Benno Lossin <benno.lossin@xxxxxxxxx> writes:
> On 11/29/23 14:11, Alice Ryhl wrote:
> > +impl FileDescriptorReservation {
> > + /// Creates a new file descriptor reservation.
> > + pub fn new(flags: u32) -> Result<Self> {
> > + // SAFETY: FFI call, there are no safety requirements on `flags`.
> > + let fd: i32 = unsafe { bindings::get_unused_fd_flags(flags) };
> > + if fd < 0 {
> > + return Err(Error::from_errno(fd));
> > + }
>
> I think here we could also use the modified `to_result` function that
> returns a `u32` if the value is non-negative.
I'll look into that for the next version.
>> + /// Commits the reservation.
>> + ///
>> + /// The previously reserved file descriptor is bound to `file`. This method consumes the
>> + /// [`FileDescriptorReservation`], so it will not be usable after this call.
>> + pub fn commit(self, file: ARef<File>) {
>> + // SAFETY: `self.fd` was previously returned by `get_unused_fd_flags`, and `file.ptr` is
>> + // guaranteed to have an owned ref count by its type invariants.
>> + unsafe { bindings::fd_install(self.fd, file.0.get()) };
>> +
>> + // `fd_install` consumes both the file descriptor and the file reference, so we cannot run
>> + // the destructors.
>> + core::mem::forget(self);
>> + core::mem::forget(file);
>
> Would be useful to have an `ARef::into_raw` function that would do
> the `forget` for us.
That makes sense to me, but I don't think it needs to happen in this patchset.
Alice
