Page MenuHomeFreeBSD

fcntl.h: warn that bits for O_* flags are scarce
ClosedPublic

Authored by brooks on Jun 5 2025, 4:20 PM.
Tags
None
Referenced Files
F133198341: D50703.id156650.diff
Thu, Oct 23, 9:40 PM
Unknown Object (File)
Wed, Oct 8, 7:56 AM
Unknown Object (File)
Sep 18 2025, 2:01 AM
Unknown Object (File)
Sep 15 2025, 11:29 PM
Unknown Object (File)
Sep 15 2025, 12:21 PM
Unknown Object (File)
Sep 9 2025, 10:29 PM
Unknown Object (File)
Sep 6 2025, 2:04 PM
Unknown Object (File)
Aug 26 2025, 7:16 AM

Details

Summary

Running out of O_* flag bits will end out ability to make additions that
are source compatible with other operating systems.

Add a warning to coordinate all additions with srcmgr@.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 64662
Build 61546: arc lint + arc unit

Event Timeline

brooks requested review of this revision.Jun 5 2025, 4:20 PM
This revision is now accepted and ready to land.Jun 5 2025, 4:44 PM
markj added a subscriber: markj.

Running out of O_* flag bits will be catastrophic

Why "catastrophic"? We could add an openat2() which takes more flags, like Linux did already. In any case, I do agree that we should be careful about adding new flags.

I wonder what we should do about github.com/freebsd/freebsd-src/pull/1698 then?

sys/sys/fcntl.h
149

I'd just write "only a few bits left" so we don't have to update this comment in the event that we add new flags.

sys/sys/fcntl.h
149

Yeah, that's a good point; it could be even worse if we add a couple of flags without updating the comment and we get even closer to running out than the comment suggests.

Running out of O_* flag bits will be catastrophic

Why "catastrophic"? We could add an openat2() which takes more flags, like Linux did already. In any case, I do agree that we should be careful about adding new flags.

That might be a bit strong. I'll rephrase. My big worry is that POSIX/Linux add more useful flags and it becomes impossible for us to have source compatibility. I believe Linux has been a less liberal in allocating flag bits so they have a lot more room for growth which adds to the risk. Effectively having to deprecate open() would be a decade+ long project requiring cooperation between all POSIX projects and if we run out of O_ bits first we'll probably lose good will.

openat2 seems generally reasonable except for the bit the glibc doesn't provide bindings which will prove annoying with CHERI compartmentalization where we're not going to allow random code to use __syscall(2).

I wonder what we should do about github.com/freebsd/freebsd-src/pull/1698 then?

I have mixed feelings about it. On one hand it's in POSIX and it provides a certain symmetry. On the other hand, it sounds like Linux won't implement it so it probably shouldn't have been added to POSIX in the first place. I'm more worried about the recent addition of O_NAMEDATTR which is source compatible with nothing (apparently sort of Solaris O_XATTR).

Rephrase, fix typos, rebase

This revision now requires review to proceed.Jun 6 2025, 6:28 PM
This revision is now accepted and ready to land.Jun 11 2025, 10:16 PM

Running out of O_* flag bits will be catastrophic

Why "catastrophic"? We could add an openat2() which takes more flags, like Linux did already. In any case, I do agree that we should be careful about adding new flags.

That might be a bit strong. I'll rephrase. My big worry is that POSIX/Linux add more useful flags and it becomes impossible for us to have source compatibility. I believe Linux has been a less liberal in allocating flag bits so they have a lot more room for growth which adds to the risk. Effectively having to deprecate open() would be a decade+ long project requiring cooperation between all POSIX projects and if we run out of O_ bits first we'll probably lose good will.

openat2 seems generally reasonable except for the bit the glibc doesn't provide bindings which will prove annoying with CHERI compartmentalization where we're not going to allow random code to use __syscall(2).

I wonder what we should do about github.com/freebsd/freebsd-src/pull/1698 then?

I have mixed feelings about it. On one hand it's in POSIX and it provides a certain symmetry. On the other hand, it sounds like Linux won't implement it so it probably shouldn't have been added to POSIX in the first place. I'm more worried about the recent addition of O_NAMEDATTR which is source compatible with nothing (apparently sort of Solaris O_XATTR).

I took a deep dive at the arguments against O_CLOFORK on the Linux side and all are related to the difficulty of implementing it in the Linux kernel. Otherwise there's no single valid argument against it. It solves a real issue for Rust & Golang (and perhaps other languages).

To me it's a no-brainer since it's POSIX. Let's follow Solaris/Illumos' lead here. They inherit the UNIX tradition as much as BSD. Linux has the choice to either implement it or create another crappy interface and support it forever because they chose not to involve the wider UNIX community. Oh wait, they tried to solve it but then reverted it:

There's one flag that may need reservation: O_REGULAR, implemented by NetBSD and asked for in Linux in https://github.com/uapi-group/kernel-features