Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp3725085ybe; Sun, 8 Sep 2019 20:41:46 -0700 (PDT) X-Google-Smtp-Source: APXvYqwdFcOf6xjhuxQhbKzIw0HG2Smi3PooaHpYVZdWWuQ8cKmspySFeq/ny6pQuoX0d5ry8Mkw X-Received: by 2002:a17:906:6403:: with SMTP id d3mr8550865ejm.99.1568000506817; Sun, 08 Sep 2019 20:41:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568000506; cv=none; d=google.com; s=arc-20160816; b=HX9WZOQLEkA7/ZlWYkRJHtHMnYFWyb/SA7M9JTL+vpDk3JOmOYrkJELKOP6Szy7G1r xE3JugIKtfa5W/nZEZjW5L0eM73mFtKuejn9wOS8TsmOJcwCsF0MQcRDAkJ+wB+04NVq Mb4q5ZP4Koxt2dKS3VkVj+OiBtZ4nlstxMRGtr9WARbKm0CcC6gl82G0h/HEJq5gj/7G OqKvZnauvR3ssPIaIPdyiSy7o6qz19JCLGRD+axVFTZjBU8jkouGrR2pTDfxwpYo9Sxv iV06dAY/qD09cWMGq+oXZBcuaBWw6jnpMNPYCl/M7IO9/tMEC94oaDqmHf4pCiGpEPn2 HvqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature; bh=yCXO2IUW/xP5rGitFpbGKrkQxCFizP24AMzmcKYJo+k=; b=gu5XeuUOhouPoSCq+pxaddkbxfaNE1YLw2BwmvWt8pQ+C0JgXW6g5Q8OW7OJd1Fg9l Tv4uINoJJyUZ4dvJ8m5N+38G7c7o6K6TJkKFlC3r4q21/cI8jap2B/0zFvskjyVJ8dNI NhjY2/F67V2id1YXfcQy+MVX/hXT/akaxa+p9ErQclDT9WH2UuOAq3UdAskbkqEZ3omt iY8gzLW/n3OvVnkk4sV6ugNWf3TEhhUixHoD79RlKJXbJJY/6BQNGp+AP6xaE7G0hotP GXabmLK4V8DN49xJUUrZKKbSeqT4+TOZYa4CmQQXgx3Cwk473+riKZzHIBc7o8D/mvms TTbQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b="gPB2S/s2"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n18si6640747ejs.332.2019.09.08.20.41.23; Sun, 08 Sep 2019 20:41:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b="gPB2S/s2"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388652AbfIGSPN (ORCPT + 99 others); Sat, 7 Sep 2019 14:15:13 -0400 Received: from mail-pg1-f194.google.com ([209.85.215.194]:41757 "EHLO mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388745AbfIGSPM (ORCPT ); Sat, 7 Sep 2019 14:15:12 -0400 Received: by mail-pg1-f194.google.com with SMTP id x15so5351730pgg.8 for ; Sat, 07 Sep 2019 11:15:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=yCXO2IUW/xP5rGitFpbGKrkQxCFizP24AMzmcKYJo+k=; b=gPB2S/s21fOdrhZkZvzaMRRbkTHlbc79vLkQ8L7Cpmmu8hvbAG6eoC0Dm32QXRGYMY +1LPES8i+LJBkfY/p1yzpRzMMv2odDchTO0YHOkxwFiie7OsEOHDwtOH8zJJ6F9AZyk5 MkZFVhvuxPxeMIKfq+G9obcmbfsQBob0Nc70jrYQVbX0W8tNU0vMgyrejbOLHj/PJBII 8jO1EQn6kWKOgkBib76U4yxHBzWI3KaSO/lLhJIPi5x1WrjQ3kHOZysmKhg2Dv2MsCh4 N/OxZH40a7P6xhJ/lAgfa+dSsRZSJmy+02UKql6Xb3VKWtRKJq/2ht+J5tBxXcxSYFTB 1GhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=yCXO2IUW/xP5rGitFpbGKrkQxCFizP24AMzmcKYJo+k=; b=asZt369uBcWFtj7ZrlMSgiYRcHK6YW8oytpODJG9KvXRZK2I0KNu150tWhH55GDMkG QhaVpc2w1r08svhQTXhfxqfrs4HuS0t73IgJumCtF76ENlWgBPe9hcHRZWvKXSGB7U2c 2jyY6jGOik2mbYvCQAT2BI6MR5I9PMtxMuHLzNYlgGZVlVTNXAvsMUT3cKLu9TvWxuc8 QDWSGRlhrf4GX41lLJH0aQsNRGm0j8C4zgTKNmqd1uh3jvaYhguAkppbrDLJv/Ku1Cn4 RNuqix5sLr/j4CgBFCfC7kE89mw51SdvbswO75VK0mtlx7QbYWtB7uUAOOOost64yEzn BTIA== X-Gm-Message-State: APjAAAV+zhEjL8a4peF04oznMKInhrKBRv8NO3qvaCL/NNdY7Djsni03 KADlmyUS0M6vZCZcFuVRSKgJVA== X-Received: by 2002:aa7:8b09:: with SMTP id f9mr13154710pfd.23.1567880111917; Sat, 07 Sep 2019 11:15:11 -0700 (PDT) Received: from ?IPv6:2600:100f:b121:da37:bc66:d4de:83c7:e0cd? ([2600:100f:b121:da37:bc66:d4de:83c7:e0cd]) by smtp.gmail.com with ESMTPSA id x5sm10495873pfn.149.2019.09.07.11.15.10 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 07 Sep 2019 11:15:11 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: [PATCH v12 11/12] open: openat2(2) syscall From: Andy Lutomirski X-Mailer: iPhone Mail (16G102) In-Reply-To: Date: Sat, 7 Sep 2019 11:15:09 -0700 Cc: Jeff Layton , Aleksa Sarai , Al Viro , "J. Bruce Fields" , Arnd Bergmann , David Howells , Shuah Khan , Shuah Khan , Ingo Molnar , Peter Zijlstra , Christian Brauner , Eric Biederman , Andy Lutomirski , Andrew Morton , Alexei Starovoitov , Kees Cook , Jann Horn , Tycho Andersen , David Drysdale , Chanho Min , Oleg Nesterov , Rasmus Villemoes , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Aleksa Sarai , Linux Containers , alpha , Linux API , linux-arch , Linux ARM , linux-fsdevel , linux-ia64@vger.kernel.org, Linux List Kernel Mailing , "open list:KERNEL SELFTEST FRAMEWORK" , linux-m68k , linux-mips@vger.kernel.org, linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390 , Linux-sh list , linux-xtensa@linux-xtensa.org, sparclinux@vger.kernel.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <20190904201933.10736-1-cyphar@cyphar.com> <20190904201933.10736-12-cyphar@cyphar.com> <7236f382d72130f2afbbe8940e72cc67e5c6dce0.camel@kernel.org> To: Linus Torvalds Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Sep 7, 2019, at 10:45 AM, Linus Torvalds wrote: >=20 >> On Sat, Sep 7, 2019 at 10:42 AM Andy Lutomirski wro= te: >>=20 >> Linus, you rejected resolveat() because you wanted a *nice* API >=20 > No. I rejected resoveat() because it was a completely broken garbage > API that couldn't do even basic stuff right (like O_CREAT). >=20 > We have a ton of flag space in the new openat2() model, we might as > well leave the old flags alone that people are (a) used to and (b) we > have code to support _anyway_. >=20 > Making up a new flag namespace is only going to cause us - and users - > more work, and more confusion. For no actual advantage. It's not going > to be "cleaner". It's just going to be worse. >=20 >=20 If we keep all the flag bits in the same mask with the same values, then we=E2= =80=99re stuck with O_RDONLY=3D0 and everything that implies. We=E2=80=99ll= have UPGRADE_READ that works differently from the missing plain-old-READ bi= t, and we can=E2=80=99t express execute-only-no-read-or-write. This sucks. Can we at least split the permission bits into their own mask and make bits 0= and 1 illegal in the main set of flags in openat2? There=E2=80=99s another thread going on right now about adding a bit along t= he lines of =E2=80=9CMAYEXEC=E2=80=9D, and one of the conclusions was that i= t should wait for openat2 so that it can have same semantics. If we=E2=80=99= re stuck with O_RDONLY and friends, then MAYEXEC is doomed to being at least= a bit nonsensical. As an analogy, AMD64 introduced bigger PTEs but kept the same nonsense encod= ing of read and write permission. And then we got NX, and now we=E2=80=99re g= etting little holes in the encoding stolen by CET to mean new silly things. = I don=E2=80=99t know if you=E2=80=99ve been following the various rounds of= patches, but it is truly horrible. The mapping from meaning to the actual b= its is *shit*, and AMD64 should have made a clean break instead. open()=E2=80=99s permission bits are basically the same situation. And the k= ernel *already* has a non-type-safe translation layer. Please, please let op= enat2() at least get rid of the turd in open()=E2=80=99s bits 0 and 1.