Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp776114ybf; Fri, 28 Feb 2020 07:25:50 -0800 (PST) X-Google-Smtp-Source: APXvYqwxHqxpVI9lpD84mJbsyMHl5kkmnSdzaPMM3YrYQ8e/jxZ9bDQOVjoSUHWiLKzioZqkWmiF X-Received: by 2002:a9d:740d:: with SMTP id n13mr3927913otk.140.1582903550595; Fri, 28 Feb 2020 07:25:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582903550; cv=none; d=google.com; s=arc-20160816; b=GuDVaw48Nbg8Ar8nMoxt8jqiyWqsWzanYuqwspOXsPYjA9jCvy6YVkJqdGqsUfxpLk kkOLOwq6fllvhMFk0nfIcAwTjr1hOmtvtFjRbUj+7Co6M6uHcA2KGM61UD8uD5xCn4I8 +dN3TSUaHqEh8B+AAa74fkoiYjrZzuWS0ClON4QgHtB6RgbzkgHy1MzfF8cpY6JzpXwC eiZqZSWbAXN1pA4FIoRDx8aXyG5iHTVPPYe7DM2BbYAPGqyYctlu9wBBx/lunVDKkeow /rFaqVpHLdezAHA13pnyBULgXcYTX3EXM0EJ2gL9c2gxvqSprcEPjRJ5Hy4kMIKYEOaN 8vnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=3V9+JN1fm5FMzy1sowUbTBIhxshdDGghENWvm8j9AzY=; b=pIuwDSfJhrR8CaP0YyzkbM2smYcmza1fBU+NsCu76MFim9+m0SXJDlp1ilPpLyqHjy NOiER/Qr+C/CuEP0IFi8footMAHvQ7kodAtyuZG8cRvMrIja4qAH7d86WG6+x9cwakZA sxc6sWvxo51Lk6gGm3X9/lHtxtSt5IIU9nuUh06o7soC/Uw1rf5AOOwhskjUNEGJI7hG HffxhjsQOGeCPVXeeTCmxbNg/57/8A4p4BpPVkdri4nl6izBaNMQajnM5EQwm96ETbeK jro6rYW3PwIAz1PXoihtAAV3/b2wr68kILiK/4PmpjARFKsH12JHZ24/5eH/VGi1qWC3 oiGg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c10si1748373otn.266.2020.02.28.07.25.38; Fri, 28 Feb 2020 07:25:50 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727075AbgB1PYb (ORCPT + 99 others); Fri, 28 Feb 2020 10:24:31 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:52761 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726956AbgB1PYa (ORCPT ); Fri, 28 Feb 2020 10:24:30 -0500 Received: from ip5f5bf7ec.dynamic.kabel-deutschland.de ([95.91.247.236] helo=wittgenstein) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1j7hV6-0004yt-9A; Fri, 28 Feb 2020 15:24:28 +0000 Date: Fri, 28 Feb 2020 16:24:27 +0100 From: Christian Brauner To: David Howells Cc: linux-api@vger.kernel.org, viro@zeniv.linux.org.uk, metze@samba.org, torvalds@linux-foundation.org, cyphar@cyphar.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, fweimer@redhat.com Subject: Re: Have RESOLVE_* flags superseded AT_* flags for new syscalls? Message-ID: <20200228152427.rv3crd7akwdhta2r@wittgenstein> References: <96563.1582901612@warthog.procyon.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <96563.1582901612@warthog.procyon.org.uk> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [Cc Florian since that ends up on libc's table sooner or later...] On Fri, Feb 28, 2020 at 02:53:32PM +0000, David Howells wrote: > > I've been told that RESOLVE_* flags, which can be found in linux/openat2.h, > should be used instead of the equivalent AT_* flags for new system calls. Is > this the case? Imho, it would make sense to use RESOLVE_* flags for new system calls and afair this was the original intention. The alternative is that RESOLVE_* flags are special to openat2(). But that seems strange, imho. The semantics openat2() has might be very useful for new system calls as well which might also want to support parts of AT_* flags (see fsinfo()). So we either end up adding new AT_* flags mirroring the new RESOLVE_* flags or we end up adding new RESOLVE_* flags mirroring parts of AT_* flags. And if that's a possibility I vote for RESOLVE_* flags going forward. The have better naming too imho. An argument against this could be that we might end up causing more confusion for userspace due to yet another set of flags. But maybe this isn't an issue as long as we restrict RESOLVE_* flags to new syscalls. When we introduce a new syscall userspace will have to add support for it anyway. > > If so, should we comment them as being deprecated in the header file? And > should they be in linux/fcntl.h rather than linux/openat2.h? > > Also: > > (*) It should be noted that the RESOLVE_* flags are not a superset of the > AT_* flags (there's no equivalent of AT_NO_AUTOMOUNT for example). That's true but it seems we could just add e.g. RESOLVE_NO_AUTOMOUNT as soon as we have a new syscall showing up that needs it or we have an existing syscall (e.g. openat2()) that already uses RESOLVE_* flags and needs it? > > (*) It has been suggested that AT_SYMLINK_NOFOLLOW should be the default, but > only RESOLVE_NO_SYMLINKS exists. I'd be very much in favor of not following symlinks being the default. That's usually a source of a lot of security issues. And since no kernel with openat2() has been released there's still time to switch it and with openat2() being a new syscall it won't hurt if it has new semantics; I mean it deviates from openat() - intentionally - already. Christian