[RFC] Rust: A fallible from_kernel_errno with Result<Error> return

foxhlchen · foxhlchen · commit d0ac814b6e41 · 2021-06-04T22:15:23.000+08:00
Currently, from_kernel_errno is an infallible function acting as a
constructor for Error. In order to achieve its type invariant, We add
a check in it which will prompt a warning and return Error::EINVL when
errno given is invalid.

While this approach ensures type invariant, it brings great ambiguities.
When Error::EINVL is returned, the caller has no way to recognize
whether it is a valid errno coming from the kernel or an error issued by the
check. This tricky behavior may confuse developers and introduce subtle bugs.
Since Error will be used in all respects of the kernel, It's definitely not
a sound solution.

This RFC proposes that we make from_kernel_errno return a Result&lt;Error&gt;.
Thus, we have an explicit, clear, and fallible version of from_kernel_errno
by which callers are able to know what really happened behind the scene. And
it also provides certain flexibility. We pass the power to callers, they can
decide how to deal with invalid `errno` case by case.
diff --git a/rust/kernel/error.rs b/rust/kernel/error.rs
@@ -62,21 +62,16 @@ impl Error {
 
     /// Creates an [`Error`] from a kernel error code.
     ///
-    /// It is a bug to pass an out-of-range `errno`. `EINVAL` would
+    /// It is a bug to pass an out-of-range `errno`. Err(`EINVAL`) would
     /// be returned in such a case.
-    pub(crate) fn from_kernel_errno(errno: c_types::c_int) -> Error {
+    pub(crate) fn from_kernel_errno(errno: c_types::c_int) -> Result<Error> {
         if errno < -(bindings::MAX_ERRNO as i32) || errno >= 0 {
-            // TODO: make it a `WARN_ONCE` once available.
-            crate::pr_warn!(
-                "attempted to create `Error` with out of range `errno`: {}",
-                errno
-            );
-            return Error::EINVAL;
+            return Err(Error::EINVAL);
         }
 
         // INVARIANT: the check above ensures the type invariant
         // will hold.
-        Error(errno)
+        Ok(Error(errno))
     }
 
     /// Creates an [`Error`] from a kernel error code.
