From b660e01f9722e279f701f527fbef9a74dd2f286b Mon Sep 17 00:00:00 2001
From: liuxiangdong <liuxiangdong5@huawei.com>
Date: Mon, 11 Aug 2025 20:09:41 +0800
Subject: [PATCH] safety: modify some unsafe Safety notes

Modify some unsafe Safety notes in Ozonec/Pflash/Block_backend mod.

Signed-off-by: liuxiangdong <liuxiangdong5@huawei.com>
---
 block_backend/src/raw.rs     | 2 +-
 devices/src/legacy/pflash.rs | 2 +-
 ozonec/src/linux/process.rs  | 2 +-
 ozonec/src/utils/mod.rs      | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/block_backend/src/raw.rs b/block_backend/src/raw.rs
index d4957864..60766ba0 100644
--- a/block_backend/src/raw.rs
+++ b/block_backend/src/raw.rs
@@ -68,7 +68,7 @@ impl<T: Clone + 'static> RawDriver<T> {
             bail!("Failed to alloc memory for write.");
         }
 
-        // SAFETY: align_buf is valid and large enough.
+        // SAFETY: align_buf (sized `write_size`) is allocated successfully in `libc::memalign()`.
         let ret = unsafe {
             raw_write(
                 self.driver.file.as_raw_fd(),
diff --git a/devices/src/legacy/pflash.rs b/devices/src/legacy/pflash.rs
index 58e752f1..009c9b29 100644
--- a/devices/src/legacy/pflash.rs
+++ b/devices/src/legacy/pflash.rs
@@ -347,7 +347,7 @@ impl PFlash {
                 .with_context(|| "Failed to get host address.")
         }?;
         let ret =
-        // SAFETY: addr and size are valid.
+        // SAFETY: addr is in `RomDevice` region and addr/size has been checked.
         unsafe {
             libc::msync(
                 addr as *mut libc::c_void,
diff --git a/ozonec/src/linux/process.rs b/ozonec/src/linux/process.rs
index 1b7da254..5e64be67 100644
--- a/ozonec/src/linux/process.rs
+++ b/ozonec/src/linux/process.rs
@@ -128,7 +128,7 @@ impl Process {
 
     pub fn set_scheduler(&self) -> Result<()> {
         if let Some(scheduler) = &self.oci.scheduler {
-            // SAFETY: FFI call with valid arguments.
+            // SAFETY: returns the struct `libc::sched_param` represented all-zero bytes. And its member will be initialized later.
             let mut param: libc::sched_param = unsafe { mem::zeroed() };
             param.sched_priority = scheduler.priority.unwrap_or_default();
             // SAFETY: FFI call with valid arguments.
diff --git a/ozonec/src/utils/mod.rs b/ozonec/src/utils/mod.rs
index 4e86fc35..ec3121d8 100644
--- a/ozonec/src/utils/mod.rs
+++ b/ozonec/src/utils/mod.rs
@@ -50,7 +50,7 @@ bitflags::bitflags! {
 
 impl OpenHow {
     fn new() -> Self {
-        // SAFETY: FFI call with valid arguments.
+        // SAFETY: returns the struct `libc::open_how` represented all-zero bytes. And its member will be initialized later.
         unsafe { mem::zeroed() }
     }
 
-- 
Gitee