Re: [PATCH v3 3/3] rust: atomic: update a safety comment in impl of `fetch_add`

Next message: Peter Zijlstra: "Re: [PATCH] sched/core: Fix error pointer dereference"
Previous message: Gabor Juhos: "[PATCH] arm64: dts: marvell: armada-37xx: drop redundant status property"
In reply to: Andreas Hindborg: "[PATCH v3 3/3] rust: atomic: update a safety comment in impl of `fetch_add`"
Next in thread: Miguel Ojeda: "Re: [PATCH v3 3/3] rust: atomic: update a safety comment in impl of `fetch_add`"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alice Ryhl

Date: Fri Feb 20 2026 - 05:21:51 EST

On Fri, Feb 20, 2026 at 09:06:22AM +0100, Andreas Hindborg wrote:
> The safety comment used in the implementation of `fetch_add` could be read
> as just saying something it is true without justifying it. Update the
> safety comment to include justification.
>
> Signed-off-by: Andreas Hindborg <a.hindborg@xxxxxxxxxx>

Reviewed-by: Alice Ryhl <aliceryhl@xxxxxxxxxx>

> rust/kernel/sync/atomic/internal.rs | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/rust/kernel/sync/atomic/internal.rs b/rust/kernel/sync/atomic/internal.rs
> index a094f704be0ce..67745c44e710b 100644
> --- a/rust/kernel/sync/atomic/internal.rs
> +++ b/rust/kernel/sync/atomic/internal.rs
> @@ -258,7 +258,7 @@ fn add[](a: &AtomicRepr<Self>, v: Self::Delta) {
> /// Atomically updates `*a` to `(*a).wrapping_add(v)`, and returns the value of `*a`
> /// before the update.
> fn fetch_add[acquire, release, relaxed](a: &AtomicRepr<Self>, v: Self::Delta) -> Self {
> - // SAFETY: `a.as_ptr()` is valid and properly aligned.
> + // SAFETY: `a.as_ptr()` guarantees the returned pointer is valid and properly aligned.

Perhaps more natural wording is:

SAFETY: `a.as_ptr()` always returns a pointer that is valid and properly aligned.

Because I doubt `as_ptr()` documents these things explicitly. (To be
clear, I don't think as_ptr() needs to do so - that'd be really
verbose.)

Anyway, it's fine like this too.

Alice