This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] Add renameat2 function [BZ #17662]


On 07/04/2018 05:04 AM, Andreas Schwab wrote:
> On Jul 03 2018, Paul Eggert <eggert@cs.ucla.edu> wrote:
> 
>> Florian Weimer wrote:
>>> Surely that's a gnulib bug because the main reason for the
>>> RENAME_NOREPLACE variant renameat2 was to avoid exactly that race (or
>>> the other race where the file exists under both the old and new path).
>>
>> No, it's intended behavior, not a bug. GNU mv uses renameat2 with
>> RENAME_NOREPLACE. mv wants the noreplace semantics on platforms that
>> support it (currently only recent Linux and macOS kernels); otherwise it
>> wants exactly that race because that's the best that can be done on other
>> platforms. If Gnulib renameat2 simply failed with EINVAL because
>> RENAME_NOREPLACE was not supported, GNU mv would simply use the same racy
>> fallback that Gnulib renameat2 already uses.
>>
>> Other GNU applications are similar to GNU mv in this respect.
> 
> IMHO we should not repeat the pselect error.  Glibc should provide the
> race-free guarantee that RENAME_NOREPLACE gives, so that programs that
> need it can use it without fear.

I agree completely. We are not "fighting" against GNU applications, what
we are doing is providing a set of reliable semantics.

The API should be split into 2, one symbol which provides reliable race-free
semantics, and another which doesn't. Application authors should make the
choice at the source level. In this case renameat2 is the reliable race-free
name for the operation. If we really need another non-race-free API then
gnulib can provide that.

-- 
Cheers,
Carlos.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]