On 10/18/23 14:25, Wedson Almeida Filho wrote:
+ /// Returns the super-block that owns the inode.
+ pub fn super_block(&self) -> &SuperBlock<T> {
+ // SAFETY: `i_sb` is immutable, and `self` is guaranteed to be valid by the existence of a
+ // shared reference (&self) to it.
+ unsafe { &*(*self.0.get()).i_sb.cast() }
+ }
This makes me a bit nervous. I had to look up whether this field was a
pointer to a superblock, or just a superblock embedded directly in
`struct inode`. It does look like it's correct as-is, but I'd feel more
confident about it if it doesn't use a cast to completely ignore the
type going in to the pointer cast.
Could you define a `from_raw` on `SuperBlock` and change this to:
unsafe { &*SuperBlock::from_raw((*self.0.get()).i_sb) }
or perhaps add a type annotation like this:
let i_sb: *mut super_block = unsafe { (*self.0.get()).i_sb };
i_sb.cast()
Alice
