Hi Linus, >> Okay. So what's the equivalent of AT_SYMLINK_NOFOLLOW in RESOLVE_* flag >> terms? > > Nothing. > > openat2() takes two sets of flags. We'll never get rid of > AT_SYMLINK_NOFOLLOW / O_NOFOLLOW, and we've added RESOLVE_NO_SYMLINKS > to the new set of flags. It's just a separate namespace. > > We will _not_ be adding a RESOLVE_XYZ flag for O_NOFOLLOW or > AT_SYMLINK_NOFOLLOW. At least not visible to user space - because as > people already figured out, that just causes problems with consistency > issues. > > And yes, the fact that we then have three different user-visible > namespaces (O_xyz flags for open(), AT_xyz flags for linkat(), and now > RESOLVE_xyz flags for openat2()) is sad and messy. But it's an > inherent messiness from just how the world works. We can't get rid of > it. For openat2() and other existing syscalls I agree, that it's good to have just a single bit to control a feature. The whole discussion was triggered by the introduction of a completely new fsinfo() call: >> The new system call looks like: >> >> int ret = fsinfo(int dfd, >> const char *pathname, >> const struct fsinfo_params *params, >> size_t params_size, >> void *result_buffer, >> size_t result_buf_size); >> >> The params parameter optionally points to a block of parameters: >> >> struct fsinfo_params { >> __u32 resolve_flags; If I remember correctly with was named at_flags initially. And I thought it would be great to also have the new RESOLVE_YXZ feature available for that new path based syscall. Would you propose to have 'at_flags' and 'resolve_flags' passed in here? Or is there something even better you would propose for new syscalls? >> __u32 flags; >> __u32 request; >> __u32 Nth; >> __u32 Mth; >> }; > If we need linkat2() and friends, so be it. Do we? Yes, I'm going to propose something like this, as it would make the life much easier for Samba to have the new features available on all path based syscalls. In addition I'll propose to have a way to specify the source of removeat and unlinkat also by fd in addition to the the source parent fd and relative path, the reason are also to detect races of path recycling. pidfd_open() solved a similar problem for pid recycling. > Could we have a _fourth_ set of flags that are simply for internal use > that is a superset of them all? Sure. But no, it's almost certainly > not worth it. Four is not better than three. As you pointed our below the LOOKUP_yxz namespace is already in place... And the discussion was more about an possible single namespace for completely new syscalls. > Now, some type-safety in the kernel to make sure that we can't mix > AT_xyz with O_xyz or RESOLVE_xyz - that might be worth it. Although > judging by past experience, not enough people run sparse for it to > really be worth it. I'm new to all this and maybe too naive, but would a build bot running sparse on linux-next be able to catch this early enough? metze
Attachment:
signature.asc
Description: OpenPGP digital signature