signalfd optional file descriptor

[JonathanWoollett-Light]

sys::signalfd::signalfd currently takes a RawFd for its fd argument.

Considering from the documentation:

If the fd argument is -1, then the call creates a new file
descriptor and associates the signal set specified in mask with
that file descriptor. If fd is not -1, then it must specify a
valid existing signalfd file descriptor, and mask is used to
replace the signal set associated with that file descriptor.

We can better pass the argument as Option<BorrowedFd> which encodes the optional nature of this parameter in an option rather than the value being -1 (invalid) (size_of::<Option<BorrowedFd>>() == size_of::<RawFd>() == 4).

This removes the error case where fd < -1.

EBADF The fd file descriptor is not a valid file descriptor.

This does however require additional changes to produce a cohesive implementation, notably changing the type within Signal from RawFd to ManuallyDrop<OwnedFd>, this has no functional affect, but illustrates ownership and allows the type to more easily produce BorrowedFds.

To use BorrowedFd requires updating the MSRV to >= 1.63.0

[SUPERCILEX]

This should use impl AsFd instead of a BorrowedFd.

[notgull]

Is there a way we could use the io-lifetimes crate here to avoid bumping the MSRV?

[SUPERCILEX]

Yes since that's what rustix does, but not sure that's worth it without someone piping up to give a compelling reason they need to be able to use old rustcs.

[asomers]

We're already planning to raise MSRV for the 0.27.0 release.

[JonathanWoollett-Light]

This should use impl AsFd instead of a BorrowedFd.

In my view this defats the purpose of this PR, which is to restrict the type you can pass to signalfd to a valid file descriptor such that the error case

EBADF The fd file descriptor is not a valid file descriptor.

Cannot be encountered.

With impl AsFd a user can still pass an invalid file descriptor.

[SUPERCILEX]

With impl AsFd a user can still pass an invalid file descriptor.

Do you have a specific example in mind? Also, nothing prevents you from using unsafe to create a BorrowedFd from random garbage.

[JonathanWoollett-Light]

Apologies I misread, thought you wrote AsRawFd. I will change it to impl AsFd.

[SUPERCILEX]

Dope 👍

[JonathanWoollett-Light]

It does make specifying None a bit more of a pain:

signalfd(None::<OwnedFd>, mask, flags)?;

instead of

signalfd(None, mask, flags)?;

but this is relatively minor.

[SteveLauC]

For the type of that file descriptor argument, any reason why not to use <F: AsFd>(fd: F), this is basically equivalent to impl AsFd except you can specify the particular type using turbofish, and this is consistent with the interfaces exposed from the stdlib:

pub fn fchown<F: AsFd>(fd: F, uid: Option<u32>, gid: Option<u32>) -> io::Result<()> {
    sys::fs::fchown(fd.as_fd().as_raw_fd(), uid.unwrap_or(u32::MAX), gid.unwrap_or(u32::MAX))
}

[JonathanWoollett-Light]

@SteveLauC I have no strong view either way as you mention they are essentially equivalent, I've changed it to match stdlib as you mentioned.

[asomers]

You should be able to rebase this now

[JonathanWoollett-Light]

You should be able to rebase this now

Nice, just rebased.

[asomers]

bors r+

[bors]

Build succeeded:

• Android aarch64
• Android arm
• Android armv7
• Android i686
• Android x86_64
• DragonFly BSD x86_64
• FreeBSD 12 amd64 & i686
• FreeBSD 14 amd64 & i686
• Fuchsia x86_64
• Haiku x86_64
• Illumos
• iOS aarch64
• iOS x86_64
• Linux aarch64
• Linux arm gnueabi
• Linux arm-musleabi
• Linux armv7 gnueabihf
• Linux armv7 uclibceabihf
• Linux i686
• Linux i686 musl
• Linux MIPS
• Linux MIPS64
• Linux MIPS64 el
• Linux mipsel
• Linux powerpc
• Linux powerpc64
• Linux powerpc64le
• Linux s390x
• Linux x32
• Linux x86_64
• Linux x86_64 musl
• macOS aarch64
• macOS x86_64
• Minver
• NetBSD x86_64
• OpenBSD x86_64
• Redox x86_64
• Rust Formatter
• Rust Stable