On Mon, Jan 15, 2024 at 11:03:37AM +0100, Patrick Steinhardt wrote: > > which means we'll feed a negative value to stat_validity_update(). I > > think this may be OK, because I'd imagine the only sensible thing to do > > is call stat_validity_clear() instead. And using a negative fd means > > fstat() will fail, which will cause stat_validity_update() to clear the > > validity struct anyway. But I thought it was worth double-checking. > > Good catch, and thanks a lot for double-checking. I was briefly > wondering whether this behaviour is actually specified by POSIX. In any > case, fstat(3P) explicitly documents `EBADF` as: > > The fildes argument is not a valid file descriptor. > > That makes me think that this code is indeed POSIX-compliant, as > implementations are expected to handle invalid file descriptors via this > error code. > > So overall this works as intended, even though I would not consider it > to be the cleanest way to handle this. Unless you or others think that > this should be refactored I'll leave it as-is for now though. Thanks for confirming. I think we can leave your patch as-is. If anything, I would say that stat_validity_update() should check for "fd < 0" itself. Not because I think fstat() is unlikely to behave differently on some platform, but simply because it more clearly documents the expectation. -Peff