Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp45451rwe; Wed, 31 Aug 2022 16:06:37 -0700 (PDT) X-Google-Smtp-Source: AA6agR42jQmjz313NxKQRB9dKFal3mQorj+kftuxlawApFQDW/PyYxgHqgrDsMLn94DQvGH34BTG X-Received: by 2002:a05:6402:28c3:b0:43a:6d78:1b64 with SMTP id ef3-20020a05640228c300b0043a6d781b64mr26489991edb.93.1661987196968; Wed, 31 Aug 2022 16:06:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661987196; cv=none; d=google.com; s=arc-20160816; b=xskwmkbqdaWyQHLs24vh0QBwK5076kFCPPKKDjCbG16bmw95bQyuNHB88b90TbQhpR 1oj7bAwixy7B6oWqBq/oI/DKV0nRXqTHDk48kRrmeGAkHTSacebBP06SFUHA9VhUrI52 6gGeGeWcpOQ7JJP0JN62kDeobVK43w93fk/dI7ctt7YwI8rzc25QyXxXV0Z2ZvY3JLYr 0isbE2zbZllVgZNHApDmKNTj4g9/Yz1Ns7OEIgdEL2pSmdaLdyWFGrstqm1ip3vyr9ht tQEIEJzheflYy5FXGrLPI/NppNcGXuCniX+SQYVjQf8iBKzQEe/myuMOC2UpxRvv4jfn l5jQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=pYm+OJZ/TWf4BrwMl+a6D7AiKW4DyIXMD3Q3PmPJ9t0=; b=slreZX0tALjGpAJbb2woQpCKzWUBbF/vKveOlQEQd6AzlQ0xB+pLLDoC3oeGc9qbF6 WcpKB1gUYC9KjV1uT9W5u2/LRl9JfMCOYxMqLn4IE+gi461I999Lq8tQQE4M5Eiw3tmR uKH0eG8ExWUAVT2EAG9gitONJjxx1qNTrLPjtGpTtteMWhVAju6iKZmWu1m7K0LSv5zT xiaANkZtByb4/MDxaWx67Re79hItzkH/V1swduTkZYh38D0/H7AOOwK8aQ9IU7wrmHjU S2jT8mnnQFG2UXWnzumfJyJ2rQbqunlCrd1EYO3/+SrOk0LW8syfJ1QdyAotCPIebDA0 zZ/w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.org.uk header.s=zeniv-20220401 header.b=Pzy2DmyR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zeniv.linux.org.uk Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i7-20020a170906a28700b0073d7109d023si4539166ejz.442.2022.08.31.16.05.40; Wed, 31 Aug 2022 16:06:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.org.uk header.s=zeniv-20220401 header.b=Pzy2DmyR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zeniv.linux.org.uk Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232127AbiHaWSA (ORCPT + 99 others); Wed, 31 Aug 2022 18:18:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45468 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229567AbiHaWR6 (ORCPT ); Wed, 31 Aug 2022 18:17:58 -0400 Received: from zeniv.linux.org.uk (zeniv.linux.org.uk [IPv6:2a03:a000:7:0:5054:ff:fe1c:15ff]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6F191E9926; Wed, 31 Aug 2022 15:17:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=linux.org.uk; s=zeniv-20220401; h=Sender:In-Reply-To: Content-Transfer-Encoding:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description; bh=pYm+OJZ/TWf4BrwMl+a6D7AiKW4DyIXMD3Q3PmPJ9t0=; b=Pzy2DmyRzwYok40yKeubZLuOfD iofNAjQR0rCmGUAnHyRPg1DUeZqX4rtrKajdqp7KCChT9q1TZhE4IXOIWLCAAolof17cZO42giknP 34awWlH9moDh09zBeOrYdHBQ3zVdWIywqsVKBNZmxn6ZLM9YX9K+hsinQEn5LVeaFSZDJBJViCzau 95mEf6y7V7bOdOtq7115ef9JW+1iS6GjFNGcoGBiX2vTqEW868ZqIpCx0cKYVJXfAULIij5EG1wcu DEi7vJF52FMB2enDyiSWfqUsMO8w4ZXF7p/Y5f3Se1evmsSAMAqk5CdMIN1bP2AKQQYix9A1ycFoM hBS0K+pA==; Received: from viro by zeniv.linux.org.uk with local (Exim 4.95 #2 (Red Hat Linux)) id 1oTW1y-00Akq9-PO; Wed, 31 Aug 2022 22:17:54 +0000 Date: Wed, 31 Aug 2022 23:17:54 +0100 From: Al Viro To: Christian =?iso-8859-1?Q?G=F6ttsche?= Cc: selinux@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org Subject: Re: [RFC PATCH 1/2] fs/xattr: add *at family syscalls Message-ID: References: <20220830152858.14866-1-cgzones@googlemail.com> <20220830152858.14866-2-cgzones@googlemail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20220830152858.14866-2-cgzones@googlemail.com> Sender: Al Viro X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [linux-arch Cc'd for ABI-related stuff] On Tue, Aug 30, 2022 at 05:28:39PM +0200, Christian G?ttsche wrote: > Add the four syscalls setxattrat(), getxattrat(), listxattrat() and > removexattrat() to enable extended attribute operations via file > descriptors. This can be used from userspace to avoid race conditions, > especially on security related extended attributes, like SELinux labels > ("security.selinux") via setfiles(8). > > Use the do_{name}at() pattern from fs/open.c. > Use a single flag parameter for extended attribute flags (currently > XATTR_CREATE and XATTR_REPLACE) and *at() flags to not exceed six > syscall arguments in setxattrat(). I've no problems with the patchset aside of the flags part; however, note that XATTR_CREATE and XATTR_REPLACE are actually exposed to the network - the values are passed to nfsd by clients. See nfsd4_decode_setxattr() and BUILD_BUG_ON(XATTR_CREATE != SETXATTR4_CREATE); BUILD_BUG_ON(XATTR_REPLACE != SETXATTR4_REPLACE); in encode_setxattr() on the client side. Makes me really nervous about constraints like that. Sure, AT_... flags you are using are in the second octet and these are in the lowest one, but...