@@ -173,16 +173,17 @@ impl Drop for OwnedFd {
173173 #[ inline]
174174 fn drop ( & mut self ) {
175175 unsafe {
176- // Note that errors are ignored when closing a file descriptor. The
177- // reason for this is that if an error occurs we don't actually know if
178- // the file descriptor was closed or not, and if we retried (for
179- // something like EINTR), we might close another valid file descriptor
180- // opened after we closed ours.
181- // However, this is usually justified, as some of the major Unices
182- // do make sure to always close the FD, even when `close()` is interrupted,
183- // and the scenario is rare to begin with.
184- // Helpful link to an epic discussion by POSIX workgroup:
185- // http://austingroupbugs.net/view.php?id=529
176+ // Note that errors are ignored when closing a file descriptor. According to POSIX 2024,
177+ // we can and indeed should retry `close` on `EINTR`
178+ // (https://pubs.opengroup.org/onlinepubs/9799919799.2024edition/functions/close.html),
179+ // but it is not clear yet how well widely-used implementations are conforming with this
180+ // mandate since older versions of POSIX left the state of the FD after an `EINTR`
181+ // unspecified. Ignoring errors is "fine" because some of the major Unices (in
182+ // particular, Linux) do make sure to always close the FD, even when `close()` is
183+ // interrupted, and the scenario is rare to begin with. If we retried on a
184+ // not-POSIX-compliant implementation, the consequences could be really bad since we may
185+ // close the wrong FD. Helpful link to an epic discussion by POSIX workgroup that led to
186+ // the latest POSIX wording: http://austingroupbugs.net/view.php?id=529
186187 #[ cfg( not( target_os = "hermit" ) ) ]
187188 {
188189 #[ cfg( unix) ]
0 commit comments