On Sun, 15 Sep 2024 14:31:29 +0000 Alice Ryhl <aliceryhl@xxxxxxxxxx> wrote: > From: Wedson Almeida Filho <wedsonaf@xxxxxxxxx> > > This abstraction makes it possible to manipulate the open files for a > process. The new `File` struct wraps the C `struct file`. When accessing > it using the smart pointer `ARef<File>`, the pointer will own a > reference count to the file. When accessing it as `&File`, then the > reference does not own a refcount, but the borrow checker will ensure > that the reference count does not hit zero while the `&File` is live. > > Since this is intended to manipulate the open files of a process, we > introduce an `fget` constructor that corresponds to the C `fget` > method. In future patches, it will become possible to create a new fd in > a process and bind it to a `File`. Rust Binder will use these to send > fds from one process to another. > > We also provide a method for accessing the file's flags. Rust Binder > will use this to access the flags of the Binder fd to check whether the > non-blocking flag is set, which affects what the Binder ioctl does. > > This introduces a struct for the EBADF error type, rather than just > using the Error type directly. This has two advantages: > * `File::fget` returns a `Result<ARef<File>, BadFdError>`, which the > compiler will represent as a single pointer, with null being an error. > This is possible because the compiler understands that `BadFdError` > has only one possible value, and it also understands that the > `ARef<File>` smart pointer is guaranteed non-null. > * Additionally, we promise to users of the method that the method can > only fail with EBADF, which means that they can rely on this promise > without having to inspect its implementation. > That said, there are also two disadvantages: > * Defining additional error types involves boilerplate. > * The question mark operator will only utilize the `From` trait once, > which prevents you from using the question mark operator on > `BadFdError` in methods that return some third error type that the > kernel `Error` is convertible into. (However, it works fine in methods > that return `Error`.) > > Signed-off-by: Wedson Almeida Filho <wedsonaf@xxxxxxxxx> > Co-developed-by: Daniel Xu <dxu@xxxxxxxxx> > Signed-off-by: Daniel Xu <dxu@xxxxxxxxx> > Co-developed-by: Alice Ryhl <aliceryhl@xxxxxxxxxx> > Reviewed-by: Benno Lossin <benno.lossin@xxxxxxxxx> > Signed-off-by: Alice Ryhl <aliceryhl@xxxxxxxxxx> Reviewed-by: Gary Guo <gary@xxxxxxxxxxx> > --- > fs/file.c | 7 + > rust/bindings/bindings_helper.h | 2 + > rust/helpers/fs.c | 12 ++ > rust/helpers/helpers.c | 1 + > rust/kernel/fs.rs | 8 + > rust/kernel/fs/file.rs | 375 ++++++++++++++++++++++++++++++++++++++++ > rust/kernel/lib.rs | 1 + > 7 files changed, 406 insertions(+)
