Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp791982ybh; Thu, 12 Mar 2020 11:12:12 -0700 (PDT) X-Google-Smtp-Source: ADFU+vuHlYzY5WHKlIzwnlvK1bLAYfvWrnIfFc6JyLZ92A8dpgljNzzXn/EQlX5XgrWDC0qUO26z X-Received: by 2002:a9d:20c1:: with SMTP id x59mr7834409ota.286.1584036731847; Thu, 12 Mar 2020 11:12:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584036731; cv=none; d=google.com; s=arc-20160816; b=jhRqFfid4bKwSV421hJQM9evv1kVuT1qazNM3Do4m588UScnuKAUiWkZEEJK0IjBmr oGnlakQjgHYlaKlnieMggG3MQ2WdGzfubIntI3SFmfwX+V+llhfK7vVVbV/WZlhFeO2C mMxUhNTlyPU52A67OYK4tK+6rJ6HXUsK7EdfnrZk5k9Chw3x+fSy+lRq6Qok5+HAbp74 fSuaA+ghc6ProPEzzxaNN7nLOluc3H3tJPvPUwVBooiqpRh86FY8DnZ5njHokATwhXpQ mVRTDMSqsfg+EsDI3mtAA6x8LOh2v99AdilS2e9OHaV64RyfnWJqLZOQ+l2SW4VUo20g qaMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=sQ3QfTDDyb5UoBIAiFsjVBE1W68/HsNyhrkWTB/fuO8=; b=yX1ZhzGfCCiaFHWgp45G1rd75li+LsDbVbN46II/CRkCP5wRDsI36/K2VBjQcwSBG3 C4SVfwxaQeyoS16eLTdj+1hLgvmmgQNS//d0Kw9rypjhWbLXiCiW3aGKDeGg+KFVn1gC MkKM1wTid64Lpxa+KC179MM22i/CkPjx5o3qm0WySKx0qEazkpvR/IW8d9r2aA8oUVR8 sOHBOMmRnMyvV8lmBQkq1UOAaYNWNjdsnLDLjeb8fqL8f7Yk7EO4uOKJ+4m/aJ2OS31Q mtx7XgCBRdaXtB6AnilO/3N4alVWUDLvneYN9B4+abkjdeOOk6j89sLu00dAEy7l9Qip 0pnA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=MXoIPfUg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w4si3018854oie.124.2020.03.12.11.11.58; Thu, 12 Mar 2020 11:12:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=MXoIPfUg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726548AbgCLSJ7 (ORCPT + 99 others); Thu, 12 Mar 2020 14:09:59 -0400 Received: from mail-lj1-f193.google.com ([209.85.208.193]:38261 "EHLO mail-lj1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726414AbgCLSJ6 (ORCPT ); Thu, 12 Mar 2020 14:09:58 -0400 Received: by mail-lj1-f193.google.com with SMTP id w1so7568865ljh.5 for ; Thu, 12 Mar 2020 11:09:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=sQ3QfTDDyb5UoBIAiFsjVBE1W68/HsNyhrkWTB/fuO8=; b=MXoIPfUgy938dwO+4Ke7cFDpDrSyBbOMidOjN6VWqwOeAMyfFqF2Y4Ay/rwdS0BizU Kppg6HhZcnXQd15+19gbWj60YmAsYBKe5dgNHxhDdmce+HxBvnO/FxXNECxZgBF0nuD7 +Ow57KwOsRb33vqxZnMj9GjOtkrhmMbMIdqZE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=sQ3QfTDDyb5UoBIAiFsjVBE1W68/HsNyhrkWTB/fuO8=; b=db4ZIlsBdHUUf5lnTw2Ds29c9aCQiVmuU5p3MPcwk5Nl8lesFTwslebfZzmC93IqAm UsTdLmqstxHdosDgHDMvtWL7i5zCaUlxEOF8DwMye2p5RdkmMq1/q0Ap1mOIye5rPwu8 08uoUMhlXhl4+vlUmS6UY0Q493XuTW2ekCrjEyZD9b+kGMnUIcP7XMPJN56ocS0Qsk7E y6PSymOjkQWK/XCAh1Rgma9wJRxSiDnBcMYPTRyUqJxQw/B1nslZgBlEFiaI2xRhuI7R R5FxDVQUENU3ak4RnZJs6bqsRN6iPSkvom6ETUxsEkFgaTwVEVMqS+GUIZy0PoWJryfD UQ/w== X-Gm-Message-State: ANhLgQ2G4lr2mz24IzwvY8LVThpxtSFJvS6P5OWBIPKdnapy831y+l6c erfDE+SiwBvJdL0r1eze0Nm99bDQ5rw= X-Received: by 2002:a05:651c:326:: with SMTP id b6mr6109405ljp.289.1584036594899; Thu, 12 Mar 2020 11:09:54 -0700 (PDT) Received: from mail-lj1-f176.google.com (mail-lj1-f176.google.com. [209.85.208.176]) by smtp.gmail.com with ESMTPSA id f10sm14304353ljn.44.2020.03.12.11.09.51 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 12 Mar 2020 11:09:52 -0700 (PDT) Received: by mail-lj1-f176.google.com with SMTP id u12so7577402ljo.2 for ; Thu, 12 Mar 2020 11:09:51 -0700 (PDT) X-Received: by 2002:a05:651c:230:: with SMTP id z16mr5976976ljn.201.1584036591344; Thu, 12 Mar 2020 11:09:51 -0700 (PDT) MIME-Version: 1.0 References: <158376244589.344135.12925590041630631412.stgit@warthog.procyon.org.uk> <158376245699.344135.7522994074747336376.stgit@warthog.procyon.org.uk> <20200310005549.adrn3yf4mbljc5f6@yavin> <580352.1583825105@warthog.procyon.org.uk> <3d209e29-e73d-23a6-5c6f-0267b1e669b6@samba.org> <1147628.1584032201@warthog.procyon.org.uk> In-Reply-To: <1147628.1584032201@warthog.procyon.org.uk> From: Linus Torvalds Date: Thu, 12 Mar 2020 11:09:35 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 01/14] VFS: Add additional RESOLVE_* flags [ver #18] To: David Howells Cc: Stefan Metzmacher , Aleksa Sarai , Al Viro , Ian Kent , Miklos Szeredi , Christian Brauner , Jann Horn , "Darrick J. Wong" , Karel Zak , jlayton@redhat.com, Linux API , linux-fsdevel , LSM List , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 12, 2020 at 9:56 AM David Howells wrote: > > Any thoughts on which set of flags should override the other? Do we need to care? I don't think we actually have conflicts, because the semantics aren't the same, and they are about independent issues. > If we're making > RESOLVE_* flags the new definitive interface, then I feel they should probably > override the AT_* flags where there's a conflict, ie. RESOLVE_NO_SYMLINKS > should override AT_SYMLINK_FOLLOW for example. That's just for a linkat2() system call? I think the natural semantic is the one that falls out directly: RESOLVE_NO_SYMLINKS will cause it to fail with -ELOOP if it is a symlink. NOTE! This isn't really a "conflict". It's actually two different and independent things: - without AT_SYMLINK_FOLLOW, a linkat() simply won't even try to follow the symlink, and will link to the symlink itself instead. - RESOLVE_NO_SYMLINKS says "never follow symlinks". Note how one does *NOT* override the other, quite the reverse. They are about different things. One is about the _behavior_ when the last component is a symlink, and the other is about permission to follow any symlinks. So all combinations make sense: - no AT_SYMLINK_FOLLOW, no RESOLVE_NO_SYMLINKS: just link to the target, whether it's a symlink or not This is obviously our historical link() behavior. - no AT_SYMLINK_FOLLOW, yes RESOLVE_NO_SYMLINKS: just link to the target, whether it's a symlink or not, but if there's a symlink in the middle, return -ELOOP Note how this case doesn't follow the last one, so RESOLVE_NO_SYMLINKS isn't an issue for the last component, but _is_ an issue for the components in the middle. - AT_SYMLINK_FOLLOW, no RESOLVE_NO_SYMLINKS: just link to the target, following the symlink if it exists This is obviously the historical AT_SYMLINK_FOLLOW behavior - AT_SYMLINK_FOLLOW | RESOLVE_NO_SYMLINKS: just link to the target, return -ELOOP if it's a symlink (of if there's a symlink on the way). This is the natural behavior for "refuse to follow any symlinks anywhere". note how they are all completely sane versions, and in no case does one flag really override the other. If anything, we actually miss a third flag: the "don't allow linking to a final symlink at all" (but allow intermediate symlinks). We've never had that behavior, although I think POSIX makes that case undefined (ie you're not guaranteed to be able to link to a symlink in the first place in POSIX). I guess that third case could be emulated with open(O_PATH) + fstat to check it's not a symlink + linkat(fd,AT_EMPTY_PATH) if it turns somebody would want something like that (and we decided that AT_EMPTY_PATH is ok for linkat()). I doubt anybody cares. Linus