Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp2517949pxk; Sun, 20 Sep 2020 07:01:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyJ1zf5i3/QfIlgcwVQzBSpDS9HN8t9FUf46RS6EisGI2m9pstV64mrYl8z9tLcpHLIyAW+ X-Received: by 2002:a50:cd51:: with SMTP id d17mr18615417edj.93.1600610467133; Sun, 20 Sep 2020 07:01:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600610467; cv=none; d=google.com; s=arc-20160816; b=W57x4ueV6FgYypmjEIV2yov47sOH3LF8W4V97n+Rm0xgaT3zSIub1e6HnIJ4azQAqZ vJpBvODy+l6utohD4C48FM90InYlqNH6OM0TPCU+pbrOfOl2tHYJTrhq634agDPycI44 6jU8ZN1Hh7fl/qrRABQsbMyBGu+IvYC+reX5xfp5+2oDeoqLp1GasKSubT3/Zar354tM U46LHScs8dYd4bNvxsrhzkblnpwxWMRALzkUVr8QMSzZKAgRyfPnB0yJfytRsGqdfCJN lyPm4zNEayECrDYLuhv2OFNxQ2WPt9ja6J0wuI6VALm+o6gbzOcYejQP6SMwc/IDGJCI aogw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version; bh=VLq1Dd4/H8/JUb8ykdNGH3Zv3qLN7U13pc1gjIZwPM8=; b=x4OHdnPiA+xHHQx9BGgJf/+rdC+OofrhrUFW9ga9rkbxO+9UHTVT9w+uuc04ID7eQa bss7BQ8JObrlaZ/63kgxLGfdBdiQcIUVXLRFxI/WNIUJX+0JjzY4Lsxy1loE5GLMMrfN 9XOmqYq22WhyE8XXCM0Ysw4BrLeLyh629ttUcQZv1E884gsDEX/dGRlSYWEFpY6aWYmM +v4EnBoq4aFbvFmCh7EAUNq4c+pafzETkhP6JylqKJZA0gzMEM67BmyCJ/iVYwmRtLBH 4AAqXQY7QHBD62RCk0mUjUuM/sIgG5Wj++4EeoEHjQgMvgEmZQVvoKZwo0SzWNyz0z6K vcZA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 23si6532513edv.417.2020.09.20.07.00.13; Sun, 20 Sep 2020 07:01:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726452AbgITN4K (ORCPT + 99 others); Sun, 20 Sep 2020 09:56:10 -0400 Received: from mout.kundenserver.de ([212.227.126.131]:46411 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726305AbgITN4J (ORCPT ); Sun, 20 Sep 2020 09:56:09 -0400 Received: from mail-qk1-f179.google.com ([209.85.222.179]) by mrelayeu.kundenserver.de (mreue011 [212.227.15.129]) with ESMTPSA (Nemesis) id 1MMoOy-1k1Dwv2q28-00Ijbf; Sun, 20 Sep 2020 15:56:05 +0200 Received: by mail-qk1-f179.google.com with SMTP id w16so12205786qkj.7; Sun, 20 Sep 2020 06:56:04 -0700 (PDT) X-Gm-Message-State: AOAM533+Tg7GsRoHCgP40ir59ld5C/1Vm0N7+PC3SG26gIqEIleq3ONH fksm3LFFVG+V0/cydp/yoybdjQO0QWCzFdtRnVg= X-Received: by 2002:a37:a495:: with SMTP id n143mr41151530qke.394.1600610163343; Sun, 20 Sep 2020 06:56:03 -0700 (PDT) MIME-Version: 1.0 References: <20200918124533.3487701-1-hch@lst.de> <20200918124533.3487701-2-hch@lst.de> <20200918134012.GY3421308@ZenIV.linux.org.uk> <20200918134406.GA17064@lst.de> <20200918135822.GZ3421308@ZenIV.linux.org.uk> <20200918151615.GA23432@lst.de> <20200919220920.GI3421308@ZenIV.linux.org.uk> In-Reply-To: <20200919220920.GI3421308@ZenIV.linux.org.uk> From: Arnd Bergmann Date: Sun, 20 Sep 2020 15:55:47 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 1/9] kernel: add a PF_FORCE_COMPAT flag To: Al Viro Cc: Christoph Hellwig , Andrew Morton , Jens Axboe , David Howells , Linux ARM , "the arch/x86 maintainers" , "linux-kernel@vger.kernel.org" , "open list:BROADCOM NVRAM DRIVER" , Parisc List , linuxppc-dev , linux-s390 , sparclinux , linux-block , linux-scsi , Linux FS-devel Mailing List , linux-aio , io-uring@vger.kernel.org, linux-arch , Linux-MM , Networking , keyrings@vger.kernel.org, LSM List Content-Type: text/plain; charset="UTF-8" X-Provags-ID: V03:K1:DEeFGJUPrk6u/LSjSFLEBpcAP+oeK32PoUjTZYC6fPIs6n+k1mv XDMz6XlgCh1Nyx4j17+27me+L64NgDjpVdd7dXJCFrjon/aTAyIu+oh95nm9X9KaWl6wa9w jNEmllGRXAiSS7LrTZQ8rS4tQWtbNU8yEqoB7YoTh84C0NTdLZyWEaqn7c0+w0xlPbaxYu4 ur3P1v08FrYIfJVpNVfUg== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:6mkBVY6Bong=:SqXPt0trLeYLMHgx1cvXuJ U5p4iiPSwCCzF8iboycWFBfO05sNkLPSd9pwnBrqqztOBcPkNasCWa49qwp+g4/XCsXhPAeIp ZEo2wIs2JuHkQHCsr1J07cwiEuu+Jpl8XT2iP7S5i5y3yZeYsvvpW+zjEoGvo0lUUzt50b+DF d+etXRDTAS4MI0KZwR66GwCASGNxKnFcidiAQ7uHqKF4jBCdVZRVVC3unjWR/zDQrf1UsSGl5 yiA+FMkQ1meD61zxEhK4DYTj39EHaC1fCYgevYfr50bwM5KeXfxunkJdrXZB40zmP6hwiP8U7 ZAYUI2x6IdnJZ7j005UTxSUKkFfiSfHKfIcRoNLVxmyXZFSZpZv1lHhqR5Lc7mlnrYMV7yfwX jEWPWgGYdVS/0Pqp4mDctdka7FBBmnDQpnQCFWndo9r29o5kZmF/0FWZTAYaiXIc1zXQ0CNGs ITo99AkK8c2i8ikDCjq3PgczN6CdTTM3aiqzqHKeSvyXfbkvI1hCX/5ydNZHKVZf8msKr2S8H vq/kWx12tz5+znGWLFrLlf7992gz4tbGhg+ohl2KdxHhWBaLbGq7B7TrxKF2dX7bnaN+L5Zp/ vJ8JYq605hJO1se4r8NW3ew1++WG531E7DL/6Lx0YnzfRjxiToXb8Pg4KnyC0djlxEMEwUAlv CmSJKACAV0HY6EMSYJ8+oWpo6MOxbBfBPrBaLdo9nEybAZsqUhO7gMBhw4FLPWxPNJ4TahNDG ZB13aOM7zMIaLy9bXTcJUkAShP8ZyjBNl+F3C7ClxLkP593ksjcwF70rTpIg8nnqaoxY/0Dee smdON9VOaGsvyMjHBc085FK8V3s316O5YhVW2qcAg2UzaNBdL/34eax1MABsisTpCdIrIGW Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Sep 20, 2020 at 12:09 AM Al Viro wrote: > On Fri, Sep 18, 2020 at 05:16:15PM +0200, Christoph Hellwig wrote: > > On Fri, Sep 18, 2020 at 02:58:22PM +0100, Al Viro wrote: > > > Said that, why not provide a variant that would take an explicit > > > "is it compat" argument and use it there? And have the normal > > > one pass in_compat_syscall() to that... > > > > That would help to not introduce a regression with this series yes. > > But it wouldn't fix existing bugs when io_uring is used to access > > read or write methods that use in_compat_syscall(). One example that > > I recently ran into is drivers/scsi/sg.c. > > So screw such read/write methods - don't use them with io_uring. > That, BTW, is one of the reasons I'm sceptical about burying the > decisions deep into the callchain - we don't _want_ different > data layouts on read/write depending upon the 32bit vs. 64bit > caller, let alone the pointer-chasing garbage that is /dev/sg. Would it be too late to limit what kind of file descriptors we allow io_uring to read/write on? If io_uring can get changed to return -EINVAL on trying to read/write something other than S_IFREG file descriptors, that particular problem space gets a lot simpler, but this is of course only possible if nobody actually relies on it yet. Arnd