From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,MIME_QP_LONG_LINE, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2E3EFC43331 for ; Sat, 7 Sep 2019 18:17:37 +0000 (UTC) Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 61EC121848 for ; Sat, 7 Sep 2019 18:17:36 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=amacapital-net.20150623.gappssmtp.com header.i=@amacapital-net.20150623.gappssmtp.com header.b="gPB2S/s2" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 61EC121848 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=amacapital.net Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 46QjMK5QcBzDqLL for ; Sun, 8 Sep 2019 04:17:33 +1000 (AEST) Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=amacapital.net (client-ip=2607:f8b0:4864:20::443; helo=mail-pf1-x443.google.com; envelope-from=luto@amacapital.net; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=amacapital.net Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=amacapital-net.20150623.gappssmtp.com header.i=@amacapital-net.20150623.gappssmtp.com header.b="gPB2S/s2"; dkim-atps=neutral Received: from mail-pf1-x443.google.com (mail-pf1-x443.google.com [IPv6:2607:f8b0:4864:20::443]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 46QjJj4ySyzDqWK for ; Sun, 8 Sep 2019 04:15:15 +1000 (AEST) Received: by mail-pf1-x443.google.com with SMTP id 205so6631590pfw.2 for ; Sat, 07 Sep 2019 11:15:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=yCXO2IUW/xP5rGitFpbGKrkQxCFizP24AMzmcKYJo+k=; b=gPB2S/s21fOdrhZkZvzaMRRbkTHlbc79vLkQ8L7Cpmmu8hvbAG6eoC0Dm32QXRGYMY +1LPES8i+LJBkfY/p1yzpRzMMv2odDchTO0YHOkxwFiie7OsEOHDwtOH8zJJ6F9AZyk5 MkZFVhvuxPxeMIKfq+G9obcmbfsQBob0Nc70jrYQVbX0W8tNU0vMgyrejbOLHj/PJBII 8jO1EQn6kWKOgkBib76U4yxHBzWI3KaSO/lLhJIPi5x1WrjQ3kHOZysmKhg2Dv2MsCh4 N/OxZH40a7P6xhJ/lAgfa+dSsRZSJmy+02UKql6Xb3VKWtRKJq/2ht+J5tBxXcxSYFTB 1GhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=yCXO2IUW/xP5rGitFpbGKrkQxCFizP24AMzmcKYJo+k=; b=ssnSwbLsMVGQ/VIQYRwS9YvW3lhv66UZ23x+G+G2dlAl74wbCzqFPztT9FfTg8CMR8 gj/HVW+V5h0s0WC4+XLdv2qsqHJl3Ed5FI3FeNVaLhQtjX1ClUjxE9ua6YkDsj2SEN1a S0xYVyPQg36xsQre+qJqJoqAzqVBbiCXqPBJtd+S+OiM3/rOUv+Ft6anRyR1erY4FhT3 SoVX6+N3lXNiq3RKn0DdKDsC3RmcPtfdKB4jWOhB6+jXruyggSODxSo+WOrlvapBLLdK /EAxMgIQ5Sp213S6X5imVRZKlT3Y0TzOvT8CgEM84SCCiZVUKQDQQUEvxc/WHr9Wn7eo ji4Q== X-Gm-Message-State: APjAAAWIySu0rh41PSLsOk7fDGXaPCf6+JAv4fQWi/4zYtd5d/35ZvPe BuV2p8ywbGXalhglNBuwyB3T0g== X-Google-Smtp-Source: APXvYqwtLHTxDBZPI4nj5nW8UmB/sRAqU0rGQe5gnm9Rg561yB9Atb14l/OoZSzCcZVB4Qk4BIIw8Q== X-Received: by 2002:aa7:8b09:: with SMTP id f9mr13154710pfd.23.1567880111917; Sat, 07 Sep 2019 11:15:11 -0700 (PDT) Received: from ?IPv6:2600:100f:b121:da37:bc66:d4de:83c7:e0cd? ([2600:100f:b121:da37:bc66:d4de:83c7:e0cd]) by smtp.gmail.com with ESMTPSA id x5sm10495873pfn.149.2019.09.07.11.15.10 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 07 Sep 2019 11:15:11 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: [PATCH v12 11/12] open: openat2(2) syscall From: Andy Lutomirski X-Mailer: iPhone Mail (16G102) In-Reply-To: Date: Sat, 7 Sep 2019 11:15:09 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: <20190904201933.10736-1-cyphar@cyphar.com> <20190904201933.10736-12-cyphar@cyphar.com> <7236f382d72130f2afbbe8940e72cc67e5c6dce0.camel@kernel.org>

To: Linus Torvalds X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-ia64@vger.kernel.org, Linux-sh list , Peter Zijlstra , Rasmus Villemoes , Alexei Starovoitov , Linux List Kernel Mailing , David Howells , "open list:KERNEL SELFTEST FRAMEWORK" , sparclinux@vger.kernel.org, Shuah Khan , linux-arch , linux-s390 , Tycho Andersen , Aleksa Sarai , Jiri Olsa , Alexander Shishkin , Ingo Molnar , Linux ARM , linux-mips@vger.kernel.org, linux-xtensa@linux-xtensa.org, Kees Cook , Arnd Bergmann , Jann Horn , Aleksa Sarai , Al Viro , Andy Lutomirski , Shuah Khan , Namhyung Kim , David Drysdale , Christian Brauner , "J. Bruce Fields" , linux-parisc@vger.kernel.org, linux-m68k , Linux API , Chanho Min , Jeff Layton , Oleg Nesterov , Eric Biederman , alpha , linux-fsdevel , Andrew Morton , linuxppc-dev@lists.ozlabs.org, Linux Containers Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" > On Sep 7, 2019, at 10:45 AM, Linus Torvalds wrote: >=20 >> On Sat, Sep 7, 2019 at 10:42 AM Andy Lutomirski wro= te: >>=20 >> Linus, you rejected resolveat() because you wanted a *nice* API >=20 > No. I rejected resoveat() because it was a completely broken garbage > API that couldn't do even basic stuff right (like O_CREAT). >=20 > We have a ton of flag space in the new openat2() model, we might as > well leave the old flags alone that people are (a) used to and (b) we > have code to support _anyway_. >=20 > Making up a new flag namespace is only going to cause us - and users - > more work, and more confusion. For no actual advantage. It's not going > to be "cleaner". It's just going to be worse. >=20 >=20 If we keep all the flag bits in the same mask with the same values, then we=E2= =80=99re stuck with O_RDONLY=3D0 and everything that implies. We=E2=80=99ll= have UPGRADE_READ that works differently from the missing plain-old-READ bi= t, and we can=E2=80=99t express execute-only-no-read-or-write. This sucks. Can we at least split the permission bits into their own mask and make bits 0= and 1 illegal in the main set of flags in openat2? There=E2=80=99s another thread going on right now about adding a bit along t= he lines of =E2=80=9CMAYEXEC=E2=80=9D, and one of the conclusions was that i= t should wait for openat2 so that it can have same semantics. If we=E2=80=99= re stuck with O_RDONLY and friends, then MAYEXEC is doomed to being at least= a bit nonsensical. As an analogy, AMD64 introduced bigger PTEs but kept the same nonsense encod= ing of read and write permission. And then we got NX, and now we=E2=80=99re g= etting little holes in the encoding stolen by CET to mean new silly things. = I don=E2=80=99t know if you=E2=80=99ve been following the various rounds of= patches, but it is truly horrible. The mapping from meaning to the actual b= its is *shit*, and AMD64 should have made a clean break instead. open()=E2=80=99s permission bits are basically the same situation. And the k= ernel *already* has a non-type-safe translation layer. Please, please let op= enat2() at least get rid of the turd in open()=E2=80=99s bits 0 and 1.