From: Linus Torvalds <[email protected]>
To: Christian Brauner <[email protected]>
Cc: Xi Ruoyao <[email protected]>,
[email protected],
"Andreas K. Huettel" <[email protected]>,
Arnd Bergmann <[email protected]>,
Huacai Chen <[email protected]>,
Mateusz Guzik <[email protected]>,
Alexander Viro <[email protected]>,
Jan Kara <[email protected]>,
[email protected], [email protected],
[email protected], Jens Axboe <[email protected]>,
[email protected]
Subject: Re: [PATCH 2/2] vfs: support statx(..., NULL, AT_EMPTY_PATH, ...)
Date: Wed, 3 Jul 2024 12:52:27 -0700 [thread overview]
Message-ID: <CAHk-=whZwUuYP08JF-kyBmr7w45S2z17dJKaWCFE_cfFw_T9Vg@mail.gmail.com> (raw)
In-Reply-To: <20240703-hobel-benachbarten-c475d3eb589b@brauner>
On Wed, 3 Jul 2024 at 12:33, Christian Brauner <[email protected]> wrote:
>
> Fwiw, that's why I prefer structs versioned by size which we added clean
> handling for via copy_struct_from_user()
That works very well for the kernel interface for new things, but it
actually doesn't solve the issue for user space library versioning.
If you are something like 'glibc', you don't have the option of saying
"pass in struct and size". You are kind of stuck with the API rules,
and the rules are that you expose a 'struct stat' that has a fixed
size.
So I don't disagree that copy_struct_from_user() is a good model, but
what would happen is just that then glibc says "I will need to make a
decision", and would pick a size that is bigger than the current size
it uses, so that glibc later could do those extensions without
breaking the ABI.
And yes, it would pass that larger size to the kernel,. because it
would want the kernel to zero out the unused tail of the struct.
So the 'struct and extensible size' thing really only works when
everybody agrees on using it, and users pass the size end-to-end.
Side note: this is our original i386 'stat64':
unsigned long st_blocks; /* Number 512-byte blocks allocated. */
unsigned long __pad4; /* future possible st_blocks
high bits */
unsigned long st_atime;
unsigned long __pad5;
unsigned long st_mtime;
unsigned long __pad6;
unsigned long st_ctime;
unsigned long __pad7; /* will be high 32 bits of
ctime someday */
which is kind of sad. The code was literally designed to extend the
time range, had a comment to that effect and all, and then we screwed
it up.
On little-endian, we could literally have done it as
unsigned long long st_ctime:44, st_ctime_usec:20;
without losin gbinary compatibility. But it's sadly not what we did.
Instead we gave the full 32-bit padding to the nsec field.
And yes, I had to go back a long time to find this screw-up. It
happened back in 2002.
Oh well. Not the first time we've royally screwed up, and it most
definitely won't be the last time either.
Linus
next prev parent reply other threads:[~2024-07-03 19:52 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-25 11:00 [PATCH 0/2] statx NULL path support Mateusz Guzik
2024-06-25 11:00 ` [PATCH 1/2] vfs: add CLASS fd_raw Mateusz Guzik
2024-06-25 12:22 ` Xi Ruoyao
2024-06-25 13:13 ` Mateusz Guzik
2024-06-25 11:00 ` [PATCH 2/2] vfs: support statx(..., NULL, AT_EMPTY_PATH, ...) Mateusz Guzik
2024-06-25 13:24 ` Xi Ruoyao
2024-06-25 13:28 ` Xi Ruoyao
2024-06-25 13:28 ` Mateusz Guzik
2024-06-25 14:09 ` Huacai Chen
2024-06-25 14:58 ` Xi Ruoyao
2024-06-30 1:40 ` Huacai Chen
2024-06-30 2:39 ` Xi Ruoyao
2024-06-30 13:18 ` Huacai Chen
2024-07-01 11:59 ` Arnd Bergmann
2024-07-02 15:36 ` Huacai Chen
2024-07-02 17:06 ` Arnd Bergmann
2024-07-03 4:30 ` Huacai Chen
2024-07-03 8:45 ` Christian Brauner
2024-07-03 9:35 ` Huacai Chen
2024-07-03 10:07 ` Xi Ruoyao
2024-07-03 16:31 ` Linus Torvalds
2024-07-03 16:54 ` Xi Ruoyao
2024-07-03 17:09 ` Linus Torvalds
2024-07-03 17:30 ` Xi Ruoyao
2024-07-03 17:40 ` Linus Torvalds
2024-07-03 17:54 ` Linus Torvalds
2024-07-03 18:14 ` Christian Brauner
2024-07-03 18:39 ` Christian Brauner
2024-07-03 19:00 ` Linus Torvalds
2024-07-03 19:18 ` Linus Torvalds
2024-07-03 18:48 ` Xi Ruoyao
2024-07-03 19:05 ` Linus Torvalds
2024-07-03 19:33 ` Christian Brauner
2024-07-03 19:52 ` Linus Torvalds [this message]
2024-07-03 18:44 ` Arnd Bergmann
2024-07-03 19:55 ` Christian Brauner
2024-07-03 17:11 ` Xi Ruoyao
2024-07-04 2:38 ` Huacai Chen
2024-07-04 3:23 ` Xi Ruoyao
2024-07-04 4:14 ` Xi Ruoyao
2024-07-04 5:55 ` Florian Weimer
2024-07-04 6:02 ` Xi Ruoyao
2024-07-01 4:38 ` [PATCH 0/2] statx NULL path support Christoph Hellwig
2024-07-01 6:46 ` Xi Ruoyao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHk-=whZwUuYP08JF-kyBmr7w45S2z17dJKaWCFE_cfFw_T9Vg@mail.gmail.com' \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox