Claude review: rust: sync: Introduce LazyInit

[Claude Code Review Bot <claude-review@example.com>]

Patch Review

**Correctness: Sound overall.** The core design is correct. The lifetime extension, initialization synchronization, and reset semantics are all well-reasoned. Issues found are documentation/comment bugs, not logic bugs.

**Issue 1 — Contradictory doc comment on `init()` (bug):**

The doc comment says `Ok` is returned when already initialized, but the code returns `Err(AlreadyInit)`:

```rust
/// - `Ok(&T)` if the container was initialized successfully, or if it was already initialized
///   by another user.
/// - [`Err(LazyInitError::AlreadyInit)`](LazyInitError::AlreadyInit) if the container was
///   already initialized.
```

The first bullet includes "or if it was already initialized by another user" — this contradicts the third bullet and the actual code:

```rust
match do_init {
    true => Ok(ret),
    false => Err(LazyInitError::AlreadyInit(ret)),
}
```

The first bullet should read: `Ok(&T)` if the container was initialized successfully by this call.

**Issue 2 — Typo "conetents":**

```rust
/// multiple callers attempting to initialize at the same time will block until the conetents of the
```

Should be "contents".

**Issue 3 — "it's" vs "its":**

```rust
/// `T` must provide it's own synchronization by implementing `Send` + `Sync`.
```

Should be "its own synchronization" (possessive, not contraction).

**Issue 4 — SAFETY comment references "lifetime of A":**

```rust
/// - We're guaranteed via `Inner`'s type invariants that so long as immutable references to
///   self exist, `data` cannot be uninitialized - ensuring it lives throughout the lifetime
///   of A.
```

Should be "lifetime of `'a`" — referring to the generic lifetime parameter.

**Issue 5 — `reset()` correctness is subtle but sound:**

```rust
pub fn reset(self: Pin<&mut Self>) -> bool {
    let inner = self.project().inner.get_mut_pinned();
    let was_init = inner.is_init;
    unsafe { ptr::drop_in_place(inner.get_unchecked_mut()) };
    was_init
}
```

This calls `ptr::drop_in_place` on `Inner`, which runs `PinnedDrop::drop`. That implementation sets `is_init = false` and drops the value. When the enclosing `Mutex<Inner<T>>` is later dropped (at `LazyInit` destruction), `PinnedDrop::drop` runs again on `Inner`, sees `is_init == false`, and is a no-op. This is safe because `MaybeUninit<T>` and `bool` have no drop glue, so the "double drop" of `Inner` is benign.

The SAFETY comment could be more explicit about why re-running `PinnedDrop` later is safe:

```rust
// SAFETY:
// - We drop in place, and therefore do not move `inner`.
// - The `PinnedDrop` implementation of `Inner` leaves it in a well-defined
//   state, so we do not need to worry about UB from further usage.
```

It would be worth adding: "When `Inner` is dropped again during `LazyInit`'s destruction, `is_init` will be `false`, making the second `PinnedDrop` a no-op. `Inner`'s fields (`MaybeUninit<T>`, `bool`) have no implicit drop glue."

**Issue 6 — `pub use lazy_init::*` is a glob re-export:**

```rust
pub use lazy_init::*;
```

This exports everything public from the module. Currently that's `LazyInit`, `LazyInitError`, and `new_lazy_init`. This works but is inconsistent with how other types in `sync.rs` are re-exported (explicit names). A named re-export would be more conventional for the kernel codebase:

```rust
pub use lazy_init::{LazyInit, LazyInitError, new_lazy_init};
```

**Issue 7 — The `data()` helper's `inner` parameter type is slightly unusual:**

```rust
unsafe fn data<'a>(&'a self, inner: &MutexGuard<'_, Inner<T>>) -> &'a T {
    unsafe { mem::transmute::<&_, &'a _>(inner.data.assume_init_ref()) }
}
```

The `MutexGuard` parameter serves as a witness that the lock is held, but it's only used to access the data through `Deref`. The lifetime extension via `transmute` from the guard's borrow to `'a` (tied to `self`) is the key unsafe operation. The safety argument is sound: once initialized, `T` can't be deinitialized until `Drop` (which requires `&mut self`, incompatible with the `'a` borrow from `&'a self`), and `T: Send + Sync` makes lock-free access safe.

**Issue 8 — Tests are good.** The three kunit tests cover:
- Basic init + double-init (`lazy_init`)
- Failed init followed by successful init (`lazy_init_error`)
- Init + reset + re-init (`lazy_init_reset`)

These exercise the key state transitions well.

---
Generated by Claude Code Patch Reviewer