Add a proper // SAFETY: comment for the unsafe pointer dereference in
rust_fmt_argument. The comment explains that the caller guarantees
the pointer validity, satisfying the Rust-for-Linux safety documentation
requirements.

Signed-off-by: Navaneeth K <knavaneeth786@gmail.com>
---
 rust/kernel/print.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rust/kernel/print.rs b/rust/kernel/print.rs
index 2d743d78d220..49fa87dfbce8 100644
--- a/rust/kernel/print.rs
+++ b/rust/kernel/print.rs
@@ -24,7 +24,7 @@
     use fmt::Write;
     // SAFETY: The C contract guarantees that `buf` is valid if it's less than `end`.
     let mut w = unsafe { RawFormatter::from_ptrs(buf.cast(), end.cast()) };
-    // SAFETY: TODO.
+    // SAFETY: The caller guarantees that `ptr` points to a valid `fmt::Arguments`.
     let _ = w.write_fmt(unsafe { *ptr.cast::<fmt::Arguments<'_>>() });
     w.pos().cast()
 }
-- 
2.43.0

On Sat, Nov 22, 2025 at 8:09 PM Navaneeth K <knavaneeth786@gmail.com> wrote:
>
> +    // SAFETY: The caller guarantees that `ptr` points to a valid `fmt::Arguments`.

Thanks for the patch!

The caller is indeed supposed to pass a proper `ptr`, but we should
actually require it, i.e. this line above:

    #[expect(clippy::missing_safety_doc)]

should be replaced with docs with a `# Safety` section that requires
it so that then we can apply the guarantee as you did in the `//
SAFETY:` doc.

Also, in addition to that parameter, we should double-check we put
enough safety preconditions on the other parameters. If we do that,
then we could also update the "C contract guarantees" safety comment
too to just refer to those.

(We could perhaps even mention in the C header that the safety
preconditions are written in the Rust docs for completeness.)

Cheers,
Miguel