Rust-for-Linux · wedsonaf · Oct 15, 2021 · Oct 15, 2021
diff --git a/rust/kernel/sync/guard.rs b/rust/kernel/sync/guard.rs
@@ -64,7 +64,12 @@ impl<'a, L: Lock + ?Sized> Guard<'a, L> {
 ///
 /// [`Guard`] is written such that any mutual exclusion primitive that can implement this trait can
 /// also benefit from having an automatic way to unlock itself.
-pub trait Lock {
+///
+/// # Safety
+///
+/// Implementers of this trait must ensure that only one thread/CPU may access the protected data
+/// once the lock is held, that is, between calls to `lock_noguard` and `unlock`.
+pub unsafe trait Lock {
     /// The type of the data protected by the lock.
     type Inner: ?Sized;
 

diff --git a/rust/kernel/sync/mutex.rs b/rust/kernel/sync/mutex.rs
@@ -77,7 +77,8 @@ impl<T: ?Sized> NeedsLockClass for Mutex<T> {
     }
 }
 
-impl<T: ?Sized> Lock for Mutex<T> {
+// SAFETY: The underlying kernel `struct mutex` object ensures mutual exclusion.
+unsafe impl<T: ?Sized> Lock for Mutex<T> {
     type Inner = T;
     type GuardContext = ();
 

diff --git a/rust/kernel/sync/spinlock.rs b/rust/kernel/sync/spinlock.rs
@@ -80,7 +80,8 @@ impl<T: ?Sized> NeedsLockClass for SpinLock<T> {
     }
 }
 
-impl<T: ?Sized> Lock for SpinLock<T> {
+// SAFETY: The underlying kernel `spinlock_t` object ensures mutual exclusion.
+unsafe impl<T: ?Sized> Lock for SpinLock<T> {
     type Inner = T;
     type GuardContext = ();