Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp340568imm; Fri, 1 Jun 2018 01:43:25 -0700 (PDT) X-Google-Smtp-Source: ADUXVKLyJhrtuRdG6u987PDhl20i+coGXhh0t5G1zVaRu5DhrYZ//UFxsJrOuFZhJhnarO5qN5IW X-Received: by 2002:a62:154a:: with SMTP id 71-v6mr701969pfv.170.1527842605720; Fri, 01 Jun 2018 01:43:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527842605; cv=none; d=google.com; s=arc-20160816; b=pBvjWWWxFeCMMA7+jkI25b7Uzx6tlWYsKFWiU5ln3aoeB55dsPL76IRXbUkVz0aSnB 0gOwZ6GVb55MOACXQRJRB8F3bQYBVl4Q3otsiwczgUbLKxUB5YqsM3phc7LNloNxIfrc utfAXVdU+REoQPtKhbcolvEhj7pQhjTaFdVpx+nlPxk/NIHOCpl5tRM7NP66mtkDRrdH G9t1QNENm12fNqi03rsBpoNU5JiFyXrItQ7XnAkunyiOESdbskUaTkOOiWUfLTdfVqYQ h6IDBpOXVl+RUC+MGfcDs5st2CpAb+rhsu4VYEOCk708KARJdexERVoLRS81YIqIBn9u wlpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:content-id:mime-version :subject:cc:to:references:in-reply-to:from:organization :arc-authentication-results; bh=7NDWWE6IaKr7mQbskbSt7LnyWZh4OMXpSl0x1r1HZuE=; b=RbIRZ7b6Yl9dt4z9A5X5QKSzVJnVktHrzYtvuoAv50cGNGLdhssrbabKV5J7iNh2NR 6N4xs90x7ofx7+z2YOL+s2rtyQhelB/goXsfPAdZXJYALI14sCs9wE96/aKqDdmG2H7Z 5HLiW8PQZTDHprKQ1JRlDgU8GBiVYX0I6/n2Jlx+WNwfq0Rh23mS+YpcUPSZM18ntlGe gEnHtJpHIorOwwzN3bD+zrgx4g0CQHjfGzMRPKv7ainm4M0ks3Jzfn7PmDsrkn/bCi/n gv877LaKWB+ozARyUVeB0fDz2lkc7eXfzlZ3+WpI5BJUx7JEhy2f8ZNAwpsDfEpmiU8I Bj7Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q18-v6si1715198pgd.294.2018.06.01.01.43.11; Fri, 01 Jun 2018 01:43:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751417AbeFAImU (ORCPT + 99 others); Fri, 1 Jun 2018 04:42:20 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:44186 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750934AbeFAImR (ORCPT ); Fri, 1 Jun 2018 04:42:17 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 003AF406F8B2; Fri, 1 Jun 2018 08:42:17 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-121-245.rdu2.redhat.com [10.10.121.245]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2C1FE200BCDA; Fri, 1 Jun 2018 08:42:16 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells In-Reply-To: References: <152720672288.9073.9868393448836301272.stgit@warthog.procyon.org.uk> <152720691829.9073.10564431140980997005.stgit@warthog.procyon.org.uk> To: Amir Goldstein Cc: dhowells@redhat.com, Al Viro , linux-fsdevel , linux-afs@lists.infradead.org, linux-kernel , linux-api@vger.kernel.org Subject: Re: [PATCH 30/32] vfs: Allow cloning of a mount tree with open(O_PATH|O_CLONE_MOUNT) [ver #8] MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <7263.1527842535.1@warthog.procyon.org.uk> Date: Fri, 01 Jun 2018 09:42:15 +0100 Message-ID: <7264.1527842535@warthog.procyon.org.uk> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Fri, 01 Jun 2018 08:42:17 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Fri, 01 Jun 2018 08:42:17 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'dhowells@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Amir Goldstein wrote: > Reject O_NON_RECURSIVE without O_CLONE_MOUNT? Yes, I should add that. > I am not sure what are the consequences of opening O_PATH with old kernel > and getting an open file, can't think of anything bad. > Can the same be claimed for O_PATH|O_CLONE_MOUNT? Yes, actually, there can be consequences. Some files have side effects. Think open("/dev/foobar", O_PATH). > Wouldn't it be better to apply the O_TMPFILE kludge to the new > open flag, so that apps can check if O_CLONE_MOUNT feature is supported > by kernel? Ugh. The problem is that the O_TMPFILE kludge can't be done because O_PATH currently just masks off any bits it's not interested in rather than giving an error. Even the O_TMPFILE kludge doesn't protect you against someone having set random unassigned bits when testing on a kernel that didn't support it. And this bit: /* * Clear out all open flags we don't know about so that we don't report * them in fcntl(F_GETFD) or similar interfaces. */ flags &= VALID_OPEN_FLAGS; is just plain wrong. Effectively, it allows userspace to set random reserved bits without consequences. It should give an error instead. Probably we should really replace open() and openat() both before we can allocate any further open flags. David