From: Christian Brauner <christian.brauner@ubuntu.com>
To: Florian Weimer <fweimer@redhat.com>
Cc: Adhemerval Zanella <adhemerval.zanella@linaro.org>,
Adhemerval Zanella via Libc-alpha <libc-alpha@sourceware.org>
Subject: Re: [PATCH 1/3] Linux: Add close_range
Date: Wed, 23 Dec 2020 13:33:21 +0100 [thread overview]
Message-ID: <20201223123321.upjm3dylryf55ckq@wittgenstein> (raw)
In-Reply-To: <87blemukxt.fsf@oldenburg2.str.redhat.com>
On Tue, Dec 22, 2020 at 12:41:50PM +0100, Florian Weimer via Libc-alpha wrote:
> * Adhemerval Zanella:
>
> >> I think we generally use int for file descriptors, following POSIX.
> >
> > The Linux interface uses unsigned integer, meaning that negative values
> > won't really trigger an invalid usage (kernel will return EINVAL if
> > second argument is larger than first one though).
> >
> > I would prefer for syscall wrapper to be close as possible of the kernel
> > interface, otherwise it would require to add additional semantic to
> > handle potential pitfall cases.
> >
> > On this case, if we go for 'int' as argument should we return EBADF
> > for invalid handles?
>
> Hmm. I think unsigned int is needed for ~0U to work, which is what you
> used in the tests. If that's what applications use today when issuing
> the syscall directly, I think we need to stick to unsigned int.
For the record, the initial reason we chose unsigned int for
close_range() was that the close() syscall uses unsigned int too:
SYSCALL_DEFINE1(close, unsigned int, fd)
SYSCALL_DEFINE3(close_range, unsigned int, fd, unsigned int, max_fd,
unsigned int, flags)
Furthermore, the kernel doesn't care whether the fd is negative. It
simply checks whether the passed in fd number falls within the possible
range of the fdtable, i.e. fd < fdt->max_fds. If the passed-in fd falls
within the possible range that the fdtable can handle it will check
whether there's a file open at that position in the fdtable, i.e. from
the kernel's perspective "negative" fd values aren't special in any way.
But from what I can tell a lot of (non-libc) userspace isn't aware of
the fact that the kernel uses unsigned int which can lead to some
confusion. A little while ago I had to talk to Lennart about this when
they added support for close_range() which they had been waiting for.
Their syscall wrapper is now documented with:
/* Kernel-side the syscall expects fds as unsigned integers (just like close() actually), while
* userspace exclusively uses signed integers for fds. We don't know just yet how glibc is going to
* wrap this syscall, but let's assume it's going to be similar to what they do for close(),
* i.e. make the same unsigned → signed type change from the raw kernel syscall compared to the
* userspace wrapper. There's only one caveat for this: unlike for close() there's the special
* UINT_MAX fd value for the 'end_fd' argument. Let's safely map that to -1 here. And let's refuse
* any other negative values. */
https://github.com/systemd/systemd/commit/441e0fdb900b49888fb6d7901a2b5aa92c0a2017
Christian
prev parent reply other threads:[~2020-12-23 12:33 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-21 21:50 Adhemerval Zanella
2020-12-21 21:50 ` [PATCH 2/3] io: Add closefrom [BZ #10353] Adhemerval Zanella
2020-12-22 10:49 ` Florian Weimer
2020-12-22 11:50 ` Adhemerval Zanella
2020-12-22 11:57 ` Florian Weimer
2020-12-22 12:41 ` Adhemerval Zanella
2020-12-22 13:17 ` Florian Weimer
2020-12-22 13:28 ` Adhemerval Zanella
2020-12-22 13:34 ` Florian Weimer
2020-12-21 21:50 ` [PATCH 3/3] posix: Add posix_spawn_file_actions_closefrom Adhemerval Zanella
2020-12-22 11:32 ` Florian Weimer
2020-12-22 11:56 ` Adhemerval Zanella
2020-12-22 12:00 ` Florian Weimer
2020-12-22 12:46 ` Adhemerval Zanella
2020-12-22 9:05 ` [PATCH 1/3] Linux: Add close_range Florian Weimer
2020-12-22 11:35 ` Adhemerval Zanella
2020-12-22 11:41 ` Florian Weimer
2020-12-22 11:47 ` Adhemerval Zanella
2020-12-23 12:33 ` Christian Brauner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201223123321.upjm3dylryf55ckq@wittgenstein \
--to=christian.brauner@ubuntu.com \
--cc=adhemerval.zanella@linaro.org \
--cc=fweimer@redhat.com \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).