)]    // False positive
     unsafe fn recv_err_helper<T>(p: *mut libc::c_uchar, len: usize) -> (libc::sock_extended_err, Option<T>) {
         let ee = p as *const libc::sock_extended_err;
-        let err = ptr::read_unaligned(ee);
+        let err = unsafe { ptr::read_unaligned(ee) };
 
         // For errors originating on the network, SO_EE_OFFENDER(ee) points inside the p[..len]
         // CMSG_DATA buffer.  For local errors, there is no address included in the control
         // message, and SO_EE_OFFENDER(ee) points beyond the end of the buffer.  So, we need to
         // validate that the address object is in-bounds before we attempt to copy it.
-        let addrp = libc::SO_EE_OFFENDER(ee) as *const T;
+        let addrp = unsafe { libc::SO_EE_OFFENDER(ee) as *const T };
 
-        if addrp.offset(1) as usize - (p as usize) > len {
+        if unsafe { addrp.offset(1) } as usize - (p as usize) > len {
             (err, None)
         } else {
-            (err, Some(ptr::read_unaligned(addrp)))
+            (err, Some(unsafe { ptr::read_unaligned(addrp) }))
         }
     }
 }
@@ -1482,10 +1484,12 @@ impl<'a> ControlMessage<'a> {
     // Unsafe: cmsg must point to a valid cmsghdr with enough space to
     // encode self.
     unsafe fn encode_into(&self, cmsg: *mut cmsghdr) {
-        (*cmsg).cmsg_level = self.cmsg_level();
-        (*cmsg).cmsg_type = self.cmsg_type();
-        (*cmsg).cmsg_len = self.cmsg_len();
-        self.copy_to_cmsg_data(CMSG_DATA(cmsg));
+        unsafe {
+            (*cmsg).cmsg_level = self.cmsg_level();
+            (*cmsg).cmsg_type = self.cmsg_type();
+            (*cmsg).cmsg_len = self.cmsg_len();
+            self.copy_to_cmsg_data( CMSG_DATA(cmsg) );
+        }
     }
 }
 
@@ -1993,19 +1997,23 @@ unsafe fn read_mhdr<'a, 'i, S>(
     // The cast is not unnecessary on all platforms.
     #[allow(clippy::unnecessary_cast)]
     let cmsghdr = {
-        if mhdr.msg_controllen > 0 {
+        let ptr = if mhdr.msg_controllen > 0 {
             debug_assert!(!mhdr.msg_control.is_null());
             debug_assert!(msg_controllen >= mhdr.msg_controllen as usize);
-            CMSG_FIRSTHDR(&mhdr as *const msghdr)
+            unsafe { CMSG_FIRSTHDR(&mhdr as *const msghdr) }
         } else {
             ptr::null()
-        }.as_ref()
+        };
+
+        unsafe {
+            ptr.as_ref()
+        }
     };
 
     // Ignore errors if this socket address has statically-known length
     //
     // This is to ensure that unix socket addresses have their length set appropriately.
-    let _ = address.set_length(mhdr.msg_namelen as usize);
+    let _ = unsafe { address.set_length(mhdr.msg_namelen as usize) };
 
     RecvMsg {
         bytes: r as usize,
@@ -2042,14 +2050,16 @@ unsafe fn pack_mhdr_to_receive<S>(
     // initialize it.
     let mut mhdr = mem::MaybeUninit::<msghdr>::zeroed();
     let p = mhdr.as_mut_ptr();
-    (*p).msg_name = address as *mut c_void;
-    (*p).msg_namelen = S::size();
-    (*p).msg_iov = iov_buffer as *mut iovec;
-    (*p).msg_iovlen = iov_buffer_len as _;
-    (*p).msg_control = cmsg_buffer as *mut c_void;
-    (*p).msg_controllen = cmsg_capacity as _;
-    (*p).msg_flags = 0;
-    mhdr.assume_init()
+    unsafe {
+        (*p).msg_name = address as *mut c_void;
+        (*p).msg_namelen = S::size();
+        (*p).msg_iov = iov_buffer as *mut iovec;
+        (*p).msg_iovlen = iov_buffer_len as _;
+        (*p).msg_control = cmsg_buffer as *mut c_void;
+        (*p).msg_controllen = cmsg_capacity as _;
+        (*p).msg_flags = 0;
+        mhdr.assume_init()
+    }
 }
 
 fn pack_mhdr_to_send<'a, I, C, S>(
diff --git a/src/sys/socket/sockopt.rs b/src/sys/socket/sockopt.rs
index 07a0ac4ed5..511babf8d8 100644
--- a/src/sys/socket/sockopt.rs
+++ b/src/sys/socket/sockopt.rs
@@ -1164,7 +1164,7 @@ impl<T> Get<T> for GetStruct<T> {
             mem::size_of::<T>(),
             "invalid getsockopt implementation"
         );
-        self.val.assume_init()
+        unsafe { self.val.assume_init() }
     }
 }
 
@@ -1215,7 +1215,7 @@ impl Get<bool> for GetBool {
             mem::size_of::<c_int>(),
             "invalid getsockopt implementation"
         );
-        self.val.assume_init() != 0
+        unsafe { self.val.assume_init() != 0 }
     }
 }
 
@@ -1268,7 +1268,7 @@ impl Get<u8> for GetU8 {
             mem::size_of::<u8>(),
             "invalid getsockopt implementation"
         );
-        self.val.assume_init()
+        unsafe { self.val.assume_init() }
     }
 }
 
@@ -1319,7 +1319,7 @@ impl Get<usize> for GetUsize {
             mem::size_of::<c_int>(),
             "invalid getsockopt implementation"
         );
-        self.val.assume_init() as usize
+        unsafe { self.val.assume_init() as usize }
     }
 }
 
@@ -1366,7 +1366,7 @@ impl<T: AsMut<[u8]>> Get<OsString> for GetOsString<T> {
 
     unsafe fn assume_init(self) -> OsString {
         let len = self.len as usize;
-        let mut v = self.val.assume_init();
+        let mut v = unsafe { self.val.assume_init() };
         OsStr::from_bytes(&v.as_mut()[0..len]).to_owned()
     }
 }
diff --git a/src/sys/timerfd.rs b/src/sys/timerfd.rs
index c4337c9dfa..68b06d6322 100644
--- a/src/sys/timerfd.rs
+++ b/src/sys/timerfd.rs
@@ -53,7 +53,7 @@ impl AsFd for TimerFd {
 impl FromRawFd for TimerFd {
     unsafe fn from_raw_fd(fd: RawFd) -> Self {
         TimerFd {
-            fd: OwnedFd::from_raw_fd(fd),
+            fd: unsafe { OwnedFd::from_raw_fd(fd) },
         }
     }
 }
diff --git a/src/sys/wait.rs b/src/sys/wait.rs
index c97dc45539..65940713c3 100644
--- a/src/sys/wait.rs
+++ b/src/sys/wait.rs
@@ -248,7 +248,7 @@ impl WaitStatus {
         all(target_os = "linux", not(target_env = "uclibc")),
     ))]
     unsafe fn from_siginfo(siginfo: &libc::siginfo_t) -> Result<WaitStatus> {
-        let si_pid = siginfo.si_pid();
+        let si_pid = unsafe { siginfo.si_pid() };
         if si_pid == 0 {
             return Ok(WaitStatus::StillAlive);
         }
@@ -256,7 +256,7 @@ impl WaitStatus {
         assert_eq!(siginfo.si_signo, libc::SIGCHLD);
 
         let pid = Pid::from_raw(si_pid);
-        let si_status = siginfo.si_status();
+        let si_status = unsafe { siginfo.si_status() };
 
         let status = match siginfo.si_code {
             libc::CLD_EXITED => WaitStatus::Exited(pid, si_status),
diff --git a/src/unistd.rs b/src/unistd.rs
index b3db3cfb83..1148eeb977 100644
--- a/src/unistd.rs
+++ b/src/unistd.rs
@@ -293,7 +293,7 @@ impl ForkResult {
 #[inline]
 pub unsafe fn fork() -> Result<ForkResult> {
     use self::ForkResult::*;
-    let res = libc::fork();
+    let res = unsafe { libc::fork() };
 
     Errno::result(res).map(|res| match res {
         0 => Child,
@@ -3508,7 +3508,7 @@ impl User {
                 } else {
                     // SAFETY: `f` guarantees that `pwd` is initialized if `res`
                     // is not null.
-                    let pwd = pwd.assume_init();
+                    let pwd = unsafe { pwd.assume_init() };
                     return Ok(Some(User::from(&pwd)));
                 }
             } else if Errno::last() == Errno::ERANGE {
@@ -3618,11 +3618,11 @@ impl Group {
         let mut ret = Vec::new();
 
         for i in 0.. {
-            let u = mem.offset(i);
-            if (*u).is_null() {
+            let u = unsafe { mem.offset(i) };
+            if unsafe { (*u).is_null() } {
                 break;
             } else {
-                let s = CStr::from_ptr(*u).to_string_lossy().into_owned();
+                let s = unsafe {CStr::from_ptr(*u).to_string_lossy().into_owned()};
                 ret.push(s);
             }
         }
@@ -3667,7 +3667,7 @@ impl Group {
                 } else {
                     // SAFETY: `f` guarantees that `grp` is initialized if `res`
                     // is not null.
-                    let grp = grp.assume_init();
+                    let grp = unsafe { grp.assume_init() };
                     return Ok(Some(Group::from(&grp)));
                 }
             } else if Errno::last() == Errno::ERANGE {