Received: by 2002:a05:7412:b10a:b0:f3:1519:9f41 with SMTP id az10csp362276rdb;
        Thu, 30 Nov 2023 06:54:02 -0800 (PST)
X-Google-Smtp-Source: AGHT+IH6eYXuLLZ7leis6yQzNq0LU+zMptuVkf4Q1K3CnRlNv5T+xBv5xRCYYRxef/BEopqLo7Ru
X-Received: by 2002:a17:90b:3847:b0:285:ff7d:ac62 with SMTP id nl7-20020a17090b384700b00285ff7dac62mr9062542pjb.17.1701356042007;
        Thu, 30 Nov 2023 06:54:02 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1701356041; cv=none;
        d=google.com; s=arc-20160816;
        b=JKtKn+p7tFNN7G3AhCTB1/tQ76ntjPdYfuUzxMRoBxEDIFXYYhp95duev+h73Z6bRg
         +MHhizSPjnclSvB70sQP9cxRxdqwmOl0XfA4baUJpGVxHHl4lZkUaCa7reJXEr3H7fLj
         Pbg0QYuUZIDs8f/6zryOfSgVyESnmLno3fJxMMTQ1Wgi4bB88a7GrQk1a5RF0iYcTczQ
         G0MMo4lXaDYV9bu/P+nhw298Zn0bE4THUOtQdKjJ/mrMyQZIGWQqlnqxbYOLueKsqWr1
         tL0c6vDad6jqRvgChcvJzxmV1DHkCzqXCj53/CAM19HcUjc4V1BqYuzx6e0GLeV62bXy
         CCCg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :feedback-id:references:in-reply-to:message-id:subject:cc:from:to
         :date:dkim-signature;
        bh=/dZ6NFV/G0RLkBAHtfCz9HT+dyLmnY7azuvPxmWLInY=;
        fh=yGC6hLtEKxG/qAMK6tCmLY72Pr3WjPw6U6qgCoktHOQ=;
        b=tJYqBcfYygAFag2t3GHpuULvJvsEkiFEF0ivuvfoSy5wq2Vl2ZdC/hmIcdA6t1ZaPp
         Ux1+7yAgVnBKuXwCeOoWfVsz8deLCI2SG/lLUttEQJqC4y2wNzVBkp43m1G5Vvl3hvIY
         isOG+1y/9pDqocMOZnjm1q9bQFbNGm8fDMMiLF389WtREeyQZyMGskyDRi5VeTRq4C+Q
         BAhnPCafo+H3Mwd98lCCo2Mnho26gGebt5uJOBgTzHnbJg7kgrY4ixRly1SKYYr9dJwR
         IckTHxr91Psc6L8n4uQzMHnOUAJrv8JRxxTTnSyWyvDVBKxLRV6M97mrUTewAHju7Mbm
         y8yQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@proton.me header.s=protonmail header.b=cNBncAt8;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=proton.me
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from snail.vger.email (snail.vger.email. [23.128.96.37])
        by mx.google.com with ESMTPS id jw10-20020a170903278a00b001cad3a744aesi1304014plb.153.2023.11.30.06.54.01
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 30 Nov 2023 06:54:01 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@proton.me header.s=protonmail header.b=cNBncAt8;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=proton.me
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by snail.vger.email (Postfix) with ESMTP id B6D0F805F099;
	Thu, 30 Nov 2023 06:54:00 -0800 (PST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1346043AbjK3Oxu (ORCPT <rfc822;abelvesa@gmail.com> + 99 others);
        Thu, 30 Nov 2023 09:53:50 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35298 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235195AbjK3Oxt (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 30 Nov 2023 09:53:49 -0500
Received: from mail-4322.protonmail.ch (mail-4322.protonmail.ch [185.70.43.22])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 06E2A1A4;
        Thu, 30 Nov 2023 06:53:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proton.me;
        s=protonmail; t=1701356031; x=1701615231;
        bh=/dZ6NFV/G0RLkBAHtfCz9HT+dyLmnY7azuvPxmWLInY=;
        h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References:
         Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID:
         Message-ID:BIMI-Selector;
        b=cNBncAt8SBbwtWIg8zhpCfPOPlRcxBBpPki5cySbkQEjhluV7qcu2z/NWiBIJNz/K
         kt+9BjY6peS+QqKE3SWeyaQ6vNnt8pWYjFxB1VLXkbGHNk0Dyl7fktaiBpaz81eMRr
         tWmxK/ZnwLetZvAWw6B1boUPy5r45NIaXE7BBtLtR9jh8C5GDsPvZu8tZs0oj+Cm3a
         at38RTfr6yaS+qwT0dJTQY8D7+/awYP/Eovl597NqfnZjH5NAgSTNbEewCPlC59Hay
         2YyBud7z1rCSKlAH7iV0jZvmX12n943XTQpiXWa2voaLYuEdCEHEpEtyQYL4q0LvWQ
         GMMlMV4IHo5cQ==
Date:   Thu, 30 Nov 2023 14:53:35 +0000
To:     Alice Ryhl <aliceryhl@google.com>
From:   Benno Lossin <benno.lossin@proton.me>
Cc:     Miguel Ojeda <ojeda@kernel.org>,
        Alex Gaynor <alex.gaynor@gmail.com>,
        Wedson Almeida Filho <wedsonaf@gmail.com>,
        Boqun Feng <boqun.feng@gmail.com>, Gary Guo <gary@garyguo.net>,
        =?utf-8?Q?Bj=C3=B6rn_Roy_Baron?= <bjorn3_gh@protonmail.com>,
        Andreas Hindborg <a.hindborg@samsung.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        Christian Brauner <brauner@kernel.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        =?utf-8?Q?Arve_Hj=C3=B8nnev=C3=A5g?= <arve@android.com>,
        Todd Kjos <tkjos@android.com>,
        Martijn Coenen <maco@android.com>,
        Joel Fernandes <joel@joelfernandes.org>,
        Carlos Llamas <cmllamas@google.com>,
        Suren Baghdasaryan <surenb@google.com>,
        Dan Williams <dan.j.williams@intel.com>,
        Kees Cook <keescook@chromium.org>,
        Matthew Wilcox <willy@infradead.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Daniel Xu <dxu@dxuuu.xyz>, linux-kernel@vger.kernel.org,
        rust-for-linux@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH 1/7] rust: file: add Rust abstraction for `struct file`
Message-ID: <ksVe7fwt0AVWlCOtxIOb-g34okhYeBQUiXvpWLvqfxcyWXXuUuwWEIhUHigcAXJDFRCDr8drPYD1O1VTrDhaeZQ5mVxjCJqT32-2gHozHIo=@proton.me>
In-Reply-To: <20231129-alice-file-v1-1-f81afe8c7261@google.com>
References: <20231129-alice-file-v1-0-f81afe8c7261@google.com> <20231129-alice-file-v1-1-f81afe8c7261@google.com>
Feedback-ID: 71780778:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_MSPIKE_H5,
        RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 30 Nov 2023 06:54:00 -0800 (PST)

On 11/29/23 13:51, Alice Ryhl wrote:
> +/// Flags associated with a [`File`].
> +pub mod flags {
> +    /// File is opened in append mode.
> +    pub const O_APPEND: u32 =3D bindings::O_APPEND;

Why do all of these constants begin with `O_`?

[...]

> +impl File {
> +    /// Constructs a new `struct file` wrapper from a file descriptor.
> +    ///
> +    /// The file descriptor belongs to the current process.
> +    pub fn from_fd(fd: u32) -> Result<ARef<Self>, BadFdError> {
> +        // SAFETY: FFI call, there are no requirements on `fd`.
> +        let ptr =3D ptr::NonNull::new(unsafe { bindings::fget(fd) }).ok_=
or(BadFdError)?;
> +
> +        // INVARIANT: `fget` increments the refcount before returning.
> +        Ok(unsafe { ARef::from_raw(ptr.cast()) })

Missing `SAFETY` comment.

> +    }
> +
> +    /// Creates a reference to a [`File`] from a valid pointer.
> +    ///
> +    /// # Safety
> +    ///
> +    /// The caller must ensure that `ptr` points at a valid file and tha=
t its refcount does not
> +    /// reach zero during the lifetime 'a.
> +    pub unsafe fn from_ptr<'a>(ptr: *const bindings::file) -> &'a File {
> +        // INVARIANT: The safety requirements guarantee that the refcoun=
t does not hit zero during
> +        // 'a. The cast is okay because `File` is `repr(transparent)`.
> +        unsafe { &*ptr.cast() }

Missing `SAFETY` comment.

> +    }
> +
> +    /// Returns the flags associated with the file.
> +    ///
> +    /// The flags are a combination of the constants in [`flags`].
> +    pub fn flags(&self) -> u32 {
> +        // This `read_volatile` is intended to correspond to a READ_ONCE=
 call.
> +        //
> +        // SAFETY: The file is valid because the shared reference guaran=
tees a nonzero refcount.
> +        //
> +        // TODO: Replace with `read_once` when available on the Rust sid=
e.
> +        unsafe { core::ptr::addr_of!((*self.0.get()).f_flags).read_volat=
ile() }
> +    }
> +}
> +
> +// SAFETY: The type invariants guarantee that `File` is always ref-count=
ed.
> +unsafe impl AlwaysRefCounted for File {
> +    fn inc_ref(&self) {
> +        // SAFETY: The existence of a shared reference means that the re=
fcount is nonzero.
> +        unsafe { bindings::get_file(self.0.get()) };
> +    }
> +
> +    unsafe fn dec_ref(obj: ptr::NonNull<Self>) {
> +        // SAFETY: The safety requirements guarantee that the refcount i=
s nonzero.
> +        unsafe { bindings::fput(obj.cast().as_ptr()) }
> +    }
> +}
> +
> +/// Represents the `EBADF` error code.
> +///
> +/// Used for methods that can only fail with `EBADF`.
> +pub struct BadFdError;
> +
> +impl From<BadFdError> for Error {
> +    fn from(_: BadFdError) -> Error {
> +        EBADF
> +    }
> +}
> +
> +impl core::fmt::Debug for BadFdError {
> +    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result=
 {
> +        f.pad("EBADF")
> +    }
> +}

Do we want to generalize this to the other errors as well? We could modify
the `declare_error!` macro in `error.rs` to create these unit structs.

--=20
Cheers,
Benno