use unsafe to mark reopen_with_fdflags as having special safety features

crates/wasi-c2/cap-std-sync/src/file.rs

@@ -38,7 +38,7 @@ impl WasiFile for File {
         // XXX get_fdflags is not implemented but lets lie rather than panic:
         Ok(FdFlags::empty())
     }
-    fn reopen_with_fdflags(&self, _fdflags: FdFlags) -> Result<Box<dyn WasiFile>, Error> {
+    unsafe fn reopen_with_fdflags(&self, _fdflags: FdFlags) -> Result<Box<dyn WasiFile>, Error> {
         todo!("reopen_with_fdflags is not implemented")
     }
     fn get_filestat(&self) -> Result<Filestat, Error> {

crates/wasi-c2/cap-std-sync/src/stdio.rs

@@ -39,7 +39,7 @@ impl WasiFile for Stdin {
         // XXX get_fdflags is not implemented but lets lie rather than panic:
         Ok(FdFlags::empty())
     }
-    fn reopen_with_fdflags(&self, _fdflags: FdFlags) -> Result<Box<dyn WasiFile>, Error> {
+    unsafe fn reopen_with_fdflags(&self, _fdflags: FdFlags) -> Result<Box<dyn WasiFile>, Error> {
         Err(Error::Badf)
     }
     fn get_filestat(&self) -> Result<Filestat, Error> {
@@ -128,7 +128,10 @@ macro_rules! wasi_file_write_impl {
                 // XXX get_fdflags is not implemented but lets lie rather than panic:
                 Ok(FdFlags::empty())
             }
-            fn reopen_with_fdflags(&self, _fdflags: FdFlags) -> Result<Box<dyn WasiFile>, Error> {
+            unsafe fn reopen_with_fdflags(
+                &self,
+                _fdflags: FdFlags,
+            ) -> Result<Box<dyn WasiFile>, Error> {
                 Err(Error::Badf)
             }
             fn get_filestat(&self) -> Result<Filestat, Error> {

crates/wasi-c2/src/file.rs

@@ -10,7 +10,9 @@ pub trait WasiFile {
     fn sync(&self) -> Result<(), Error>; // file op
     fn get_filetype(&self) -> Result<FileType, Error>; // file op
     fn get_fdflags(&self) -> Result<FdFlags, Error>; // file op
-    fn reopen_with_fdflags(&self, flags: FdFlags) -> Result<Box<dyn WasiFile>, Error>; // file op
+    /// This method takes a `&self` so that it can be called on a `&dyn WasiFile`. However,
+    /// the caller makes the additional guarantee to drop `self` after the call is successful.
+    unsafe fn reopen_with_fdflags(&self, flags: FdFlags) -> Result<Box<dyn WasiFile>, Error>; // file op
     fn get_filestat(&self) -> Result<Filestat, Error>; // split out get_length as a read & write op, rest is a file op
     fn set_filestat_size(&self, _size: u64) -> Result<(), Error>; // write op
     fn advise(

crates/wasi-c2/src/pipe.rs

@@ -114,7 +114,7 @@ impl<R: Read + Any> WasiFile for ReadPipe<R> {
     fn get_fdflags(&self) -> Result<FdFlags, Error> {
         Ok(FdFlags::empty())
     }
-    fn reopen_with_fdflags(&self, _fdflags: FdFlags) -> Result<Box<dyn WasiFile>, Error> {
+    unsafe fn reopen_with_fdflags(&self, _fdflags: FdFlags) -> Result<Box<dyn WasiFile>, Error> {
         Err(Error::Badf)
     }
     fn get_filestat(&self) -> Result<Filestat, Error> {
@@ -250,7 +250,7 @@ impl<W: Write + Any> WasiFile for WritePipe<W> {
     fn get_fdflags(&self) -> Result<FdFlags, Error> {
         Ok(FdFlags::APPEND)
     }
-    fn reopen_with_fdflags(&self, _fdflags: FdFlags) -> Result<Box<dyn WasiFile>, Error> {
+    unsafe fn reopen_with_fdflags(&self, _fdflags: FdFlags) -> Result<Box<dyn WasiFile>, Error> {
         Err(Error::Badf)
     }
     fn get_filestat(&self) -> Result<Filestat, Error> {

crates/wasi-c2/src/snapshots/preview_1.rs

@@ -276,7 +276,10 @@ impl<'a> wasi_snapshot_preview1::WasiSnapshotPreview1 for WasiCtx {
         let fd = u32::from(fd);
         let table_check = table.get_file(fd)?.get_cap(FileCaps::FDSTAT_SET_FLAGS)?;
         drop(table_check);
-        table.update_file_in_place(fd, |f| f.reopen_with_fdflags(FdFlags::from(&flags)))
+        table.update_file_in_place(fd, |f| unsafe {
+            // Safety: update_file_in_place will drop `f` after this call.
+            f.reopen_with_fdflags(FdFlags::from(&flags))
+        })
     }
 
     fn fd_fdstat_set_rights(