[PATCH] rust: print: add SAFETY comments to unsafe blocks

[Albab Hasan]

Replace the placeholder // SAFETY: TODO. comments with proper safety
descriptions for the two unsafe blocks in rust_fmt_argument and
call_printk.

For rust_fmt_argument the ptr parameter is provided by the %pA
format specifier handler in vsprintf that guarantees it points to a
valid properly aligned fmt::Arguments<'_> value. since
fmt::Arguments implements Copy the dereference is a bitwise
copy with no side effects.

For call_printk the safety depends on the functions documented
preconditions the format string is one of the fixed compile time
constants from format_strings and the module name is null terminated.
the arguments match the format specifiers (%s for module name %pA
for the fmt::Arguments pointer).

Signed-off-by: Albab Hasan <albabhasan276@xxxxxxxxx>
---
 rust/kernel/print.rs | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/rust/kernel/print.rs b/rust/kernel/print.rs
index 6fd84389a858..8e1029b0a0b4 100644
--- a/rust/kernel/print.rs
+++ b/rust/kernel/print.rs
@@ -29,7 +29,9 @@
     use fmt::Write;
     // SAFETY: The C contract guarantees that `buf` is valid if it's less than `end`.
     let mut w = unsafe { RawFormatter::from_ptrs(buf.cast(), end.cast()) };
-    // SAFETY: TODO.
+    // SAFETY: `ptr` is provided by the `%pA` format specifier in `vsprintf` which guarantees
+    // that it points to a valid, properly aligned `fmt::Arguments<'_>` value for the lifetime
+    // of this function call.
     let _ = w.write_fmt(unsafe { *ptr.cast::<fmt::Arguments<'_>>() });
     w.pos().cast()
 }
@@ -109,7 +111,10 @@ pub unsafe fn call_printk(
 ) {
     // `_printk` does not seem to fail in any path.
     #[cfg(CONFIG_PRINTK)]
-    // SAFETY: TODO.
+    // SAFETY: `format_string` is one of the fixed `format_strings::*` constants, which are
+    // valid null-terminated C format strings. `module_name` is guaranteed by the caller to be
+    // null-terminated. `&args` points to a valid `fmt::Arguments` on the stack, passed as
+    // `%pA` which `_printk` will forward to `rust_fmt_argument` for rendering.
     unsafe {
         bindings::_printk(
             format_string.as_ptr(),
-- 
2.43.0