Received: by 2002:a05:7412:37c9:b0:e2:908c:2ebd with SMTP id jz9csp515121rdb; Tue, 19 Sep 2023 02:13:43 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFMYCCM4EWoSQYrqyztMmC6BcU7svy02wyNufLCwIyrxz1QKxkLRP3r0UMcmN+GjcbPYBm6 X-Received: by 2002:a17:902:a40b:b0:1c3:9a8f:d335 with SMTP id p11-20020a170902a40b00b001c39a8fd335mr11915978plq.57.1695114823572; Tue, 19 Sep 2023 02:13:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695114823; cv=none; d=google.com; s=arc-20160816; b=eSzTOhNz3jVsmSBTtVRhLGuByci2jxg/K6uJ1JTaqBFBIWQop4GE403X2YtHP1BzRI OggKrrI9tyQ+0MKVrWsR5CBDgr9x9DqMUPbDd9RqLdIitjqnbu1Z+e20lnNBcL6mi218 THGA/C5k6g3ukKLss32Kg486RGuZxACKYSgrw755PXLZxlCTuR7DtN9Efosqcx13YwuQ ypUhq+X51SUWtiHyZaaI8+903UTe0WDKgE16gRaRMMSOJ7tOD7xBBMsMEHZyDV41j3bA keGkbcYGpOXG0qT538TY827qKfgGI+WG7LFtn15Zen1Bj7Rgy0KKfe9B/xLJ+y2sQEBq 4Ldw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=Ys81MNXPuIxJw0eT1PyeHtqMbOgKndEGxSzK+pIIIc4=; fh=aWualqhZ1OKxVaSfTexDf/5JzxN6tiwKNL7ZrL5MHZQ=; b=Pn8qzuFAQr4YWXEmRZ9SNgMEpMFhi7q5hxvYNfZoc9s0OkZvTQYQoqvNrkHwaOMmEX RuqVEa/zCNwjztNDUHGDhXE174KguFthTr3+gQisjiFjaU0S0kxvj001m3RP/aXytAzN zel0zmS8o0WMK3AZF0/N7r2pKUQAGIWk0pFvhRElTR18uXPvCw183NH8JcGdfbdFwYSw 5PQ15RiGZwxy1Y03wVnEXAmNy4vf2sX0RrhVjofQ2uR4O+/vmLJ5i8muK+VTlkpXVu5o 5155jD2iCA33moMsY83PR87OLRgeQll5vqF/MyuA0DI9jIwrmw8q+sUfeCnoXGFo93wD jXRQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=jpjM+7H4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id m1-20020a170902d18100b001c4401a7e18si6239230plb.382.2023.09.19.02.13.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Sep 2023 02:13:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=jpjM+7H4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 998CC804D8E0; Tue, 19 Sep 2023 02:07:57 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229714AbjISJHx (ORCPT + 99 others); Tue, 19 Sep 2023 05:07:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44608 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230477AbjISJHv (ORCPT ); Tue, 19 Sep 2023 05:07:51 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BA848EC; Tue, 19 Sep 2023 02:07:45 -0700 (PDT) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 50CF5C433C8; Tue, 19 Sep 2023 09:07:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1695114465; bh=B/Kioz3f57QDGw85DtiGtnUTyVRNwLeq2/Ex7+Ek1iw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=jpjM+7H48CgdX5cq5vTfg1JsM1JSl8Hss8/ZKcySHZIHl2GAIoKjqO0BvawtpgLn2 Vj4qIXupZpioMYlg80kzFkhZQiFsmuKzuM+yIetGbJ+P97b4qFWt6ou7ddUBwuVKCb 5XiwKS1JkF0RTOgGzfAoSyOLhWkTtbguwzivGItlnlgBB0blE2s4Bh0X0roGzSabGJ IvALVx1LdHT1Fo+HeyidZbBDgIZSJ6+2lIRLq3m96q1z6H9xP4ahhy8Jl4Q0YO3gWT EqS6KOsOUPKbovR10LFE58pqjprrLEu1vRx+E6TXobKtMWgGUe8jbUH/6dQhZqzSBS noE/I2NXjNWdQ== Date: Tue, 19 Sep 2023 11:07:39 +0200 From: Christian Brauner To: Miklos Szeredi Cc: Matthew House , Miklos Szeredi , Linus Torvalds , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-man@vger.kernel.org, linux-security-module@vger.kernel.org, Karel Zak , Ian Kent , David Howells , Al Viro , Christian Brauner , Amir Goldstein Subject: Re: [RFC PATCH 2/3] add statmnt(2) syscall Message-ID: <20230919-abfedern-halfen-c12583ff93ac@brauner> References: <20230918-grafik-zutreffen-995b321017ae@brauner> <20230918-hierbei-erhielten-ba5ef74a5b52@brauner> <20230918-stuhl-spannend-9904d4addc93@brauner> <20230918-bestialisch-brutkasten-1fb34abdc33c@brauner> <20230919003800.93141-1-mattlloydhouse@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Tue, 19 Sep 2023 02:07:57 -0700 (PDT) On Tue, Sep 19, 2023 at 10:02:17AM +0200, Miklos Szeredi wrote: > On Tue, 19 Sept 2023 at 02:38, Matthew House wrote: > > > One natural solution is to set either of the two lengths to the expected > > size if the provided buffer are too small. That way, the caller learns both > > which of the buffers is too small, and how large they need to be. Replacing > > a provided size with an expected size in this way already has precedent in > > existing syscalls: > > This is where the thread started. Knowing the size of the buffer is > no good, since the needed buffer could change between calls. The same problem would exist for the single buffer. Realistically, users will most often simply use a fixed size PATH_MAX buffer that will cover most cases and fallback to allocating a larger buffer in case things go awry. I don't think we need to make this atomic either. Providing a hint for the required buffer size in case this fails is good enough and should be a rather rare occurence and is exactly how other variable-sized buffers are handled. > Also having the helper allocate buffers inside the struct could easily > result in leaks since it's not obvious what the caller needs to free, I don't think we need to be overly concerned with how userspace implements the wrapper here. Leaks can occur in both scenarios and low-level userspace can use automatic cleanup macros (we even support it in the kernel since v6.5) to harden against this. Really, the main things I care about are 64 bit alignment of the whole struct, typed __u64 pointers with __u32 size for mnt_root and mnt_point and that we please spell out "mount" and not use "mnt": so statmount because the new mount api uses "mount" (move_mount(), mount_setattr(), fsmount(), MOUNT_ATTR_*) almost everywhere.