"Darrick J. Wong" <djwong@xxxxxxxxxx> writes:
[...]
>> > + /// Returns the super-block that owns the inode.
>> > + pub fn super_block(&self) -> &SuperBlock<T> {
>> > + // SAFETY: `i_sb` is immutable, and `self` is guaranteed to be valid by the existence of a
>> > + // shared reference (&self) to it.
>> > + unsafe { &*(*self.0.get()).i_sb.cast() }
>> > + }
>>
>> I think the safety comment should talk about the pointee rather than the
>> pointer? "The pointee of `i_sb` is immutable, and ..."
>
> inode::i_sb (the pointer) shouldn't be reassigned to a different
> superblock during the lifetime of the inode; but the superblock object
> itself (the pointee) is very much mutable.
Ah, I thought the comment was about why it is sound to create
`&SuperBlock`, but it is referring to why it is sound to read `i_sb`.
Perhaps the comment should state this? Perhaps it is also worth
mentioning why it is OK to construct a shared reference from this
pointer?
Best regards
Andreas
