[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200312193755.GL23230@ZenIV.linux.org.uk>
Date: Thu, 12 Mar 2020 19:37:55 +0000
From: Al Viro <viro@...iv.linux.org.uk>
To: Stefan Metzmacher <metze@...ba.org>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
David Howells <dhowells@...hat.com>,
Aleksa Sarai <cyphar@...har.com>, Ian Kent <raven@...maw.net>,
Miklos Szeredi <mszeredi@...hat.com>,
Christian Brauner <christian@...uner.io>,
Jann Horn <jannh@...gle.com>,
"Darrick J. Wong" <darrick.wong@...cle.com>,
Karel Zak <kzak@...hat.com>, jlayton@...hat.com,
Linux API <linux-api@...r.kernel.org>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
LSM List <linux-security-module@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Jeremy Allison <jra@...ba.org>,
Ralph Böhme <slow@...ba.org>,
Volker Lendecke <vl@...net.de>
Subject: Re: [PATCH 01/14] VFS: Add additional RESOLVE_* flags [ver #18]
On Thu, Mar 12, 2020 at 06:11:09PM +0100, Stefan Metzmacher wrote:
> If that works safely for hardlinks and having another process doing a
> rename between openat2() and unlinkat(), we could try that.
>
> My initial naive idea was to have one syscall instead of
> linkat2/renameat3/unlinkat2.
>
> int xlinkat(int src_dfd, const char *src_path,
> int dst_dfd, const char *dst_path,
> const struct xlinkat_how *how, size_t how_size);
>
> struct xlinkat_how {
> __u64 src_at_flags;
> __u64 src_resolve_flags;
> __u64 dst_at_flags;
> __u64 dst_resolve_flags;
> __u64 rename_flags;
> __s32 src_fd;
> };
>
> With src_dfd=-1, src_path=NULL, how.src_fd = -1, this would be like
> linkat().
> With dst_dfd=-1, dst_path=NULL, it would be like unlinkat().
> Otherwise a renameat2().
>
> If how.src_fd is not -1, it would be checked to be the same path as
> specified by src_dfd and src_path.
"Checked" as in...? And is that the same path or another link to the
same object, or...?
The idea of dumping all 3 into the same syscall looks wrong - compare
the effects of link() and rename() on the opened files, for starters,
and try to come up with documentation for all of that. Multiplexors
tend to be very bad, in large part because they have so bloody
convoluted semantics...
Powered by blists - more mailing lists