clean up syscall return value handling a bit

Author: iliana

src/syscall.rs

@@ -1,10 +1,6 @@
 // Copyright (c) iliana destroyer of worlds <[email protected]>
 // SPDX-License-Identifier: MIT
 
-// syscall returns a c_long but memfd_create(2) and fcntl(2) are documented as returning c_int. The
-// values are truncated here instead of using TryFrom.
-#![allow(clippy::cast_possible_truncation)]
-
 use std::ffi::CStr;
 use std::fmt::{self, Debug};
 use std::fs::File;
@@ -23,46 +19,57 @@ const F_SEAL_EXEC: c_int = 0x0020;
 
 pub(crate) fn memfd_create(name: &CStr, flags: MemfdFlags) -> Result<File, Error> {
     let name: *const c_char = name.as_ptr();
-    let retval = unsafe { syscall(SYS_memfd_create, name, flags.0) };
-    let result = check_syscall(retval);
+    let result = SyscallResult::new(unsafe { syscall(SYS_memfd_create, name, flags.0) });
     #[cfg(feature = "log")]
-    log::trace!("memfd_create({name:?}, {flags:?}) = {retval}");
-    result.map(|()| unsafe { File::from_raw_fd(retval as c_int) })
+    log::trace!("memfd_create({name:?}, {flags:?}) = {result:?}");
+    result.0.map(|value| unsafe { File::from_raw_fd(value) })
 }
 
 pub(crate) fn fcntl_get_seals(file: &File) -> Result<SealFlags, Error> {
     let fd: c_int = file.as_raw_fd();
-    let retval = unsafe { syscall(SYS_fcntl, fd, F_GET_SEALS) };
-    match check_syscall(retval) {
-        Ok(()) => {
-            let retval = SealFlags(retval as c_int);
-            #[cfg(feature = "log")]
-            log::trace!("fcntl({fd}, F_GET_SEALS) = {retval:?}");
-            Ok(retval)
-        }
-        Err(err) => {
-            #[cfg(feature = "log")]
-            log::trace!("fcntl({fd}, F_GET_SEALS) = {retval}");
-            Err(err)
-        }
-    }
+    let result = SyscallResult::new(unsafe { syscall(SYS_fcntl, fd, F_GET_SEALS) });
+    let result = SyscallResult(result.0.map(SealFlags));
+    #[cfg(feature = "log")]
+    log::trace!("fcntl({fd}, F_GET_SEALS) = {result:?}");
+    result.0
 }
 
 pub(crate) fn fcntl_add_seals(file: &File, arg: SealFlags) -> Result<(), Error> {
     let fd: c_int = file.as_raw_fd();
-    let retval = unsafe { syscall(SYS_fcntl, fd, F_ADD_SEALS, arg.0) };
-    let result = check_syscall(retval);
+    let result = SyscallResult::new(unsafe { syscall(SYS_fcntl, fd, F_ADD_SEALS, arg.0) });
     #[cfg(feature = "log")]
-    log::trace!("fcntl({fd}, F_ADD_SEALS, {arg:?}) = {retval}");
-    result
+    log::trace!("fcntl({fd}, F_ADD_SEALS, {arg:?}) = {result:?}");
+    result.0.map(|_| ())
 }
 
-#[inline]
-fn check_syscall(retval: c_long) -> Result<(), Error> {
-    if retval < 0 {
-        Err(Error::last_os_error())
-    } else {
-        Ok(())
+#[repr(transparent)]
+struct SyscallResult<T>(Result<T, Error>);
+
+impl SyscallResult<c_int> {
+    #[inline]
+    fn new(value: c_long) -> Self {
+        // The `syscall` function returns c_long regardless of the actual return value of the
+        // syscall. In the case of memfd_create(2) and fcntl(2), both syscalls return c_int.
+        // Truncation of the return value is correct behavior on Linux; see:
+        // https://github.com/rust-lang/rust/blob/56e35a5dbb37898433a43133dff0398f46d577b8/library/std/src/sys/pal/unix/weak.rs#L160-L184
+        #![allow(clippy::cast_possible_truncation)]
+        let value = value as c_int;
+
+        // memfd_create(2) and fcntl(2) both return -1 on error.
+        if value == -1 {
+            Self(Err(Error::last_os_error()))
+        } else {
+            Self(Ok(value))
+        }
+    }
+}
+
+impl<T: Debug> Debug for SyscallResult<T> {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        match &self.0 {
+            Ok(value) => write!(f, "{value:?}"),
+            Err(err) => write!(f, "-1 {err}"),
+        }
     }
 }