Open grief8 opened 1 month ago
@boterinas claim
This proposal can also be extended to cover other IDs, such as UID (user id) and GID (group id). The syscall interface currently allows users to provide negative values (due to the i32 type), but in actuality, these IDs can only be positive in kernel.
Description:
Currently, the
FileTable
structure is able to handle negative values ofFileDesc
, which is not ideal. Handling these negative values raises concerns about the integrity and safety of file descriptor management. It has been suggested that we need a clearer differentiation between valid and invalid file descriptors at compile time.Proposed Solution:
To improve type safety, we propose introducing a new type
FileDesc
to distinguish positive file descriptors from negative ones. The proposed implementation involves the following changes:RawFileDesc
asi32
for handling raw file descriptors.FileDesc(u32)
that will only accept positive values.TryFrom
conversion to ensure that only valid positiveRawFileDesc
values can be converted toFileDesc
.The suggested code snippet is as follows: