diff --git a/.cargo/config.toml b/.cargo/config.toml
index 902dea1dbe..6094ed351d 100644
--- a/.cargo/config.toml
+++ b/.cargo/config.toml
@@ -4,9 +4,6 @@
 # https://github.com/rust-lang/cargo/issues/5034
 [build]
 rustflags = [
-    # TODO(crbug/908640): To be resolved.
-    "-Aclippy::missing_safety_doc", # 26 errors
-
     # We don't care about these lints. Okay to remain suppressed globally.
     "-Aclippy::bool_assert_comparison",
     "-Aclippy::cast_lossless",
diff --git a/base/src/sys/linux/ioctl.rs b/base/src/sys/linux/ioctl.rs
index fa28ded00b..0d83f4e70b 100644
--- a/base/src/sys/linux/ioctl.rs
+++ b/base/src/sys/linux/ioctl.rs
@@ -170,6 +170,7 @@ pub unsafe fn ioctl_with_val(descriptor: &dyn AsRawDescriptor, nr: IoctlNr, arg:
 
 /// Run an ioctl with an immutable reference.
 /// # Safety
+///
 /// The caller is responsible for determining the safety of the particular ioctl.
 pub unsafe fn ioctl_with_ref<T>(descriptor: &dyn AsRawDescriptor, nr: IoctlNr, arg: &T) -> c_int {
     libc::ioctl(
@@ -181,6 +182,7 @@ pub unsafe fn ioctl_with_ref<T>(descriptor: &dyn AsRawDescriptor, nr: IoctlNr, a
 
 /// Run an ioctl with a mutable reference.
 /// # Safety
+///
 /// The caller is responsible for determining the safety of the particular ioctl.
 pub unsafe fn ioctl_with_mut_ref<T>(
     descriptor: &dyn AsRawDescriptor,
diff --git a/crosvm_control/src/lib.rs b/crosvm_control/src/lib.rs
index 3d3a6a31cd..c870e0d828 100644
--- a/crosvm_control/src/lib.rs
+++ b/crosvm_control/src/lib.rs
@@ -166,6 +166,12 @@ pub unsafe extern "C" fn crosvm_client_balloon_vms(
 }
 
 /// See crosvm_client_balloon_vms.
+///
+/// # Safety
+///
+/// Function is unsafe due to raw pointer usage - a null pointer could be passed in. Usage of
+/// !raw_pointer.is_null() checks should prevent unsafe behavior but the caller should ensure no
+/// null pointers are passed.
 #[cfg(any(target_os = "android", target_os = "linux"))]
 #[no_mangle]
 pub unsafe extern "C" fn crosvm_client_balloon_vms_wait_with_timeout(
@@ -710,6 +716,12 @@ pub unsafe extern "C" fn crosvm_client_balloon_stats(
 }
 
 /// See crosvm_client_balloon_stats.
+///
+/// # Safety
+///
+/// Function is unsafe due to raw pointer usage - a null pointer could be passed in. Usage of
+/// !raw_pointer.is_null() checks should prevent unsafe behavior but the caller should ensure no
+/// null pointers are passed.
 #[cfg(any(target_os = "android", target_os = "linux"))]
 #[no_mangle]
 pub unsafe extern "C" fn crosvm_client_balloon_stats_with_timeout(
diff --git a/crosvm_plugin/src/lib.rs b/crosvm_plugin/src/lib.rs
index e9b42321ac..9a36b9b6a6 100644
--- a/crosvm_plugin/src/lib.rs
+++ b/crosvm_plugin/src/lib.rs
@@ -5,6 +5,7 @@
 #![cfg(any(target_os = "android", target_os = "linux"))]
 #![cfg(target_arch = "x86_64")]
 #![allow(non_camel_case_types)]
+#![allow(clippy::missing_safety_doc)]
 
 //! This module implements the dynamically loaded client library API used by a crosvm plugin,
 //! defined in `crosvm.h`. It implements the client half of the plugin protocol, which is defined in
diff --git a/devices/src/usb/xhci/xhci_abi.rs b/devices/src/usb/xhci/xhci_abi.rs
index 643785c985..779d1c83c8 100644
--- a/devices/src/usb/xhci/xhci_abi.rs
+++ b/devices/src/usb/xhci/xhci_abi.rs
@@ -682,6 +682,8 @@ impl TypedTrb for PortStatusChangeEventTrb {
     const TY: TrbType = TrbType::PortStatusChangeEvent;
 }
 
+/// # Safety
+///
 /// All trb structs have the same size. One trb could be safely casted to another, though the
 /// values might be invalid.
 pub unsafe trait TrbCast: FromBytes + AsBytes + TypedTrb {
diff --git a/devices/src/vfio.rs b/devices/src/vfio.rs
index 4e67c3dce7..08887a40b7 100644
--- a/devices/src/vfio.rs
+++ b/devices/src/vfio.rs
@@ -383,6 +383,9 @@ impl VfioContainer {
         }
     }
 
+    /// # Safety
+    ///
+    /// The caller is responsible for determining the safety of the VFIO_IOMMU_MAP_DMA ioctl.
     pub unsafe fn vfio_dma_map(
         &self,
         iova: u64,
@@ -401,6 +404,9 @@ impl VfioContainer {
         }
     }
 
+    /// # Safety
+    ///
+    /// The caller is responsible for determining the safety of the VFIO_IOMMU_MAP_DMA ioctl.
     unsafe fn vfio_iommu_type1_dma_map(
         &self,
         iova: u64,
@@ -1824,6 +1830,9 @@ impl VfioDevice {
     }
 
     /// Add (iova, user_addr) map into vfio container iommu table
+    /// # Safety
+    ///
+    /// The caller is responsible for determining the safety of the VFIO_IOMMU_MAP_DMA ioctl.
     pub unsafe fn vfio_dma_map(
         &self,
         iova: u64,
diff --git a/net_util/src/lib.rs b/net_util/src/lib.rs
index 9f99629ce1..04a8d3fbb9 100644
--- a/net_util/src/lib.rs
+++ b/net_util/src/lib.rs
@@ -202,6 +202,11 @@ pub trait TapTCommon: Read + Write + AsRawDescriptor + Send + Sized {
     fn try_clone(&self) -> Result<Self>;
 
     /// Convert raw descriptor to
+    ///
+    /// # Safety
+    ///
+    /// Caller must ensure that RawDescriptor stays valid as long as the lifetime
+    /// of Self.
     unsafe fn from_raw_descriptor(descriptor: RawDescriptor) -> Result<Self>;
 }
 
diff --git a/rutabaga_gfx/src/rutabaga_os/mod.rs b/rutabaga_gfx/src/rutabaga_os/mod.rs
index 3793393a18..7d0dd44300 100644
--- a/rutabaga_gfx/src/rutabaga_os/mod.rs
+++ b/rutabaga_gfx/src/rutabaga_os/mod.rs
@@ -17,6 +17,10 @@ pub use shm::SharedMemory;
 pub use sys::platform::descriptor::RawDescriptor;
 pub use sys::platform::shm::round_up_to_page_size;
 
+/// # Safety
+///
+/// Caller must ensure that MappedRegion's lifetime contains the lifetime of
+/// pointer returned.
 pub unsafe trait MappedRegion: Send + Sync {
     /// Returns a pointer to the beginning of the memory region. Should only be
     /// used for passing this region to ioctls for setting guest memory.
diff --git a/usb_sys/src/lib.rs b/usb_sys/src/lib.rs
index 6a63aa61c6..27c6d5f502 100644
--- a/usb_sys/src/lib.rs
+++ b/usb_sys/src/lib.rs
@@ -29,18 +29,34 @@ impl<T> __IncompleteArrayField<T> {
     pub fn new() -> Self {
         __IncompleteArrayField(::std::marker::PhantomData)
     }
+    /// # Safety
+    ///
+    /// Caller must ensure that Self's size and alignment requirements matches
+    /// those of `T`s.
     #[inline]
     pub unsafe fn as_ptr(&self) -> *const T {
         ::std::mem::transmute(self)
     }
+    /// # Safety
+    ///
+    /// Caller must ensure that Self's size and alignment requirements matches
+    /// those of `T`s.
     #[inline]
     pub unsafe fn as_mut_ptr(&mut self) -> *mut T {
         ::std::mem::transmute(self)
     }
+    /// # Safety
+    ///
+    /// Caller must ensure that Self's size and alignment requirements matches
+    /// those of `T`s.
     #[inline]
     pub unsafe fn as_slice(&self, len: usize) -> &[T] {
         ::std::slice::from_raw_parts(self.as_ptr(), len)
     }
+    /// # Safety
+    ///
+    /// Caller must ensure that Self's size and alignment requirements matches
+    /// those of `T`s.
     #[inline]
     pub unsafe fn as_mut_slice(&mut self, len: usize) -> &mut [T] {
         ::std::slice::from_raw_parts_mut(self.as_mut_ptr(), len)
diff --git a/vfio_sys/src/plat.rs b/vfio_sys/src/plat.rs
index c4bd8959f2..6495194529 100644
--- a/vfio_sys/src/plat.rs
+++ b/vfio_sys/src/plat.rs
@@ -23,10 +23,18 @@ impl<T> __IncompleteArrayField<T> {
     pub fn as_mut_ptr(&mut self) -> *mut T {
         self as *mut _ as *mut T
     }
+    /// # Safety
+    ///
+    /// Caller must ensure that Self's size and alignment requirements match
+    /// those of `T`'s.
     #[inline]
     pub unsafe fn as_slice(&self, len: usize) -> &[T] {
         ::std::slice::from_raw_parts(self.as_ptr(), len)
     }
+    /// # Safety
+    ///
+    /// Caller must ensure that Self's size and alignment requirements match
+    /// those of `T`'s.
     #[inline]
     pub unsafe fn as_mut_slice(&mut self, len: usize) -> &mut [T] {
         ::std::slice::from_raw_parts_mut(self.as_mut_ptr(), len)
diff --git a/x86_64/src/bootparam.rs b/x86_64/src/bootparam.rs
index 01b0998201..c84c6ada24 100644
--- a/x86_64/src/bootparam.rs
+++ b/x86_64/src/bootparam.rs
@@ -28,19 +28,35 @@ impl<T> __IncompleteArrayField<T> {
     pub fn new() -> Self {
         __IncompleteArrayField(::std::marker::PhantomData, [])
     }
+    /// # Safety
+    ///
+    /// Caller must ensure that Self`s size, alignment and lifetime are
+    /// compatible with returned values requirements.
     #[inline]
     pub unsafe fn as_ptr(&self) -> *const T {
         ::std::mem::transmute(self)
     }
+    /// # Safety
+    ///
+    /// Caller must ensure that Self`s size, alignment and lifetime are
+    /// compatible with returned values requirements.
     #[inline]
     pub unsafe fn as_mut_ptr(&mut self) -> *mut T {
         ::std::mem::transmute(self)
     }
+    /// # Safety
+    ///
+    /// Caller must ensure that Self`s size, alignment and lifetime are
+    /// compatible with returned values requirements.
     #[inline]
     pub unsafe fn as_slice(&self, len: usize) -> &[T] {
         ::std::slice::from_raw_parts(self.as_ptr(), len)
     }
     #[inline]
+    /// # Safety
+    ///
+    /// Caller must ensure that Self`s size, alignment and lifetime are
+    /// compatible with returned values requirements.
     pub unsafe fn as_mut_slice(&mut self, len: usize) -> &mut [T] {
         ::std::slice::from_raw_parts_mut(self.as_mut_ptr(), len)
     }