From d701e061cb14f589f8c4f48fd7fbe81c0e34b7e7 Mon Sep 17 00:00:00 2001 From: Alice Ryhl Date: Wed, 31 May 2023 14:59:37 +0000 Subject: [PATCH] rust: sync: reword the `Arc` safety comment for `Sync` The safety comment on `impl Sync for Arc` references the Send safety comment. This commit avoids that in case the two comments drift apart in the future. Suggested-by: Andreas Hindborg Signed-off-by: Alice Ryhl Reviewed-by: Andreas Hindborg Reviewed-by: Boqun Feng Reviewed-by: Martin Rodriguez Reboredo Reviewed-by: Benno Lossin Link: https://lore.kernel.org/r/20230531145939.3714886-3-aliceryhl@google.com Signed-off-by: Miguel Ojeda --- rust/kernel/sync/arc.rs | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs index a8c2177950cd..a89843cacaad 100644 --- a/rust/kernel/sync/arc.rs +++ b/rust/kernel/sync/arc.rs @@ -150,9 +150,11 @@ impl, U: ?Sized> core::ops::DispatchFromDyn> for Ar // mutable reference when the reference count reaches zero and `T` is dropped. unsafe impl Send for Arc {} -// SAFETY: It is safe to send `&Arc` to another thread when the underlying `T` is `Sync` for the -// same reason as above. `T` needs to be `Send` as well because a thread can clone an `&Arc` -// into an `Arc`, which may lead to `T` being accessed by the same reasoning as above. +// SAFETY: It is safe to send `&Arc` to another thread when the underlying `T` is `Sync` +// because it effectively means sharing `&T` (which is safe because `T` is `Sync`); additionally, +// it needs `T` to be `Send` because any thread that has a `&Arc` may clone it and get an +// `Arc` on that thread, so the thread may ultimately access `T` using a mutable reference when +// the reference count reaches zero and `T` is dropped. unsafe impl Sync for Arc {} impl Arc {