From: Florian Weimer <fw@deneb.enyo.de>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Christoph Hellwig <hch@lst.de>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Linux API <linux-api@vger.kernel.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
libc-alpha <libc-alpha@sourceware.org>
Subject: Re: RFC: reject unknown open flags
Date: Thu, 30 Mar 2017 19:22:00 -0000 [thread overview]
Message-ID: <87tw6atvre.fsf@mid.deneb.enyo.de> (raw)
In-Reply-To: <CA+55aFw92r4h4sNW41ifs31ixdZpNmaxY23KthB9R-LXNm7p-w@mail.gmail.com> (Linus Torvalds's message of "Thu, 30 Mar 2017 10:08:10 -0700")
* Linus Torvalds:
> But probing for flags is why we *could* add things like O_NOATIME etc
> - exactly because it "just worked" with old kernels, and people could
> just use the new flags knowing that it was a no-op on old kernels.
Right, it mostly works for the flags we added.
> The whole concept of "probing for supported features" is very suspect.
> It's a bad bad idea. Don't do it.
It's vastly preferable to hard-coding kernel version dependencies in
source or object code. Particularly if you want to move applications
between different kernel versions (which seems to be all the rage
right now).
The problem with probing for flags is that it's kind of hard to see
which flag causes the failure. Maybe application code could
retroactively apply it with fcntl. This is what we did when there was
no support for O_CLOEXEC, but this was easy because there has been
FD_CLOEXEC in fcntl since basically forever.
> What kind of new flag did you even have in mind that would have such
> broken semantics that it would completely change the other flags?
I think we had to go through some gymnastics to get the desired
behavior for O_TMPFILE and O_PATH.
There's another consideration. open/openat flags are very special in
one regard: glibc tries to implement the system call wrapper in
standard C, with proper <stdarg.h> processing. This means that the
wrapper has to determine whether there is a mode argument or not, and
avoid the va_arg call if it is missing. Consequently, we parse the
flag argument to see if it implies the need for a mode. This broke
with O_TMPFILE.
We don't do that for fcntl, which has exactly the same issue because
F_GETFD has an empty variable argument list. We just call va_arg
beyond the end of the argument list in the F_GETFD case. We don't
check the command argument and use it to adjust the number of va_arg
calls. We should do the same for open/openat because it obviously
works for all architectures we care about in the fcntl case. (This is
independent if there is going to be another system call with different
semantics for handling unknown flags.)
prev parent reply other threads:[~2017-03-30 19:22 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-30 16:33 Christoph Hellwig
2017-03-30 16:33 ` [PATCH 2/2] fs: " Christoph Hellwig
2017-03-30 17:03 ` Linus Torvalds
2017-03-30 16:33 ` [PATCH 1/2] fs: add a VALID_OPEN_FLAGS Christoph Hellwig
2017-03-30 17:08 ` RFC: reject unknown open flags Linus Torvalds
2017-03-30 17:22 ` Christoph Hellwig
2017-03-30 18:19 ` Linus Torvalds
2017-03-30 18:26 ` Christoph Hellwig
2017-03-30 18:45 ` Linus Torvalds
2017-03-30 20:06 ` Boaz Harrosh
2017-03-30 19:02 ` Paul Eggert
2017-03-30 19:14 ` Linus Torvalds
2017-03-30 19:22 ` Florian Weimer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87tw6atvre.fsf@mid.deneb.enyo.de \
--to=fw@deneb.enyo.de \
--cc=hch@lst.de \
--cc=libc-alpha@sourceware.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).