[PATCH v13 3/4] rust: Add missing SAFETY documentation for `ARef` example

[Daniel Almeida]

> On 17 Nov 2025, at 07:08, Oliver Mangold <oliver.mangold at pm.me> wrote:
> 
> SAFETY comment in rustdoc example was just 'TODO'. Fixed.
> 
> Signed-off-by: Oliver Mangold <oliver.mangold at pm.me>
> Co-developed-by: Andreas Hindborg <a.hindborg at kernel.org>
> Signed-off-by: Andreas Hindborg <a.hindborg at kernel.org>
> ---
> rust/kernel/sync/aref.rs | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
> 
> diff --git a/rust/kernel/sync/aref.rs b/rust/kernel/sync/aref.rs
> index 4226119d5ac9..937dcf6ed5de 100644
> --- a/rust/kernel/sync/aref.rs
> +++ b/rust/kernel/sync/aref.rs
> @@ -129,12 +129,14 @@ pub unsafe fn from_raw(ptr: NonNull<T>) -> Self {
>     /// # Examples
>     ///
>     /// ```
> -    /// use core::ptr::NonNull;
> -    /// use kernel::sync::aref::{ARef, RefCounted};
> +    /// # use core::ptr::NonNull;
> +    /// # use kernel::sync::aref::{ARef, RefCounted};
>     ///
>     /// struct Empty {}
>     ///
> -    /// # // SAFETY: TODO.
> +    /// // SAFETY: The `RefCounted` implementation for `Empty` does not count references and
> +    /// // never frees the underlying object. Thus we can act as having a refcount on the object

nit: perhaps saying “an increment on the refcount” is clearer?

> +    /// // that we pass to the newly created `ARef`.
>     /// unsafe impl RefCounted for Empty {
>     ///     fn inc_ref(&self) {}
>     ///     unsafe fn dec_ref(_obj: NonNull<Self>) {}
> @@ -142,7 +144,7 @@ pub unsafe fn from_raw(ptr: NonNull<T>) -> Self {
>     ///
>     /// let mut data = Empty {};
>     /// let ptr = NonNull::<Empty>::new(&mut data).unwrap();
> -    /// # // SAFETY: TODO.
> +    /// // SAFETY: We keep `data` around longer than the `ARef`.
>     /// let data_ref: ARef<Empty> = unsafe { ARef::from_raw(ptr) };
>     /// let raw_ptr: NonNull<Empty> = ARef::into_raw(data_ref);
>     ///
> 
> -- 
> 2.51.2
> 
> 
> 

Reviewed-by: Daniel Almeida <daniel.almeida at collabora.com>