diff mbox

9p: Don't use ATTR_* values from fs.h in userspace facing structs

Message ID 1324134422-16642-1-git-send-email-levinsasha928@gmail.com
State Not Applicable, archived
Delegated to: David Miller
Headers show

Commit Message

Sasha Levin Dec. 17, 2011, 3:07 p.m. UTC 
struct p9_iattr_dotl is userspace facing, but the 'valid' field is documented
as follows:

	 * @valid: bitfield specifying which fields are valid
	 *         same as in struct iattr

Which means that the user has to know about kernel internal ATTR_* values.

On Fri, 2011-12-16 at 23:30 +0000, Al Viro wrote:
> They *are* kernel internal values and 9P is asking for trouble exposing
> them.  Translation: tomorrow we might reassign those as we bloody wish
> and any userland code that happens to rely on their values will break.
> At which point we'll handle complaints by pointing and laughing.
>
> It's a 9P bug; fix it there.  Turning random internal constants into a part
> of ABI is not going to work.

Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
---
 fs/9p/vfs_inode_dotl.c |   31 ++++++++++++++++++++++++++++++-
 include/net/9p/9p.h    |   18 ++++++++++++++++++
 2 files changed, 48 insertions(+), 1 deletions(-)

Comments

Al Viro Dec. 17, 2011, 5:47 p.m. UTC | #1 
On Sat, Dec 17, 2011 at 05:07:02PM +0200, Sasha Levin wrote:
> struct p9_iattr_dotl is userspace facing, but the 'valid' field is documented
> as follows:
> 
> 	 * @valid: bitfield specifying which fields are valid
> 	 *         same as in struct iattr
> 
> Which means that the user has to know about kernel internal ATTR_* values.
> 
> On Fri, 2011-12-16 at 23:30 +0000, Al Viro wrote:
> > They *are* kernel internal values and 9P is asking for trouble exposing
> > them.  Translation: tomorrow we might reassign those as we bloody wish
> > and any userland code that happens to rely on their values will break.
> > At which point we'll handle complaints by pointing and laughing.
> >
> > It's a 9P bug; fix it there.  Turning random internal constants into a part
> > of ABI is not going to work.
> 
> Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
> ---
>  fs/9p/vfs_inode_dotl.c |   31 ++++++++++++++++++++++++++++++-
>  include/net/9p/9p.h    |   18 ++++++++++++++++++
>  2 files changed, 48 insertions(+), 1 deletions(-)
> 
> diff --git a/fs/9p/vfs_inode_dotl.c b/fs/9p/vfs_inode_dotl.c
> index 0b5745e..a948214 100644
> --- a/fs/9p/vfs_inode_dotl.c
> +++ b/fs/9p/vfs_inode_dotl.c
> @@ -523,6 +523,35 @@ v9fs_vfs_getattr_dotl(struct vfsmount *mnt, struct dentry *dentry,
>  	return 0;
>  }
>  
> +int v9fs_vfs_iattr_to_9p_valid(u32 ia_valid)
> +{
> +	u32 valid = 0, i;
> +	static u32 attr_map[][2] = {
> +		{ATTR_MODE,		P9_ATTR_MODE},
> +		{ATTR_UID,		P9_ATTR_UID},
> +		{ATTR_SIZE,		P9_ATTR_SIZE},
> +		{ATTR_ATIME,		P9_ATTR_ATIME},
> +		{ATTR_MTIME,		P9_ATTR_MTIME},
> +		{ATTR_CTIME,		P9_ATTR_CTIME},
> +		{ATTR_ATIME_SET,	P9_ATTR_ATIME_SET},
> +		{ATTR_MTIME_SET,	P9_ATTR_MTIME_SET},
> +		{ATTR_FORCE,		P9_ATTR_FORCE},
> +		{ATTR_ATTR_FLAG,	P9_ATTR_ATTR_FLAG},
> +		{ATTR_KILL_SUID,	P9_ATTR_KILL_SUID},
> +		{ATTR_KILL_SGID,	P9_ATTR_KILL_SGID},
> +		{ATTR_FILE,		P9_ATTR_FILE},
> +		{ATTR_KILL_PRIV,	P9_ATTR_KILL_PRIV},
> +		{ATTR_OPEN,		P9_ATTR_OPEN},
> +		{ATTR_TIMES_SET,	P9_ATTR_TIMES_SET},
> +	};

a) ATTR_GID is lost
b) passing ATTR_FILE is bloody pointless; look at what it does and
realize that 9p doesn't as much as look at ia_file.
c) ATTR_KILL_PRIV is very dubious; what's the legitimate use of that
puppy in fs code?

Look, that's the problem with exposing this stuff to protocol; you don't
get clear semantics and are you seriously asking for trouble on kernel
changes.  Suppose tomorrow we get rid of e.g. ATTR_KILL_PRIV; what are you
guys going to do?  Hope that no 9p server has behaviour dependent on that
flag being set or cleared?

Don't turn the kernel internals into a part of ABI.  And blind bulk remapping
of constants is exactly that...
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Sasha Levin Dec. 17, 2011, 6:04 p.m. UTC | #2 
On Sat, 2011-12-17 at 17:47 +0000, Al Viro wrote:
> Look, that's the problem with exposing this stuff to protocol; you don't
> get clear semantics and are you seriously asking for trouble on kernel
> changes.  Suppose tomorrow we get rid of e.g. ATTR_KILL_PRIV; what are you
> guys going to do?  Hope that no 9p server has behaviour dependent on that
> flag being set or cleared?
> 
> Don't turn the kernel internals into a part of ABI.  And blind bulk remapping
> of constants is exactly that... 

I went with Aneesh's suggestion and did something similar to something
9p already has done before.

This is probably a good opportunity to open it up for discussion, since
I currently have a block of code containing those ATTR_* defines
copy-pasted from linux/fs.h in my userspace code, and thats obviously a
serious wtf.
diff mbox

Patch

diff --git a/fs/9p/vfs_inode_dotl.c b/fs/9p/vfs_inode_dotl.c
index 0b5745e..a948214 100644
--- a/fs/9p/vfs_inode_dotl.c
+++ b/fs/9p/vfs_inode_dotl.c
@@ -523,6 +523,35 @@  v9fs_vfs_getattr_dotl(struct vfsmount *mnt, struct dentry *dentry,
 	return 0;
 }
 
+int v9fs_vfs_iattr_to_9p_valid(u32 ia_valid)
+{
+	u32 valid = 0, i;
+	static u32 attr_map[][2] = {
+		{ATTR_MODE,		P9_ATTR_MODE},
+		{ATTR_UID,		P9_ATTR_UID},
+		{ATTR_SIZE,		P9_ATTR_SIZE},
+		{ATTR_ATIME,		P9_ATTR_ATIME},
+		{ATTR_MTIME,		P9_ATTR_MTIME},
+		{ATTR_CTIME,		P9_ATTR_CTIME},
+		{ATTR_ATIME_SET,	P9_ATTR_ATIME_SET},
+		{ATTR_MTIME_SET,	P9_ATTR_MTIME_SET},
+		{ATTR_FORCE,		P9_ATTR_FORCE},
+		{ATTR_ATTR_FLAG,	P9_ATTR_ATTR_FLAG},
+		{ATTR_KILL_SUID,	P9_ATTR_KILL_SUID},
+		{ATTR_KILL_SGID,	P9_ATTR_KILL_SGID},
+		{ATTR_FILE,		P9_ATTR_FILE},
+		{ATTR_KILL_PRIV,	P9_ATTR_KILL_PRIV},
+		{ATTR_OPEN,		P9_ATTR_OPEN},
+		{ATTR_TIMES_SET,	P9_ATTR_TIMES_SET},
+	};
+
+	for (i = 0; i < ARRAY_SIZE(attr_map); i++)
+		if (ia_valid & attr_map[i][0])
+			valid |= attr_map[i][1];
+
+	return valid;
+}
+
 /**
  * v9fs_vfs_setattr_dotl - set file metadata
  * @dentry: file whose metadata to set
@@ -543,7 +572,7 @@  int v9fs_vfs_setattr_dotl(struct dentry *dentry, struct iattr *iattr)
 	if (retval)
 		return retval;
 
-	p9attr.valid = iattr->ia_valid;
+	p9attr.valid = v9fs_vfs_iattr_to_9p_valid(iattr->ia_valid);
 	p9attr.mode = iattr->ia_mode;
 	p9attr.uid = iattr->ia_uid;
 	p9attr.gid = iattr->ia_gid;
diff --git a/include/net/9p/9p.h b/include/net/9p/9p.h
index 2d70b95..98b3f71 100644
--- a/include/net/9p/9p.h
+++ b/include/net/9p/9p.h
@@ -468,6 +468,24 @@  struct p9_stat_dotl {
 #define P9_STATS_BASIC		0x000007ffULL /* Mask for fields up to BLOCKS */
 #define P9_STATS_ALL		0x00003fffULL /* Mask for All fields above */
 
+#define P9_ATTR_MODE		(1 << 0)
+#define P9_ATTR_UID		(1 << 1)
+#define P9_ATTR_GID		(1 << 2)
+#define P9_ATTR_SIZE		(1 << 3)
+#define P9_ATTR_ATIME		(1 << 4)
+#define P9_ATTR_MTIME		(1 << 5)
+#define P9_ATTR_CTIME		(1 << 6)
+#define P9_ATTR_ATIME_SET	(1 << 7)
+#define P9_ATTR_MTIME_SET	(1 << 8)
+#define P9_ATTR_FORCE		(1 << 9) /* Not a change, but a change it */
+#define P9_ATTR_ATTR_FLAG	(1 << 10)
+#define P9_ATTR_KILL_SUID	(1 << 11)
+#define P9_ATTR_KILL_SGID	(1 << 12)
+#define P9_ATTR_FILE		(1 << 13)
+#define P9_ATTR_KILL_PRIV	(1 << 14)
+#define P9_ATTR_OPEN		(1 << 15) /* Truncating from open(O_TRUNC) */
+#define P9_ATTR_TIMES_SET	(1 << 16)
+
 /**
  * struct p9_iattr_dotl - P9 inode attribute for setattr
  * @valid: bitfield specifying which fields are valid