Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp8073233rwb;
        Tue, 13 Dec 2022 01:36:17 -0800 (PST)
X-Google-Smtp-Source: AA0mqf7FI7ID/wwRK1PRuERwoogDbSr9qR3ek1RUyUWMb2J9xano9BN7206v7GxNkuipJyAJHwoV
X-Received: by 2002:a05:6402:1607:b0:46c:72fb:3810 with SMTP id f7-20020a056402160700b0046c72fb3810mr22737071edv.41.1670924176959;
        Tue, 13 Dec 2022 01:36:16 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1670924176; cv=none;
        d=google.com; s=arc-20160816;
        b=eoApjMCLL7qgh24Uhd3Ak3NVgayechkwnhBmClWgilvYZVbxmshI36n1Y9NsEIIkqj
         fKIOzWFMh4RKtdnSEqsipH9ibI89YrRyjR5bOvzhxh5KVru7X7FpaMjSE0R7hW540cFs
         ZoY9febp18wDXhuwuBcZBLzbjHZ0kxYf1xmoZxlHCpNvU/pJU9ycto+Zr+hpyE1HwH8n
         zJAgKgdsw9wMakLzrMnrPzJh/VBU2qHdpjSo57MNpDXanQV4omAogdqZpELwW1AXd9g0
         4jrBZBQfbTDOVXmcR+kiGab2I9SyWV4/sOmsJhqiAqNg+iw4l7YVt529twq6oneTZ2vk
         L+Kg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=+wvIEVCAeTtRK6K2/lfowGHqVI+URSceNiAJp2o6a7U=;
        b=EmGhjLUCXW4DL60HLqz1VajDKoGX42nnsY2jVQ2qft6v4nwGSGZHfm57QF3nv3v3Ek
         Zs5v+biPBcxyXN/QfWKXanIGXRCzRqXimR76AmwwkWv2JwDlfC678ZvC6ftetxzZ+zSv
         l+76PVCviqFknrEK+c5jvKAw8Sx9dl+9K8EqdvHoLYYV70Fg2AGLeq1wfM5bR2lyCcUb
         1RugK4CjkX2mHUAr5kLRlsEw1GkC0jxIW85b5MuOCeMVqz2PrchBNca3hNBzhMlSfSFe
         mEeKd7LsP0gd26UibtuUkKR9r7L7gK9atzr68dkaLYe0D8igMRqFMUy/rwDTgsIkAonj
         biHg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=DnKMSZqD;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id m6-20020a056402510600b0046443638c9esi10419107edd.262.2022.12.13.01.35.59;
        Tue, 13 Dec 2022 01:36:16 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=DnKMSZqD;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234673AbiLMJU1 (ORCPT <rfc822;41i3n8@gmail.com> + 75 others);
        Tue, 13 Dec 2022 04:20:27 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51038 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234570AbiLMJTz (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 13 Dec 2022 04:19:55 -0500
Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1C132BFB;
        Tue, 13 Dec 2022 01:19:45 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id A6951B810DF;
        Tue, 13 Dec 2022 09:19:43 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 32500C433EF;
        Tue, 13 Dec 2022 09:19:40 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1670923182;
        bh=tFne0xthz+EtxoclkKpYRT/JOXwYWJ7gjsUvH8OM7I4=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=DnKMSZqDUBWL1JuPMZAxngIXaWqyoSy7c8zHUtL5eMi3GJCFdcMx6cOvWDS9sqaQC
         6x5/dlLuZoEZNx0fECKM+Bn4+deLKKKUsRY0cMVCOq/cGNaFyFwjMHtX19/wsSfgFM
         X4rsXRLfQqP5rpBa9cA2m+fJUZVt0Xz4BGfTQbdj6AlWomQ2fLEPrLQP612/90aPkJ
         ZsHyW06fy9OK85cbAhuy4FepC4R223CVZQpWgZbP54vWFmPhEefWrDzvGWI6iCBIPq
         m1BUbPTzi6S2JYJPn7OXinZ6pHLUv3zxF2QDujq1QDbfITvZV5axMRb4YyPke8SbkB
         1PgYg7rNDqPAA==
Date:   Tue, 13 Dec 2022 10:19:37 +0100
From:   Christian Brauner <brauner@kernel.org>
To:     Linus Torvalds <torvalds@linux-foundation.org>
Cc:     linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [GIT PULL] vfsuid updates for v6.2
Message-ID: <20221213091937.dmshin7hd6hqsliq@wittgenstein>
References: <20221212123348.169903-1-brauner@kernel.org>
 <CAHk-=wj4BpEwUd=OkTv1F9uykvSrsBNZJVHMp+p_+e2kiV71_A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CAHk-=wj4BpEwUd=OkTv1F9uykvSrsBNZJVHMp+p_+e2kiV71_A@mail.gmail.com>
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Dec 12, 2022 at 07:28:59PM -0800, Linus Torvalds wrote:
> On Mon, Dec 12, 2022 at 4:34 AM Christian Brauner <brauner@kernel.org> wrote:
> >
> > This pull request converts all remaining places that still make use of non-type
> > safe idmapping helpers to rely on the new type safe vfs{g,u}id based helpers.
> > Afterwards it removes all the old non-type safe helpers.
> 
> So I've pulled this, but I'm not entirely happy about some of those
> crazy helpers.
> 
> In particular, the whole "ordering" helpers are really not something
> that should be used in general, I feel. I'm talking about
> vfsuid_gt_kuid() and friends - it's an entirely insane operation and
> makes no sense at all.

Oh yes, I very much agree.

> 
> Yes, yes, I understand why they exist (those crazy IMA rules), but I

I would've really liked to have avoided their existence altogether but I
have no clear idea what ima is doing with these comparisons. And
everytime we do wider scoped vfs work I spend about 1 or 2 good weeks in
security/ just to understand what all the various security modules do,
audit callchains and then come up with something that doesn't break half
of them. And often this means unpleasant compromises in the vfs layer
which I really don't like.

And just to be clear, I don't want to be on of those "LSMs are bad"
people. I do really think they provide additional value.
But I think it's fair to acknowledge that the hook infrastructure with
multiple LSMs makes the vfs and developers pay when reworking codepaths.

And the fact that some things that are LSM-like (ima etc.) have separate
hooks doesn't help either.

> feel that those functions *really* shouldn't be exposed to anybody
> else.
> 
> IOW, making those insane functions available in <linux/idmapping.h>
> really seems wrong to me. They are crazy special cases, and I think
> they should exist purely in that crazy ima_security file.
> 
> Again - I've pulled this, but I'm hoping to see a future commit that
> limits that craziness to the only user, in the hope that this disease
> will never spread.

Let me see what I can do about this. Hopefully I can still find
something during the merge window.