From: Ingo Molnar <mingo@kernel.org>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Dominik Brodowski <linux@dominikbrodowski.net>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Arnd Bergmann <arnd@arndb.de>,
linux-arch <linux-arch@vger.kernel.org>,
Ralf Baechle <ralf@linux-mips.org>,
James Hogan <jhogan@kernel.org>,
linux-mips <linux-mips@linux-mips.org>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Michael Ellerman <mpe@ellerman.id.au>,
ppc-dev <linuxppc-dev@lists.ozlabs.org>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
linux-s390 <linux-s390@vger.kernel.org>,
"David S . Miller" <davem@davemloft.net>,
sparclinux@vger.kernel.org, Ingo Molnar <mingo@redhat.com>,
Jiri Slaby <jslaby@suse.com>
Subject: Re: [RFC PATCH 4/6] mm: provide generic compat_sys_readahead() implementation
Date: Tue, 20 Mar 2018 09:59:32 +0100 [thread overview]
Message-ID: <20180320085932.xnwkpiz5gpegnw5d@gmail.com> (raw)
In-Reply-To: <20180319232342.GX30522@ZenIV.linux.org.uk>
* Al Viro <viro@ZenIV.linux.org.uk> wrote:
> > For example this attempt at creating a new system call:
> >
> > SYSCALL_DEFINE3(moron, int, fd, loff_t, offset, size_t, count)
> >
> > ... would translate into something like:
> >
> > .name = "moron", .pattern = "WWW", .type = "int", .size = 4,
> > .name = NULL, .type = "loff_t", .size = 8,
> > .name = NULL, .type = "size_t", .size = 4,
> > .name = NULL, .type = NULL, .size = 0, /* end of parameter list */
> >
> > i.e. "WDW". The build-time constraint checker could then warn about:
> >
> > # error: System call "moron" uses invalid 'WWW' argument mapping for a 'WDW' sequence
> > # please avoid long-long arguments or use 'SYSCALL_DEFINE3_WDW()' instead
>
> ... if you do 32bit build.
Yeah - but the checking tool could do a 32-bit sizing of the types and thus the
checks would work on all arches and on all bitness settings.
I don't think doing part of this in CPP is a good idea:
- It won't be able to do the full range of checks
- Wrappers should IMHO be trivial and open coded as much as possible - not hidden
inside several layers of macros.
- There should be a penalty for newly introduced, badly designed system call
ABIs, while most CPP variants I can think of will just make bad but solvable
decisions palatable, AFAICS.
I.e. I think the way out of this would be two steps:
1) for new system calls: hard-enforce the highest quality at the development
stage and hard-reject crap. No new 6-parameter system calls or badly ordered
arguments. The tool would also check new extensions to existing system calls,
i.e. no more "add a crappy 4th argument to an existing system call that works
on x86 but hurts MIPS".
2) for old legacies: cleanly open code all our existing legacies and weird
wrappers. No new muck will be added to it so the line count does not matter.
... is there anything I'm missing?
Thanks,
Ingo
WARNING: multiple messages have this Message-ID (diff)
From: Ingo Molnar <mingo@kernel.org>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Dominik Brodowski <linux@dominikbrodowski.net>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Arnd Bergmann <arnd@arndb.de>,
linux-arch <linux-arch@vger.kernel.org>,
Ralf Baechle <ralf@linux-mips.org>,
James Hogan <jhogan@kernel.org>,
linux-mips <linux-mips@linux-mips.org>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Michael Ellerman <mpe@ellerman.id.au>,
ppc-dev <linuxppc-dev@lists.ozlabs.org>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
linux-s390 <linux-s390@vger.kernel.org>,
"David S . Miller" <davem@davemloft.net>,
sparclinux@vger.kernel.org, Ingo Molnar <mingo@redhat.com>,
Jiri Slaby <jslaby@suse.com>,
the arch/x86 maintainers <x86@kernel.org>
Subject: Re: [RFC PATCH 4/6] mm: provide generic compat_sys_readahead() implementation
Date: Tue, 20 Mar 2018 09:59:32 +0100 [thread overview]
Message-ID: <20180320085932.xnwkpiz5gpegnw5d@gmail.com> (raw)
Message-ID: <20180320085932.BHCZvVt-ZGa1Apq_bLDI37syewGB__T5cxH5TzjMK0c@z> (raw)
In-Reply-To: <20180319232342.GX30522@ZenIV.linux.org.uk>
* Al Viro <viro@ZenIV.linux.org.uk> wrote:
> > For example this attempt at creating a new system call:
> >
> > SYSCALL_DEFINE3(moron, int, fd, loff_t, offset, size_t, count)
> >
> > ... would translate into something like:
> >
> > .name = "moron", .pattern = "WWW", .type = "int", .size = 4,
> > .name = NULL, .type = "loff_t", .size = 8,
> > .name = NULL, .type = "size_t", .size = 4,
> > .name = NULL, .type = NULL, .size = 0, /* end of parameter list */
> >
> > i.e. "WDW". The build-time constraint checker could then warn about:
> >
> > # error: System call "moron" uses invalid 'WWW' argument mapping for a 'WDW' sequence
> > # please avoid long-long arguments or use 'SYSCALL_DEFINE3_WDW()' instead
>
> ... if you do 32bit build.
Yeah - but the checking tool could do a 32-bit sizing of the types and thus the
checks would work on all arches and on all bitness settings.
I don't think doing part of this in CPP is a good idea:
- It won't be able to do the full range of checks
- Wrappers should IMHO be trivial and open coded as much as possible - not hidden
inside several layers of macros.
- There should be a penalty for newly introduced, badly designed system call
ABIs, while most CPP variants I can think of will just make bad but solvable
decisions palatable, AFAICS.
I.e. I think the way out of this would be two steps:
1) for new system calls: hard-enforce the highest quality at the development
stage and hard-reject crap. No new 6-parameter system calls or badly ordered
arguments. The tool would also check new extensions to existing system calls,
i.e. no more "add a crappy 4th argument to an existing system call that works
on x86 but hurts MIPS".
2) for old legacies: cleanly open code all our existing legacies and weird
wrappers. No new muck will be added to it so the line count does not matter.
... is there anything I'm missing?
Thanks,
Ingo
next prev parent reply other threads:[~2018-03-20 8:59 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-18 16:10 [RFC PATCH 0/6] remove in-kernel syscall invocations (part 3 == compat cruft) Dominik Brodowski
2018-03-18 16:10 ` Dominik Brodowski
2018-03-18 16:10 ` [RFC PATCH 1/6] fs: provide a generic compat_sys_fallocate() implementation Dominik Brodowski
2018-03-18 16:10 ` Dominik Brodowski
2018-03-18 16:10 ` [RFC PATCH 2/6] fs: provide a generic compat_sys_truncate64() implementation Dominik Brodowski
2018-03-18 16:10 ` Dominik Brodowski
2018-03-18 17:49 ` Al Viro
2018-03-18 17:49 ` Al Viro
2018-03-18 18:21 ` Linus Torvalds
2018-03-18 18:21 ` Linus Torvalds
2018-03-19 6:29 ` Kevin Easton
2018-03-19 6:29 ` Kevin Easton
2018-03-18 16:10 ` [RFC PATCH 3/6] fs: provide generic compat_sys_p{read,write}64() implementations Dominik Brodowski
2018-03-18 16:10 ` Dominik Brodowski
2018-03-18 17:40 ` Linus Torvalds
2018-03-18 17:40 ` Linus Torvalds
2018-03-18 18:05 ` Al Viro
2018-03-18 18:05 ` Al Viro
2018-03-18 16:10 ` [RFC PATCH 4/6] mm: provide generic compat_sys_readahead() implementation Dominik Brodowski
2018-03-18 16:10 ` Dominik Brodowski
2018-03-18 17:40 ` Al Viro
2018-03-18 17:40 ` Al Viro
2018-03-18 18:06 ` Linus Torvalds
2018-03-18 18:06 ` Linus Torvalds
2018-03-18 18:18 ` Al Viro
2018-03-18 18:18 ` Al Viro
2018-03-19 4:23 ` Al Viro
2018-03-19 4:23 ` Al Viro
2018-03-19 9:29 ` Ingo Molnar
2018-03-19 9:29 ` Ingo Molnar
2018-03-19 23:23 ` Al Viro
2018-03-19 23:23 ` Al Viro
2018-03-20 8:56 ` Dominik Brodowski
2018-03-20 8:56 ` Dominik Brodowski
2018-03-20 8:59 ` Ingo Molnar [this message]
2018-03-20 8:59 ` Ingo Molnar
2018-03-22 0:15 ` Al Viro
2018-03-22 0:15 ` Al Viro
2018-03-26 0:40 ` [RFC] new SYSCALL_DEFINE/COMPAT_SYSCALL_DEFINE wrappers Al Viro
2018-03-26 0:40 ` Al Viro
2018-03-26 3:47 ` Al Viro
2018-03-26 3:47 ` Al Viro
2018-03-26 6:15 ` Linus Torvalds
2018-03-26 6:15 ` Linus Torvalds
2018-03-26 6:20 ` Linus Torvalds
2018-03-26 6:20 ` Linus Torvalds
2018-03-26 6:44 ` John Paul Adrian Glaubitz
2018-03-26 6:44 ` John Paul Adrian Glaubitz
2018-03-27 1:03 ` Linus Torvalds
2018-03-27 1:03 ` Linus Torvalds
2018-03-27 2:37 ` John Paul Adrian Glaubitz
2018-03-27 2:37 ` John Paul Adrian Glaubitz
2018-03-27 3:40 ` Linus Torvalds
2018-03-27 3:40 ` Linus Torvalds
2018-03-27 4:58 ` John Paul Adrian Glaubitz
2018-03-27 4:58 ` John Paul Adrian Glaubitz
2018-03-30 10:58 ` Ingo Molnar
2018-03-30 10:58 ` Ingo Molnar
2018-03-30 15:54 ` Adam Borowski
2018-03-30 15:54 ` Adam Borowski
2018-03-26 6:24 ` Dominik Brodowski
2018-03-26 6:24 ` Dominik Brodowski
2018-03-18 16:10 ` [RFC PATCH 5/6] x86: use _do_fork() in compat_sys_x86_clone() Dominik Brodowski
2018-03-18 16:10 ` Dominik Brodowski
2018-03-18 16:10 ` [RFC PATCH 6/6] x86: remove compat_sys_x86_waitpid() Dominik Brodowski
2018-03-18 16:10 ` Dominik Brodowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180320085932.xnwkpiz5gpegnw5d@gmail.com \
--to=mingo@kernel.org \
--cc=arnd@arndb.de \
--cc=benh@kernel.crashing.org \
--cc=davem@davemloft.net \
--cc=heiko.carstens@de.ibm.com \
--cc=jhogan@kernel.org \
--cc=jslaby@suse.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@linux-mips.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux@dominikbrodowski.net \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=paulus@samba.org \
--cc=ralf@linux-mips.org \
--cc=schwidefsky@de.ibm.com \
--cc=sparclinux@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox