Received: by 2002:ab2:6991:0:b0:1f7:f6c3:9cb1 with SMTP id v17csp398024lqo; Wed, 8 May 2024 03:17:34 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUXychPWuDv00L4dN7F11+ynznz/Wx43pI6YWpinqhW92HzIDGNNeJdzBwVQnAbj/7Yecw0OkH/TYXzqYFRrLDzbnydtCikroyMTcAf5Q== X-Google-Smtp-Source: AGHT+IG2n0gJyHFgMo1CblemXcbk5sDZdoz45JuE4OuqHb2GRENFiH6dp9qvDxSHSWCHQ8v2P0fL X-Received: by 2002:a05:6a00:3c94:b0:6f4:b4a2:ab3b with SMTP id d2e1a72fcca58-6f4b4a2aca4mr686954b3a.24.1715163454575; Wed, 08 May 2024 03:17:34 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715163454; cv=pass; d=google.com; s=arc-20160816; b=cCMqvBT00sp9mlpa6DLLACm8KhWJ8jAlLNS+R++6M0RkdNw7O4e5SxfR7hNXQE2R0/ ME8sQyiJhYOVP1TDcTfUTq8F6ZSmoMCs3BaC/jMC7Hwz9nnJtm6pNmEOW3ETFxgDXoOa bCGV58BvQhvrb1ee3a05ap7PIhETOKhl+Tpppd/85NKMKXeqEVXp/SSGNnzefnM02Yz6 FXWE1iSAR7/uyqCjldmccTt37uK8H6S6xS95mTxCWSxm9cv3UDODAksgyr7K+FGU+VtI l5b3XqLDDzjutUDdC+qnMOwab+SuN98WXsfMiuh5YNZYg0YQU3WLIwfQkHMNvkX+6app B1pg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=S+BWxWglwnZUZnGyFpUPgnV1mCsoeh6qA/546wIK99M=; fh=t6EVjKMEsJwgGV3NyoCHQUD748WqxEUdh83Eu+6Mlek=; b=VTlxjq4O1leb+2xY7aABC4D7WpdNbz6hgEOOHxZ6e9vcaYCMzgMRAV225Y5ZNP2SA0 Mw/OV0y6U/GagS2gaJosMogLZPVw8UMm7AHQMxYmsjZfOehitRfTBT9p+UHVGTzK047v JHNuZ35dEMPSY97/Pb6XMCTvsd2QPNLRIhfBaiy3PUtlKtVyFYKD7jGDA2XRYd8Y7eVj 6h6PjmkxpeWrHIeUbONgwY1mvZ17XuyybWi+PSdkvPpMKluwCbI0GuTaZxANYNFjrPn0 O1jqiPXdpow2pAdmHld7y0sBs3pcflBU5tfWJzUCSN6+B/uVfe4M0bb1oOu7rV8rycI9 BpNg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="DvJSFi/P"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-173048-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-173048-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id 6-20020a631446000000b005dc85b86649si12249936pgu.686.2024.05.08.03.17.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 May 2024 03:17:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-173048-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="DvJSFi/P"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-173048-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-173048-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id DCE79284E8E for ; Wed, 8 May 2024 10:17:33 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2D7397F7FF; Wed, 8 May 2024 10:16:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="DvJSFi/P" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 368977F7C1; Wed, 8 May 2024 10:16:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715163400; cv=none; b=YvXh9BLk12MGnOkgNVdwG4saSI4auFMt0bwuMAL1Jr5S3LQKdjxRgnfSp27K9R1aZebDsh0y/S93NsbTn5DSKUQ5tNUpoSDU/IUoyWjvV1uk/vU2w0dKItinSl/rxGNJpDP8wb2Btqz9BiPtjDJ+frhhz6T2Is+ZoXT4pvHadyw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715163400; c=relaxed/simple; bh=WfYGyrtX+04z3bybKd65o2+F1bSnlXhpl/TxRURTuSY=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=fGKtHK99wMSiSjUHZ2dp7G6cz4c28co5dm/28v+o8x8vgUJqmz5vLN2/rUfPBB7jzF/oqBId7BQKRR0SkBXNEE+IxKWXPRY5NA1KMeGlN9cuU7btNTNh5WhavJvaT4yKukPgSeCG+egdP99XikkJDRdC0liltdkgxu0cPrp/zcg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=DvJSFi/P; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id D96A5C4AF66; Wed, 8 May 2024 10:16:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1715163399; bh=WfYGyrtX+04z3bybKd65o2+F1bSnlXhpl/TxRURTuSY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=DvJSFi/PQtF6c2val1GNJIqbfRMi4rZzXYlYXy28NhIErSX+W9YhcrS44LD5Y7Mm8 VpCCMswWkpbYN1s2W0DTiJKzZuR5fV3GtSxMf9al0Z0qY8+Rt1urbUaCD8bFRGVuQS e1MOGBnhSY0o90karmKFiePgu2ve9aou6O3Qjcp6lSf7t3UBfWH3/BhJDP2nw3DONG BWq71ij+KrCH5w2Ibu5C6bZmpUS7kW8pRGQZOLlIuBktKlhOE7VlJEpFupa/xeC6fA dRjUab7Mh9usEGH2x7wp8AR9pBj2jDA5EoDKJ0T7f89zk0XIgi88dZKfq8YWqk5Htj BW7Mww9oc6wGg== Date: Wed, 8 May 2024 12:16:32 +0200 From: Christian Brauner To: Daniel Vetter Cc: Christian =?utf-8?B?S8O2bmln?= , Linus Torvalds , Simon Ser , Pekka Paalanen , Al Viro , keescook@chromium.org, axboe@kernel.dk, christian.koenig@amd.com, dri-devel@lists.freedesktop.org, io-uring@vger.kernel.org, jack@suse.cz, laura@labbott.name, linaro-mm-sig@lists.linaro.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, minhquangbui99@gmail.com, sumit.semwal@linaro.org, syzbot+045b454ab35fd82a35fb@syzkaller.appspotmail.com, syzkaller-bugs@googlegroups.com Subject: Re: [Linaro-mm-sig] Re: [PATCH] epoll: try to be a _bit_ better about file lifetimes Message-ID: <20240508-zukauf-clinchen-c52792f8ad02@brauner> References: <20240504-wohngebiet-restwert-6c3c94fddbdd@brauner> <040b32b8-c4df-4121-bb0d-f0c6ee9e123d@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: On Wed, May 08, 2024 at 10:32:08AM +0200, Daniel Vetter wrote: > On Wed, May 08, 2024 at 07:55:08AM +0200, Christian König wrote: > > Am 07.05.24 um 21:07 schrieb Linus Torvalds: > > > On Tue, 7 May 2024 at 11:04, Daniel Vetter wrote: > > > > On Tue, May 07, 2024 at 09:46:31AM -0700, Linus Torvalds wrote: > > > > > > > > > I'd be perfectly ok with adding a generic "FISAME" VFS level ioctl > > > > > too, if this is possibly a more common thing. and not just DRM wants > > > > > it. > > > > > > > > > > Would something like that work for you? > > > > Yes. > > > > > > > > Adding Simon and Pekka as two of the usual suspects for this kind of > > > > stuff. Also example code (the int return value is just so that callers know > > > > when kcmp isn't available, they all only care about equality): > > > > > > > > https://gitlab.freedesktop.org/mesa/mesa/-/blob/main/src/util/os_file.c#L239 > > > That example thing shows that we shouldn't make it a FISAME ioctl - we > > > should make it a fcntl() instead, and it would just be a companion to > > > F_DUPFD. > > > > > > Doesn't that strike everybody as a *much* cleaner interface? I think > > > F_ISDUP would work very naturally indeed with F_DUPFD. > > > > > > Yes? No? > > > > Sounds absolutely sane to me. > > Yeah fcntl(fd1, F_ISDUP, fd2); sounds extremely reasonable to me too. > > Aside, after some irc discussions I paged a few more of the relevant info > back in, and at least for dma-buf we kinda sorted this out by going away > from the singleton inode in this patch: ed63bb1d1f84 ("dma-buf: give each > buffer a full-fledged inode") > > It's uapi now so we can't ever undo that, but with hindsight just the > F_ISDUP is really what we wanted. Because we have no need for that inode > aside from the unique inode number that's only used to compare dma-buf fd > for sameness, e.g. > > https://gitlab.freedesktop.org/wlroots/wlroots/-/blob/master/render/vulkan/texture.c#L490 > > The one question I have is whether this could lead to some exploit tools, > because at least the android conformance test suite verifies that kcmp > isn't available to apps (which is where we need it, because even with all > the binder-based isolation gpu userspace still all run in the application > process due to performance reasons, any ipc at all is just too much). > > Otoh if we just add this to drm fd as an ioctl somewhere, then it will > also be available to every android app because they all do need the gpu > for rendering. So going with the full generic fcntl is probably best. > -Sima fcntl() will call security_file_fcntl(). IIRC, Android uses selinux and I'm pretty certain they'd disallow any fcntl() operations they deems unsafe. So a kernel update for them would likely require allow-listing the new fcntl(). Or if they do allow all new fnctl()s by default they'd have to disallow it if they thought that's an issue but really I don't even think there's any issue in that. I think kcmp() is a different problem because you can use it to compare objects from different tasks. The generic fcntl() wouldn't allow that.