From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.7 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,MIME_QP_LONG_LINE, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9F141C0030B for ; Sat, 7 Sep 2019 18:15:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 77A37218AE for ; Sat, 7 Sep 2019 18:15:29 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=amacapital-net.20150623.gappssmtp.com header.i=@amacapital-net.20150623.gappssmtp.com header.b="gPB2S/s2" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387845AbfIGSPR (ORCPT ); Sat, 7 Sep 2019 14:15:17 -0400 Received: from mail-pg1-f195.google.com ([209.85.215.195]:40870 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388468AbfIGSPM (ORCPT ); Sat, 7 Sep 2019 14:15:12 -0400 Received: by mail-pg1-f195.google.com with SMTP id w10so5359423pgj.7 for ; Sat, 07 Sep 2019 11:15:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=yCXO2IUW/xP5rGitFpbGKrkQxCFizP24AMzmcKYJo+k=; b=gPB2S/s21fOdrhZkZvzaMRRbkTHlbc79vLkQ8L7Cpmmu8hvbAG6eoC0Dm32QXRGYMY +1LPES8i+LJBkfY/p1yzpRzMMv2odDchTO0YHOkxwFiie7OsEOHDwtOH8zJJ6F9AZyk5 MkZFVhvuxPxeMIKfq+G9obcmbfsQBob0Nc70jrYQVbX0W8tNU0vMgyrejbOLHj/PJBII 8jO1EQn6kWKOgkBib76U4yxHBzWI3KaSO/lLhJIPi5x1WrjQ3kHOZysmKhg2Dv2MsCh4 N/OxZH40a7P6xhJ/lAgfa+dSsRZSJmy+02UKql6Xb3VKWtRKJq/2ht+J5tBxXcxSYFTB 1GhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=yCXO2IUW/xP5rGitFpbGKrkQxCFizP24AMzmcKYJo+k=; b=YWf94ADvG5dhteU/QaDT5zdZr2UlgwnzQGCC6D6eHIaWz2e2RWl8rU7qoGCpHDIHP3 Kg9hkiRM6kp8nj+Wk19NpK037L2CPDAPlOPQW2iKUWdr25wVPoZCG7zWCz8g90XUtNzl 89K7VKkjfx3XY5NKKvWPD0LLEVVjdqxORSmt71CW431K8ngqXARib6FB0RnPYGGaRx5n dks1vKQ/foykl3lXC4ckyE7mx1rcbeccIzcNxHv8w3HW6Rys8aXLV5vwG1R6xSqC6vi5 JzxqVHfn4kP70rLncFk3ygwxL9N5ReR5cnpGHiLIXzMtsrtc7MRnoh3w3KFP0e4lzYZi OynQ== X-Gm-Message-State: APjAAAVIRL2kfOkoJVDHtJlg5kqhiZHkf85JNgVvxOtjrs/hG1xZy1TQ X+UV4otdTjMUpapsZ9DUYVzQaA== X-Google-Smtp-Source: APXvYqwtLHTxDBZPI4nj5nW8UmB/sRAqU0rGQe5gnm9Rg561yB9Atb14l/OoZSzCcZVB4Qk4BIIw8Q== X-Received: by 2002:aa7:8b09:: with SMTP id f9mr13154710pfd.23.1567880111917; Sat, 07 Sep 2019 11:15:11 -0700 (PDT) Received: from ?IPv6:2600:100f:b121:da37:bc66:d4de:83c7:e0cd? ([2600:100f:b121:da37:bc66:d4de:83c7:e0cd]) by smtp.gmail.com with ESMTPSA id x5sm10495873pfn.149.2019.09.07.11.15.10 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 07 Sep 2019 11:15:11 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: [PATCH v12 11/12] open: openat2(2) syscall From: Andy Lutomirski X-Mailer: iPhone Mail (16G102) In-Reply-To: Date: Sat, 7 Sep 2019 11:15:09 -0700 Cc: Jeff Layton , Aleksa Sarai , Al Viro , "J. Bruce Fields" , Arnd Bergmann , David Howells , Shuah Khan , Shuah Khan , Ingo Molnar , Peter Zijlstra , Christian Brauner , Eric Biederman , Andy Lutomirski , Andrew Morton , Alexei Starovoitov , Kees Cook , Jann Horn , Tycho Andersen , David Drysdale , Chanho Min , Oleg Nesterov , Rasmus Villemoes , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Aleksa Sarai , Linux Containers , alpha , Linux API , linux-arch , Linux ARM , linux-fsdevel , linux-ia64@vger.kernel.org, Linux List Kernel Mailing , "open list:KERNEL SELFTEST FRAMEWORK" , linux-m68k , linux-mips@vger.kernel.org, linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390 , Linux-sh list , linux-xtensa@linux-xtensa.org, sparclinux@vger.kernel.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <20190904201933.10736-1-cyphar@cyphar.com> <20190904201933.10736-12-cyphar@cyphar.com> <7236f382d72130f2afbbe8940e72cc67e5c6dce0.camel@kernel.org> To: Linus Torvalds Sender: linux-mips-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-mips@vger.kernel.org > On Sep 7, 2019, at 10:45 AM, Linus Torvalds wrote: >=20 >> On Sat, Sep 7, 2019 at 10:42 AM Andy Lutomirski wro= te: >>=20 >> Linus, you rejected resolveat() because you wanted a *nice* API >=20 > No. I rejected resoveat() because it was a completely broken garbage > API that couldn't do even basic stuff right (like O_CREAT). >=20 > We have a ton of flag space in the new openat2() model, we might as > well leave the old flags alone that people are (a) used to and (b) we > have code to support _anyway_. >=20 > Making up a new flag namespace is only going to cause us - and users - > more work, and more confusion. For no actual advantage. It's not going > to be "cleaner". It's just going to be worse. >=20 >=20 If we keep all the flag bits in the same mask with the same values, then we=E2= =80=99re stuck with O_RDONLY=3D0 and everything that implies. We=E2=80=99ll= have UPGRADE_READ that works differently from the missing plain-old-READ bi= t, and we can=E2=80=99t express execute-only-no-read-or-write. This sucks. Can we at least split the permission bits into their own mask and make bits 0= and 1 illegal in the main set of flags in openat2? There=E2=80=99s another thread going on right now about adding a bit along t= he lines of =E2=80=9CMAYEXEC=E2=80=9D, and one of the conclusions was that i= t should wait for openat2 so that it can have same semantics. If we=E2=80=99= re stuck with O_RDONLY and friends, then MAYEXEC is doomed to being at least= a bit nonsensical. As an analogy, AMD64 introduced bigger PTEs but kept the same nonsense encod= ing of read and write permission. And then we got NX, and now we=E2=80=99re g= etting little holes in the encoding stolen by CET to mean new silly things. = I don=E2=80=99t know if you=E2=80=99ve been following the various rounds of= patches, but it is truly horrible. The mapping from meaning to the actual b= its is *shit*, and AMD64 should have made a clean break instead. open()=E2=80=99s permission bits are basically the same situation. And the k= ernel *already* has a non-type-safe translation layer. Please, please let op= enat2() at least get rid of the turd in open()=E2=80=99s bits 0 and 1.