diff --git a/block_backend/src/raw.rs b/block_backend/src/raw.rs
index d49578641b72eebabb14bb8f99e80d409babc724..60766ba0b110e54e114431862f00086499748c21 100644
--- a/block_backend/src/raw.rs
+++ b/block_backend/src/raw.rs
@@ -68,7 +68,7 @@ impl<T: Clone + 'static> RawDriver<T> {
             bail!("Failed to alloc memory for write.");
         }
 
-        // SAFETY: align_buf is valid and large enough.
+        // SAFETY: align_buf (sized `write_size`) is allocated successfully in `libc::memalign()`.
         let ret = unsafe {
             raw_write(
                 self.driver.file.as_raw_fd(),
diff --git a/devices/src/legacy/pflash.rs b/devices/src/legacy/pflash.rs
index 58e752f1d8ea824120d82a969b7879b66b28ca8f..009c9b29251d85ba7aeb93769d588b72fd47fc72 100644
--- a/devices/src/legacy/pflash.rs
+++ b/devices/src/legacy/pflash.rs
@@ -347,7 +347,7 @@ impl PFlash {
                 .with_context(|| "Failed to get host address.")
         }?;
         let ret =
-        // SAFETY: addr and size are valid.
+        // SAFETY: addr is in `RomDevice` region and addr/size has been checked.
         unsafe {
             libc::msync(
                 addr as *mut libc::c_void,
diff --git a/ozonec/src/linux/process.rs b/ozonec/src/linux/process.rs
index 1b7da254b723604a30daf9cd5c950e946eeb11bb..5e64be67e0e1c8f8a64ec0d0a79a829f8c2011d5 100644
--- a/ozonec/src/linux/process.rs
+++ b/ozonec/src/linux/process.rs
@@ -128,7 +128,7 @@ impl Process {
 
     pub fn set_scheduler(&self) -> Result<()> {
         if let Some(scheduler) = &self.oci.scheduler {
-            // SAFETY: FFI call with valid arguments.
+            // SAFETY: returns the struct `libc::sched_param` represented all-zero bytes. And its member will be initialized later.
             let mut param: libc::sched_param = unsafe { mem::zeroed() };
             param.sched_priority = scheduler.priority.unwrap_or_default();
             // SAFETY: FFI call with valid arguments.
diff --git a/ozonec/src/utils/mod.rs b/ozonec/src/utils/mod.rs
index 4e86fc35f5f65197816a8966230e0a38656bec98..ec3121d8acd00f92545899c74b1c20042f0b3bfc 100644
--- a/ozonec/src/utils/mod.rs
+++ b/ozonec/src/utils/mod.rs
@@ -50,7 +50,7 @@ bitflags::bitflags! {
 
 impl OpenHow {
     fn new() -> Self {
-        // SAFETY: FFI call with valid arguments.
+        // SAFETY: returns the struct `libc::open_how` represented all-zero bytes. And its member will be initialized later.
         unsafe { mem::zeroed() }
     }