Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp1806893rdd; Thu, 11 Jan 2024 09:44:40 -0800 (PST) X-Google-Smtp-Source: AGHT+IHjbumk3WursQz80FPACwMUmkwsK1Wu4jlk0vzF0f49QQDMHczduuWe1fOs3akTFtuyJJSW X-Received: by 2002:a05:6a21:a592:b0:199:a963:45a3 with SMTP id gd18-20020a056a21a59200b00199a96345a3mr236916pzc.66.1704995080394; Thu, 11 Jan 2024 09:44:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704995080; cv=none; d=google.com; s=arc-20160816; b=yXx2Yu1TcNcTU0ZC6melEA2jWi1T0Pn2Z5ellf7MXZQKSOTlvf+An7uIN+c8khW1m+ SRuHHfpPe4EyEGbkc8oeveU8g/64HZXqct1ubVXER8R9NTOtvHlMcNLsrTo5VXUjCNXL MAEtau6XxmMG0e9o+VK/KhDuawVgbpayvAs56RXuDKOMfP43ROC65SEj2GbEt1IkBtcI 6uKiLDcWN8GyVtOrmFX9KFmBA536mf+q4tdIq5I3+lVuruFfiPDpUQ00rhZykk7IrGu1 N4YZ+QfjNAi48uL/eHYzcVm5+vV+0cTAAnV0lUwqstTj15FB1Z77aaw3nsjKv3LgqSkP nzlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :dkim-signature; bh=wE5ZuBbJGZvm1+tXWIds9qs34jd9tFXTLXg/uz/Nfmc=; fh=3kO2JIme55MkqTiixzf0iGQIFrSEgMY6BpKF61c7A/Q=; b=vXQBvMWKh1hsiwzkdSeI2iAIxOL1rypBskDm+44wEDkYr6Ra+pLJpAH6NJgTRu5Mub YpJVed+gBS+rRcSHVnI1Lxddl901D1V6Sr8soD+lw8K6/7CX7E2RB5PP827Wfoj99ZGo J5QcN+PdCBwmtAZnx82YnTR/mNkv+ED+Bm66V3c7z4VKIfAbGnr4WWZB6MDSbgASy55V f/sDYDTLpiGIaisQAS9xt0+d0Bs3Luyr95tkdlGbtcTDM/FQX5sFKZP/0cUtsuhy+P4C hUc4ZOD7DULl+jUR9XekBIqNUuRj0+Wib/muFEmRk9jKW8LF0H+CuvdmGpRoIE+ABz6P 0SrA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=hGPI6AfT; spf=pass (google.com: domain of linux-kernel+bounces-23946-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-23946-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id m128-20020a632686000000b005cdfe91fb80si1644337pgm.416.2024.01.11.09.44.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Jan 2024 09:44:40 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-23946-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=hGPI6AfT; spf=pass (google.com: domain of linux-kernel+bounces-23946-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-23946-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id D46C7B21C4E for ; Thu, 11 Jan 2024 17:43:06 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B9E14524D7; Thu, 11 Jan 2024 17:42:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b="hGPI6AfT" Received: from mail-lf1-f54.google.com (mail-lf1-f54.google.com [209.85.167.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3D17F524C0 for ; Thu, 11 Jan 2024 17:42:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linuxfoundation.org Received: by mail-lf1-f54.google.com with SMTP id 2adb3069b0e04-50ea8fbf261so6546843e87.2 for ; Thu, 11 Jan 2024 09:42:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; t=1704994973; x=1705599773; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=wE5ZuBbJGZvm1+tXWIds9qs34jd9tFXTLXg/uz/Nfmc=; b=hGPI6AfTrIFUGvVvZYrrxh9N00hZDXya3xpRJAPAXO60QdOMZbQf8Qcc8gjXc/mRMs 907GFs9/cSTUIXbbWpVL2bdmy2fILqJRdwkpXUvqHhHDNPZIhXY1N9fzFG3QhZwPI3pY ZW+bhOMsf8wkcJQ65zXjA/iNFYgt+j1qhJ9IY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704994973; x=1705599773; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=wE5ZuBbJGZvm1+tXWIds9qs34jd9tFXTLXg/uz/Nfmc=; b=Uc7maWdLCL6NGM7NO6uStML8UxKgC35CBMgwxraKt113i2xZJ4B698x47MjpHncz7M zGeQTN/QqiAr5XxMFB1kZ9BQwNtymgbK/hdJkm3rw0G6R79nQJBr0Dt5tEwz4JKFB+io yncIs1fdZyjyCI25t9in3ZyhIl5Lvyg+F6jyH+eyUw2oEz+OpePJmk+5oHnDNidMxw78 LUMrcObwgE2ThhU7ewV0R6MBrhgtDuB7qVCTtzCNjLIYZPe9KPiCzkexsuvzwst9+01N CtsL8Rr+tdS2zeYjpGfLMXKEez08zaCMeCqbDGRL1khyNFOBkMMXd9zg/zZBkAXLEApb NDGQ== X-Gm-Message-State: AOJu0YyPK8xd1ubGkKbex8SripfHpkIXgu6Pu9Py7FkrGzf9QUY50Q/y 3NDii5zbz6KmgqDNQtQyV3HHgB5PenK+hVupiuCTJa4e1RvTs9Jm X-Received: by 2002:a05:6512:3e06:b0:50e:35ef:681f with SMTP id i6-20020a0565123e0600b0050e35ef681fmr25876lfv.139.1704994973075; Thu, 11 Jan 2024 09:42:53 -0800 (PST) Received: from mail-ej1-f48.google.com (mail-ej1-f48.google.com. [209.85.218.48]) by smtp.gmail.com with ESMTPSA id y11-20020a170906524b00b00a233515c39esm827172ejm.67.2024.01.11.09.42.52 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 11 Jan 2024 09:42:52 -0800 (PST) Received: by mail-ej1-f48.google.com with SMTP id a640c23a62f3a-a2ac304e526so489767766b.0 for ; Thu, 11 Jan 2024 09:42:52 -0800 (PST) X-Received: by 2002:a17:906:318a:b0:a2b:9580:c447 with SMTP id 10-20020a170906318a00b00a2b9580c447mr11535ejy.110.1704994971881; Thu, 11 Jan 2024 09:42:51 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <202401081028.0E908F9E0A@keescook> <20240111094711.GT1674809@ZenIV> <20240111100501.GU1674809@ZenIV> In-Reply-To: <20240111100501.GU1674809@ZenIV> From: Linus Torvalds Date: Thu, 11 Jan 2024 09:42:35 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [GIT PULL] execve updates for v6.8-rc1 To: Al Viro Cc: Josh Triplett , Kees Cook , Kees Cook , linux-kernel@vger.kernel.org, Alexey Dobriyan Content-Type: text/plain; charset="UTF-8" On Thu, 11 Jan 2024 at 02:05, Al Viro wrote: > > Something like (completely untested) delta below, perhaps? No, this looks horrible. This doesn't actually get rid of the early filp allocation for execve(), it only seems to get rid of the repeated allocation for when the RCU lookup fails. And *that* is much easier to get rid of differently: just do the file allocation in do_filp_open(), instead of path_openat. We'd need to have some way to make sure that there is no left-over crud from the RCU path into the next stage, but that doesn't look bad. So the "path_openat() allocates filp on each invocation" looks fairly easy. It's the "don't allocate filp until you actually need it" that looks nasty. And yes, atomic_open() is part of the problem, but so is the fact that wee end up saving some flags in the filp early. Linus