On Fri, Apr 12, 2024 at 10:43:06AM -0700, Linus Torvalds wrote: > Side note: I'd really like to relax another unrelated AT_EMPTY_PATH > issue: we should just allow a NULL path for that case. > > The requirement that you pass an actual empty string is insane. It's > wrong. And it adds a noticeable amount of expense to this path, > because just getting the single byte and looking it up is fairly > expensive. > > This was more noticeable because glibc at one point (still?) did > > newfstatat(6, "", buf, AT_EMPTY_PATH) > > when it should have just done a simple "fstat()". > > So there were (are?) a *LOT* of AT_EMPTY_PATH users, and they all do a > pointless "let's copy a string from user space". > > And yes, I know exactly why AT_EMPTY_PATH exists: because POSIX > traditionally says that a path of "" has to return -ENOENT, not the > current working directory. So AT_EMPTY_PATH basically says "allow the > empty path for lookup". > > But while it *allows* the empty path, it does't *force* it, so it > doesn't mean "avoid the lookup", and we really end up doing a lot of > extra work just for this case. Just the user string copy is a big deal > because of the whole overhead of accessing user space, but it's also > the whole "allocate memory for the path etc". > > If we either said "a NULL path with AT_EMPTY_PATH means empty", or > even just added a new AT_NULL_PATH thing that means "path has to be > NULL, and it means the same as AT_EMPTY_PATH with an empty path", we'd > be able to avoid quite a bit of pointless work. It also causes issues for sandboxed enviroments (most recently for the Chrome sandbox) because AT_EMPTY_PATH doesn't actually mean AT_EMPTY_PATH unless the string is actually empty. Otherwise AT_EMPTY_PATH is ignored. So I'm all on board for this. I need to think a bit whether AT_NULL_PATH or just allowing NULL would be nicer. Mostly because I want to ensure that userspace can easily detect this new feature.
