On 11/29/23 14:11, Alice Ryhl wrote:
> +impl FileDescriptorReservation {
> + /// Creates a new file descriptor reservation.
> + pub fn new(flags: u32) -> Result<Self> {
> + // SAFETY: FFI call, there are no safety requirements on `flags`.
> + let fd: i32 = unsafe { bindings::get_unused_fd_flags(flags) };
> + if fd < 0 {
> + return Err(Error::from_errno(fd));
> + }
I think here we could also use the modified `to_result` function that
returns a `u32` if the value is non-negative.
> + Ok(Self {
> + fd: fd as _,
> + _not_send_sync: PhantomData,
> + })
> + }
> +
> + /// Returns the file descriptor number that was reserved.
> + pub fn reserved_fd(&self) -> u32 {
> + self.fd
> + }
> +
> + /// Commits the reservation.
> + ///
> + /// The previously reserved file descriptor is bound to `file`. This method consumes the
> + /// [`FileDescriptorReservation`], so it will not be usable after this call.
> + pub fn commit(self, file: ARef<File>) {
> + // SAFETY: `self.fd` was previously returned by `get_unused_fd_flags`, and `file.ptr` is
> + // guaranteed to have an owned ref count by its type invariants.
> + unsafe { bindings::fd_install(self.fd, file.0.get()) };
> +
> + // `fd_install` consumes both the file descriptor and the file reference, so we cannot run
> + // the destructors.
> + core::mem::forget(self);
> + core::mem::forget(file);
Would be useful to have an `ARef::into_raw` function that would do
the `forget` for us.
--
Cheers,
Benno
