From: Aleksa Sarai <cyphar@cyphar.com>
To: Alexander Viro <viro@zeniv.linux.org.uk>,
Jeff Layton <jlayton@kernel.org>,
"J. Bruce Fields" <bfields@fieldses.org>,
Shuah Khan <shuah@kernel.org>
Cc: Aleksa Sarai <cyphar@cyphar.com>,
David Laight <david.laight@aculab.com>,
Florian Weimer <fweimer@redhat.com>,
Christian Brauner <christian.brauner@ubuntu.com>,
dev@opencontainers.org, containers@lists.linux-foundation.org,
libc-alpha@sourceware.org, linux-api@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-kselftest@vger.kernel.org
Subject: [PATCH 2/2] openat2: drop open_how->__padding field
Date: Thu, 19 Dec 2019 21:55:30 +1100 [thread overview]
Message-ID: <20191219105533.12508-3-cyphar@cyphar.com> (raw)
In-Reply-To: <20191219105533.12508-1-cyphar@cyphar.com>
The purpose of explicit padding was to allow us to use the space in the
future (C provides no guarantee about the value of padding bytes and
thus userspace could've provided garbage).
However, the downside of explicit padding is that any extension we wish
to add should fit the space exactly (otherwise we may end up with a u16
which will never be used). In addition, the correct error to return for
non-zero padding is not clear (-EINVAL doesn't imply "you're using an
extension field unsupported by this kernel", but -E2BIG seems a bit odd
if the structure size isn't different).
The simplest solution is to just match the design of clone3(2) -- use
u64s for all fields. The extra few-bytes cost of extra fields is not
significant (it's unlikely configuration structs will ever be extremely
large) and it allows for more flag space if necessary.
As openat2(2) is not yet in Linus's tree, we can iron out these minor
warts before we commit to this as a stable ABI.
Suggested-by: David Laight <david.laight@aculab.com>
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
---
fs/open.c | 2 --
include/uapi/linux/openat2.h | 3 +--
tools/testing/selftests/openat2/helpers.h | 3 +--
.../testing/selftests/openat2/openat2_test.c | 24 +++++++------------
4 files changed, 10 insertions(+), 22 deletions(-)
diff --git a/fs/open.c b/fs/open.c
index 50a46501bcc9..8cdb2b675867 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -993,8 +993,6 @@ static inline int build_open_flags(const struct open_how *how,
return -EINVAL;
if (how->resolve & ~VALID_RESOLVE_FLAGS)
return -EINVAL;
- if (memchr_inv(how->__padding, 0, sizeof(how->__padding)))
- return -EINVAL;
/* Deal with the mode. */
if (WILL_CREATE(flags)) {
diff --git a/include/uapi/linux/openat2.h b/include/uapi/linux/openat2.h
index 19ef775e8e5e..76fad4ada2d4 100644
--- a/include/uapi/linux/openat2.h
+++ b/include/uapi/linux/openat2.h
@@ -16,8 +16,7 @@
*/
struct open_how {
__aligned_u64 flags;
- __u16 mode;
- __u16 __padding[3]; /* must be zeroed */
+ __aligned_u64 mode;
__aligned_u64 resolve;
};
diff --git a/tools/testing/selftests/openat2/helpers.h b/tools/testing/selftests/openat2/helpers.h
index 43ca5ceab6e3..d756775d0725 100644
--- a/tools/testing/selftests/openat2/helpers.h
+++ b/tools/testing/selftests/openat2/helpers.h
@@ -37,8 +37,7 @@
*/
struct open_how {
__aligned_u64 flags;
- __u16 mode;
- __u16 __padding[3]; /* must be zeroed */
+ __aligned_u64 mode;
__aligned_u64 resolve;
};
diff --git a/tools/testing/selftests/openat2/openat2_test.c b/tools/testing/selftests/openat2/openat2_test.c
index 0b64fedc008b..b386367c606b 100644
--- a/tools/testing/selftests/openat2/openat2_test.c
+++ b/tools/testing/selftests/openat2/openat2_test.c
@@ -40,7 +40,7 @@ struct struct_test {
int err;
};
-#define NUM_OPENAT2_STRUCT_TESTS 10
+#define NUM_OPENAT2_STRUCT_TESTS 7
#define NUM_OPENAT2_STRUCT_VARIATIONS 13
void test_openat2_struct(void)
@@ -57,20 +57,6 @@ void test_openat2_struct(void)
.arg.inner.flags = O_RDONLY,
.size = sizeof(struct open_how_ext) },
- /* Normal struct with broken padding. */
- { .name = "normal struct (non-zero padding[0])",
- .arg.inner.flags = O_RDONLY,
- .arg.inner.__padding = {0xa0, 0x00, 0x00},
- .size = sizeof(struct open_how_ext), .err = -EINVAL },
- { .name = "normal struct (non-zero padding[1])",
- .arg.inner.flags = O_RDONLY,
- .arg.inner.__padding = {0x00, 0x1a, 0x00},
- .size = sizeof(struct open_how_ext), .err = -EINVAL },
- { .name = "normal struct (non-zero padding[2])",
- .arg.inner.flags = O_RDONLY,
- .arg.inner.__padding = {0x00, 0x00, 0xef},
- .size = sizeof(struct open_how_ext), .err = -EINVAL },
-
/* TODO: Once expanded, check zero-padding. */
/* Smaller than version-0 struct. */
@@ -169,7 +155,7 @@ struct flag_test {
int err;
};
-#define NUM_OPENAT2_FLAG_TESTS 21
+#define NUM_OPENAT2_FLAG_TESTS 23
void test_openat2_flags(void)
{
@@ -214,9 +200,15 @@ void test_openat2_flags(void)
{ .name = "invalid how.mode and O_CREAT",
.how.flags = O_CREAT,
.how.mode = 0xFFFF, .err = -EINVAL },
+ { .name = "invalid (very large) how.mode and O_CREAT",
+ .how.flags = O_CREAT,
+ .how.mode = 0xC000000000000000ULL, .err = -EINVAL },
{ .name = "invalid how.mode and O_TMPFILE",
.how.flags = O_TMPFILE | O_RDWR,
.how.mode = 0x1337, .err = -EINVAL },
+ { .name = "invalid (very large) how.mode and O_TMPFILE",
+ .how.flags = O_TMPFILE | O_RDWR,
+ .how.mode = 0x0000A00000000000ULL, .err = -EINVAL },
/* ->resolve must only contain RESOLVE_* flags. */
{ .name = "invalid how.resolve and O_RDONLY",
--
2.24.0
next prev parent reply other threads:[~2019-12-19 10:56 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-19 10:55 [PATCH 0/2] openat2: minor uapi cleanups Aleksa Sarai
2019-12-19 10:55 ` [PATCH 1/2] uapi: split openat2(2) definitions from fcntl.h Aleksa Sarai
2019-12-19 11:07 ` Florian Weimer
2019-12-19 13:45 ` Aleksa Sarai
2019-12-19 14:05 ` David Laight
2019-12-20 9:31 ` Aleksa Sarai
2019-12-20 10:18 ` David Laight
2019-12-19 10:55 ` Aleksa Sarai [this message]
2019-12-19 11:18 ` [PATCH 2/2] openat2: drop open_how->__padding field Christian Brauner
2019-12-19 10:55 ` [PATCH 0/2] openat2: minor uapi cleanups Aleksa Sarai
2019-12-19 10:55 ` [PATCH 1/2] uapi: split openat2(2) definitions from fcntl.h Aleksa Sarai
2019-12-19 10:55 ` [PATCH 2/2] openat2: drop open_how->__padding field Aleksa Sarai
2019-12-19 11:19 ` [PATCH 0/2] openat2: minor uapi cleanups Christian Brauner
2019-12-19 13:41 ` Aleksa Sarai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191219105533.12508-3-cyphar@cyphar.com \
--to=cyphar@cyphar.com \
--cc=bfields@fieldses.org \
--cc=christian.brauner@ubuntu.com \
--cc=containers@lists.linux-foundation.org \
--cc=david.laight@aculab.com \
--cc=dev@opencontainers.org \
--cc=fweimer@redhat.com \
--cc=jlayton@kernel.org \
--cc=libc-alpha@sourceware.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=shuah@kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).