Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp2024598ybh; Fri, 13 Mar 2020 11:34:22 -0700 (PDT) X-Google-Smtp-Source: ADFU+vsNwVaGnfDKD5iVz0Y3pD+7BcGvAl6N9M07T4sbK5eCn1yVNXP1UHpPL2lJ0JgD3UdtO3pb X-Received: by 2002:a05:6830:1bc3:: with SMTP id v3mr12753074ota.310.1584124462792; Fri, 13 Mar 2020 11:34:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584124462; cv=none; d=google.com; s=arc-20160816; b=x8PkCicWAZVdwEwh5jewkTnJIwNMYrI0GT00ykZMIeF0PJT+gg3wLNx+Lwmh69XMKR SF4TpbwNMppgLPo4fYgRO6FIHjmINE8iu6pAvMAYeNIa6OWsdwVqCh2KTo5Wc+KrGE6Z VjrZfJWvkxw2M+kstzSDRx8UV3eKqy0Pgg76xSEbcM+Rci1k9SpBKj9F1G+JZKX1zxrj vtkXW4k/RKBIdX7EUk0M4xDAYnoKeKmncQOGwkesWQyXYe2jvtaB4UJoYPBnxhZRO1ck VIwtC8AL95JhiS20Tc/BdCmqaQcAKLYy/fjoMn28d2QTwLuf4kqbPFPlbE46jaWm3PJD MvuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=9dCy+RYvdjdow+08+Y81nQ2fN+rXDMHaRqAdAl6k0Fs=; b=IWEiM5qM2h5LTz+GVgUtDB0DooYsjzgrcgLUwj9LeLk2+5pLYM24DJHerEKWo/RRUn Zs0Xgz+sYGY+p0SI+UE3V6GqlxzLxiVBli77sQCBYQAW1LLxEGnxa440fWM/Hidoc7LJ F8+DYI1BclS5xD6l3MqGuIy/Dvx1CeVy7/frzh91TYGkiwz8/kNs+K60U/tkcqCFTAqd fMzpELy9i1xLYZnZf1NzBrr18k7w98bGWSY9VwVZoLrn75niRI5yLiUiKBzwwr493x94 6FDPLza2hbrpYiMXId5zT1I9FG76mks9CcWhzekNT8GslgU0uk8feOnXp+g71cxGUVN/ Lrig== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k7si5063772otn.251.2020.03.13.11.34.10; Fri, 13 Mar 2020 11:34:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727146AbgCMSdv (ORCPT + 99 others); Fri, 13 Mar 2020 14:33:51 -0400 Received: from zeniv.linux.org.uk ([195.92.253.2]:45386 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726339AbgCMSdv (ORCPT ); Fri, 13 Mar 2020 14:33:51 -0400 Received: from viro by ZenIV.linux.org.uk with local (Exim 4.92.3 #3 (Red Hat Linux)) id 1jCp36-00AyVa-Sz; Fri, 13 Mar 2020 18:28:45 +0000 Date: Fri, 13 Mar 2020 18:28:44 +0000 From: Al Viro To: Aleksa Sarai Cc: Stefan Metzmacher , Linus Torvalds , David Howells , Ian Kent , Miklos Szeredi , Christian Brauner , Jann Horn , "Darrick J. Wong" , Karel Zak , jlayton@redhat.com, Linux API , linux-fsdevel , LSM List , Linux Kernel Mailing List , Jeremy Allison , Ralph =?iso-8859-1?Q?B=F6hme?= , Volker Lendecke Subject: Re: [PATCH 01/14] VFS: Add additional RESOLVE_* flags [ver #18] Message-ID: <20200313182844.GO23230@ZenIV.linux.org.uk> References: <158376244589.344135.12925590041630631412.stgit@warthog.procyon.org.uk> <158376245699.344135.7522994074747336376.stgit@warthog.procyon.org.uk> <20200310005549.adrn3yf4mbljc5f6@yavin> <580352.1583825105@warthog.procyon.org.uk> <3d209e29-e73d-23a6-5c6f-0267b1e669b6@samba.org> <8d24e9f6-8e90-96bb-6e98-035127af0327@samba.org> <20200313095901.tdv4vl7envypgqfz@yavin> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200313095901.tdv4vl7envypgqfz@yavin> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 13, 2020 at 08:59:01PM +1100, Aleksa Sarai wrote: > On 2020-03-12, Stefan Metzmacher wrote: > > Am 12.03.20 um 17:24 schrieb Linus Torvalds: > > > But yes, if we have a major package like samba use it, then by all > > > means let's add linkat2(). How many things are we talking about? We > > > have a number of system calls that do *not* take flags, but do do > > > pathname walking. I'm thinking things like "mkdirat()"?) > > > > I haven't looked them up in detail yet. > > Jeremy can you provide a list? > > > > Do you think we could route some of them like mkdirat() and mknodat() > > via openat2() instead of creating new syscalls? > > I have heard some folks asking for a way to create a directory and get a > handle to it atomically -- so arguably this is something that could be > inside openat2()'s feature set (O_MKDIR?). But I'm not sure how popular > of an idea this is. For fuck sake, *NO*! We don't need any more multiplexors from hell. mkdir() and open() have deeply different interpretation of pathnames (and anyone who asks for e.g. traversals of dangling symlinks on mkdir() is insane). Don't try to mix those; even O_TMPFILE had been a mistake. Folks, we'd paid very dearly for the atomic_open() merge. We are _still_ paying for it - and keep finding bugs induced by the convoluted horrors in that thing (see yesterday pull from vfs.git#fixes for the latest crop). I hope to get into more or less sane shape (part - this cycle, with followups in the next one), but the last thing we need is more complexity in the area. Keep the semantics simple and regular; corner cases _suck_. "Infinitely extensible (without review)" is no virtue. And having nowhere to hide very special flags for very special kludges is a bloody good thing. Every fucking time we had a multiplexed syscall, it had been a massive source of trouble. IF it has a uniform semantics - fine; we don't need arseloads of read_this(2)/read_that(2). But when you need pages upon pages to describe the subtle differences in the interpretation of its arguments, you have already lost. It will be full of corner cases, they will get zero testing and they will rot. Inevitably. All the faster for the lack of people who would be able to keep all of that in head. We do have a mechanism for multiplexing; on amd64 it lives in do_syscall_64(). We really don't need openat2() turning into another one. Syscall table slots are not in a short supply, and the level of review one gets from "new syscall added" is higher than from "make fubar(2) recognize a new member in options->union_full_of_crap if it has RESOLVE_TO_WANK_WITH_RIGHT_HAND set in options->flags, affecting its behaviour in some odd ways". Which is a good thing, damnit.