Skip to content

wip: Implement safe io

M. requested to merge msandova/zbus:safe-io into main

This is a different take than !623 (closed), the problem with the previous MR is that it is not clear if zvariant::OwnedFd can ever be safe as is and zvariant::Fd can't be made safe without a lifetime.

This is using io_lifetimes to avoid bumping the MRSV to 1.63.

Things to have in mind

  • deserialize is very unsafe, in the case of OwnedFd, there is a check to see if the descriptor can be duplicated at least, it might be safe.
  • serialize can be safe if used only when sending messages
  • conversion from and into Value need special care.
  • The zvariant::Fd type was renamed to BorrowedFd<'a>, maybe it makes sense to rename it back to Fd to reduce the number of API breaks, but this way it is easier to see the full extent of the changes.
  • The three places where unsafe code was used was to implement Deserialize, fn to_owned(&self) -> OwnedValue, and fn visit_i32<E>(self, value: i32) -> Result<Value<'de>, E>
  • To solve the use of unsafe code in to_owned one could create a Value::OwnedFd variant thats only used in this context.
Edited by M.

Merge request reports