LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH 0/4] uapi, vfs: Change the mount API UAPI [ver #2]
@ 2019-05-16 11:52 David Howells
  2019-05-16 11:52 ` [PATCH 1/4] uapi, fs: make all new mount api fds cloexec by default " David Howells
                   ` (4 more replies)
  0 siblings, 5 replies; 21+ messages in thread
From: David Howells @ 2019-05-16 11:52 UTC (permalink / raw)
  To: torvalds, viro
  Cc: Christian Brauner, Arnd Bergmann, dhowells, christian, arnd,
	linux-fsdevel, linux-kernel


Hi Linus, Al,

Here are some patches that make changes to the mount API UAPI and two of
them really need applying, before -rc1 - if they're going to be applied at
all.

The following changes are made:

 (1) Make the file descriptors returned by open_tree(), fsopen(), fspick()
     and fsmount() O_CLOEXEC by default and remove the flags that allow
     this to be specified from the UAPI, shuffling other flags down as
     appropriate.  fcntl() can still be used to change the flag.

 (2) Make the name of the anon inode object "[fscontext]" with square
     brackets to match other users.

 (3) Fix the numbering of the mount API syscalls to be in the common space
     rather than in the arch-specific space.

 (4) Wire up the mount API syscalls on all arches (it's only on x86
     currently).

Thanks,
David
---
Christian Brauner (2):
      uapi, fs: make all new mount api fds cloexec by default
      uapi, fsopen: use square brackets around "fscontext"

David Howells (2):
      uapi, x86: Fix the syscall numbering of the mount API syscalls
      uapi: Wire up the mount API syscalls on non-x86 arches


 arch/alpha/kernel/syscalls/syscall.tbl      |    6 ++++++
 arch/arm/tools/syscall.tbl                  |    6 ++++++
 arch/arm64/include/asm/unistd.h             |    2 +-
 arch/arm64/include/asm/unistd32.h           |   12 ++++++++++++
 arch/ia64/kernel/syscalls/syscall.tbl       |    6 ++++++
 arch/m68k/kernel/syscalls/syscall.tbl       |    6 ++++++
 arch/microblaze/kernel/syscalls/syscall.tbl |    6 ++++++
 arch/mips/kernel/syscalls/syscall_n32.tbl   |    6 ++++++
 arch/mips/kernel/syscalls/syscall_n64.tbl   |    6 ++++++
 arch/mips/kernel/syscalls/syscall_o32.tbl   |    6 ++++++
 arch/parisc/kernel/syscalls/syscall.tbl     |    6 ++++++
 arch/powerpc/kernel/syscalls/syscall.tbl    |    6 ++++++
 arch/s390/kernel/syscalls/syscall.tbl       |    6 ++++++
 arch/sh/kernel/syscalls/syscall.tbl         |    6 ++++++
 arch/sparc/kernel/syscalls/syscall.tbl      |    6 ++++++
 arch/x86/entry/syscalls/syscall_32.tbl      |   12 ++++++------
 arch/x86/entry/syscalls/syscall_64.tbl      |   12 ++++++------
 arch/xtensa/kernel/syscalls/syscall.tbl     |    6 ++++++
 fs/fsopen.c                                 |   15 +++++++--------
 fs/namespace.c                              |   11 ++++-------
 include/uapi/asm-generic/unistd.h           |   14 +++++++++++++-
 include/uapi/linux/mount.h                  |   18 +++---------------
 22 files changed, 136 insertions(+), 44 deletions(-)


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [PATCH 1/4] uapi, fs: make all new mount api fds cloexec by default [ver #2]
  2019-05-16 11:52 [PATCH 0/4] uapi, vfs: Change the mount API UAPI [ver #2] David Howells
@ 2019-05-16 11:52 ` David Howells
  2019-05-16 11:52 ` [PATCH 2/4] uapi, fsopen: use square brackets around "fscontext" " David Howells
                   ` (3 subsequent siblings)
  4 siblings, 0 replies; 21+ messages in thread
From: David Howells @ 2019-05-16 11:52 UTC (permalink / raw)
  To: torvalds, viro
  Cc: Christian Brauner, dhowells, christian, arnd, linux-fsdevel,
	linux-kernel

From: Christian Brauner <christian@brauner.io>

This makes all file descriptors returned from new syscalls of the new mount
api cloexec by default.

>From a userspace perspective it is rarely the case that fds are supposed to
be inherited across exec. Having them not cloexec by default forces
userspace to remember to pass the <SPECIFIC>_CLOEXEC flag along or to
invoke fcntl() on the fd to prevent leaking it. And leaking the fd is a
much bigger issue than forgetting to remove the cloexec flag and failing to
inherit the fd.
For old fd types we can't break userspace. But for new ones we should
whenever reasonable make them cloexec by default (Examples of this policy
are the new seccomp notify fds and also pidfds.). If userspace wants to
inherit fds across exec they can remove the O_CLOEXEC flag and so opt in to
inheritance explicitly.

This patch also has the advantage that we can get rid of all the special
flags per file descriptor type for the new mount api. In total this lets us
remove 4 flags:
- FSMOUNT_CLOEXEC
- FSOPEN_CLOEXEC
- FSPICK_CLOEXEC
- OPEN_TREE_CLOEXEC

Signed-off-by: Christian Brauner <christian@brauner.io>
Signed-off-by: David Howells <dhowells@redhat.com>
---

 fs/fsopen.c                |   13 ++++++-------
 fs/namespace.c             |   11 ++++-------
 include/uapi/linux/mount.h |   18 +++---------------
 3 files changed, 13 insertions(+), 29 deletions(-)

diff --git a/fs/fsopen.c b/fs/fsopen.c
index 3bb9c0c8cbcc..a38fa8c616cf 100644
--- a/fs/fsopen.c
+++ b/fs/fsopen.c
@@ -88,12 +88,12 @@ const struct file_operations fscontext_fops = {
 /*
  * Attach a filesystem context to a file and an fd.
  */
-static int fscontext_create_fd(struct fs_context *fc, unsigned int o_flags)
+static int fscontext_create_fd(struct fs_context *fc)
 {
 	int fd;
 
 	fd = anon_inode_getfd("fscontext", &fscontext_fops, fc,
-			      O_RDWR | o_flags);
+			      O_RDWR | O_CLOEXEC);
 	if (fd < 0)
 		put_fs_context(fc);
 	return fd;
@@ -126,7 +126,7 @@ SYSCALL_DEFINE2(fsopen, const char __user *, _fs_name, unsigned int, flags)
 	if (!ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN))
 		return -EPERM;
 
-	if (flags & ~FSOPEN_CLOEXEC)
+	if (flags)
 		return -EINVAL;
 
 	fs_name = strndup_user(_fs_name, PAGE_SIZE);
@@ -149,7 +149,7 @@ SYSCALL_DEFINE2(fsopen, const char __user *, _fs_name, unsigned int, flags)
 	if (ret < 0)
 		goto err_fc;
 
-	return fscontext_create_fd(fc, flags & FSOPEN_CLOEXEC ? O_CLOEXEC : 0);
+	return fscontext_create_fd(fc);
 
 err_fc:
 	put_fs_context(fc);
@@ -169,8 +169,7 @@ SYSCALL_DEFINE3(fspick, int, dfd, const char __user *, path, unsigned int, flags
 	if (!ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN))
 		return -EPERM;
 
-	if ((flags & ~(FSPICK_CLOEXEC |
-		       FSPICK_SYMLINK_NOFOLLOW |
+	if ((flags & ~(FSPICK_SYMLINK_NOFOLLOW |
 		       FSPICK_NO_AUTOMOUNT |
 		       FSPICK_EMPTY_PATH)) != 0)
 		return -EINVAL;
@@ -203,7 +202,7 @@ SYSCALL_DEFINE3(fspick, int, dfd, const char __user *, path, unsigned int, flags
 		goto err_fc;
 
 	path_put(&target);
-	return fscontext_create_fd(fc, flags & FSPICK_CLOEXEC ? O_CLOEXEC : 0);
+	return fscontext_create_fd(fc);
 
 err_fc:
 	put_fs_context(fc);
diff --git a/fs/namespace.c b/fs/namespace.c
index ffb13f0562b0..3d14e83787b1 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2369,11 +2369,8 @@ SYSCALL_DEFINE3(open_tree, int, dfd, const char *, filename, unsigned, flags)
 	int error;
 	int fd;
 
-	BUILD_BUG_ON(OPEN_TREE_CLOEXEC != O_CLOEXEC);
-
 	if (flags & ~(AT_EMPTY_PATH | AT_NO_AUTOMOUNT | AT_RECURSIVE |
-		      AT_SYMLINK_NOFOLLOW | OPEN_TREE_CLONE |
-		      OPEN_TREE_CLOEXEC))
+		      AT_SYMLINK_NOFOLLOW | OPEN_TREE_CLONE))
 		return -EINVAL;
 
 	if ((flags & (AT_RECURSIVE | OPEN_TREE_CLONE)) == AT_RECURSIVE)
@@ -2389,7 +2386,7 @@ SYSCALL_DEFINE3(open_tree, int, dfd, const char *, filename, unsigned, flags)
 	if (detached && !may_mount())
 		return -EPERM;
 
-	fd = get_unused_fd_flags(flags & O_CLOEXEC);
+	fd = get_unused_fd_flags(O_CLOEXEC);
 	if (fd < 0)
 		return fd;
 
@@ -3352,7 +3349,7 @@ SYSCALL_DEFINE3(fsmount, int, fs_fd, unsigned int, flags,
 	if (!may_mount())
 		return -EPERM;
 
-	if ((flags & ~(FSMOUNT_CLOEXEC)) != 0)
+	if (flags)
 		return -EINVAL;
 
 	if (attr_flags & ~(MOUNT_ATTR_RDONLY |
@@ -3457,7 +3454,7 @@ SYSCALL_DEFINE3(fsmount, int, fs_fd, unsigned int, flags,
 	}
 	file->f_mode |= FMODE_NEED_UNMOUNT;
 
-	ret = get_unused_fd_flags((flags & FSMOUNT_CLOEXEC) ? O_CLOEXEC : 0);
+	ret = get_unused_fd_flags(O_CLOEXEC);
 	if (ret >= 0)
 		fd_install(ret, file);
 	else
diff --git a/include/uapi/linux/mount.h b/include/uapi/linux/mount.h
index 96a0240f23fe..c688e4ac843b 100644
--- a/include/uapi/linux/mount.h
+++ b/include/uapi/linux/mount.h
@@ -59,7 +59,6 @@
  * open_tree() flags.
  */
 #define OPEN_TREE_CLONE		1		/* Clone the target tree and attach the clone */
-#define OPEN_TREE_CLOEXEC	O_CLOEXEC	/* Close the file on execve() */
 
 /*
  * move_mount() flags.
@@ -72,18 +71,12 @@
 #define MOVE_MOUNT_T_EMPTY_PATH		0x00000040 /* Empty to path permitted */
 #define MOVE_MOUNT__MASK		0x00000077
 
-/*
- * fsopen() flags.
- */
-#define FSOPEN_CLOEXEC		0x00000001
-
 /*
  * fspick() flags.
  */
-#define FSPICK_CLOEXEC		0x00000001
-#define FSPICK_SYMLINK_NOFOLLOW	0x00000002
-#define FSPICK_NO_AUTOMOUNT	0x00000004
-#define FSPICK_EMPTY_PATH	0x00000008
+#define FSPICK_SYMLINK_NOFOLLOW	0x00000001
+#define FSPICK_NO_AUTOMOUNT	0x00000002
+#define FSPICK_EMPTY_PATH	0x00000004
 
 /*
  * The type of fsconfig() call made.
@@ -99,11 +92,6 @@ enum fsconfig_command {
 	FSCONFIG_CMD_RECONFIGURE = 7,	/* Invoke superblock reconfiguration */
 };
 
-/*
- * fsmount() flags.
- */
-#define FSMOUNT_CLOEXEC		0x00000001
-
 /*
  * Mount attributes.
  */


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [PATCH 2/4] uapi, fsopen: use square brackets around "fscontext" [ver #2]
  2019-05-16 11:52 [PATCH 0/4] uapi, vfs: Change the mount API UAPI [ver #2] David Howells
  2019-05-16 11:52 ` [PATCH 1/4] uapi, fs: make all new mount api fds cloexec by default " David Howells
@ 2019-05-16 11:52 ` David Howells
  2019-05-16 11:52 ` [PATCH 3/4] uapi, x86: Fix the syscall numbering of the mount API syscalls " David Howells
                   ` (2 subsequent siblings)
  4 siblings, 0 replies; 21+ messages in thread
From: David Howells @ 2019-05-16 11:52 UTC (permalink / raw)
  To: torvalds, viro
  Cc: Christian Brauner, dhowells, christian, arnd, linux-fsdevel,
	linux-kernel

From: Christian Brauner <christian@brauner.io>

Make the name of the anon inode fd "[fscontext]" instead of "fscontext".
This is minor but most core-kernel anon inode fds already carry square
brackets around their name:

[eventfd]
[eventpoll]
[fanotify]
[io_uring]
[pidfd]
[signalfd]
[timerfd]
[userfaultfd]

For the sake of consistency lets do the same for the fscontext anon inode
fd that comes with the new mount api.

Signed-off-by: Christian Brauner <christian@brauner.io>
Signed-off-by: David Howells <dhowells@redhat.com>
---

 fs/fsopen.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/fsopen.c b/fs/fsopen.c
index a38fa8c616cf..83d0d2001bb2 100644
--- a/fs/fsopen.c
+++ b/fs/fsopen.c
@@ -92,7 +92,7 @@ static int fscontext_create_fd(struct fs_context *fc)
 {
 	int fd;
 
-	fd = anon_inode_getfd("fscontext", &fscontext_fops, fc,
+	fd = anon_inode_getfd("[fscontext]", &fscontext_fops, fc,
 			      O_RDWR | O_CLOEXEC);
 	if (fd < 0)
 		put_fs_context(fc);


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [PATCH 3/4] uapi, x86: Fix the syscall numbering of the mount API syscalls [ver #2]
  2019-05-16 11:52 [PATCH 0/4] uapi, vfs: Change the mount API UAPI [ver #2] David Howells
  2019-05-16 11:52 ` [PATCH 1/4] uapi, fs: make all new mount api fds cloexec by default " David Howells
  2019-05-16 11:52 ` [PATCH 2/4] uapi, fsopen: use square brackets around "fscontext" " David Howells
@ 2019-05-16 11:52 ` David Howells
  2019-05-16 13:01   ` Christian Brauner
  2019-05-16 11:52 ` [PATCH 4/4] uapi: Wire up the mount API syscalls on non-x86 arches " David Howells
  2019-05-16 16:22 ` [PATCH 0/4] uapi, vfs: Change the mount API UAPI " Al Viro
  4 siblings, 1 reply; 21+ messages in thread
From: David Howells @ 2019-05-16 11:52 UTC (permalink / raw)
  To: torvalds, viro
  Cc: Arnd Bergmann, Arnd Bergmann, dhowells, christian, arnd,
	linux-fsdevel, linux-kernel

Fix the syscall numbering of the mount API syscalls so that the numbers
match between i386 and x86_64 and that they're in the common numbering
scheme space.

Fixes: a07b20004793 ("vfs: syscall: Add open_tree(2) to reference or clone a mount")
Fixes: 2db154b3ea8e ("vfs: syscall: Add move_mount(2) to move mounts around")
Fixes: 24dcb3d90a1f ("vfs: syscall: Add fsopen() to prepare for superblock creation")
Fixes: ecdab150fddb ("vfs: syscall: Add fsconfig() for configuring and managing a context")
Fixes: 93766fbd2696 ("vfs: syscall: Add fsmount() to create a mount for a superblock")
Fixes: cf3cba4a429b ("vfs: syscall: Add fspick() to select a superblock for reconfiguration")
Reported-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
---

 arch/x86/entry/syscalls/syscall_32.tbl |   12 ++++++------
 arch/x86/entry/syscalls/syscall_64.tbl |   12 ++++++------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/arch/x86/entry/syscalls/syscall_32.tbl b/arch/x86/entry/syscalls/syscall_32.tbl
index 4cd5f982b1e5..ad968b7bac72 100644
--- a/arch/x86/entry/syscalls/syscall_32.tbl
+++ b/arch/x86/entry/syscalls/syscall_32.tbl
@@ -398,12 +398,6 @@
 384	i386	arch_prctl		sys_arch_prctl			__ia32_compat_sys_arch_prctl
 385	i386	io_pgetevents		sys_io_pgetevents_time32	__ia32_compat_sys_io_pgetevents
 386	i386	rseq			sys_rseq			__ia32_sys_rseq
-387	i386	open_tree		sys_open_tree			__ia32_sys_open_tree
-388	i386	move_mount		sys_move_mount			__ia32_sys_move_mount
-389	i386	fsopen			sys_fsopen			__ia32_sys_fsopen
-390	i386	fsconfig		sys_fsconfig			__ia32_sys_fsconfig
-391	i386	fsmount			sys_fsmount			__ia32_sys_fsmount
-392	i386	fspick			sys_fspick			__ia32_sys_fspick
 393	i386	semget			sys_semget    			__ia32_sys_semget
 394	i386	semctl			sys_semctl    			__ia32_compat_sys_semctl
 395	i386	shmget			sys_shmget    			__ia32_sys_shmget
@@ -438,3 +432,9 @@
 425	i386	io_uring_setup		sys_io_uring_setup		__ia32_sys_io_uring_setup
 426	i386	io_uring_enter		sys_io_uring_enter		__ia32_sys_io_uring_enter
 427	i386	io_uring_register	sys_io_uring_register		__ia32_sys_io_uring_register
+428	i386	open_tree		sys_open_tree			__ia32_sys_open_tree
+429	i386	move_mount		sys_move_mount			__ia32_sys_move_mount
+430	i386	fsopen			sys_fsopen			__ia32_sys_fsopen
+431	i386	fsconfig		sys_fsconfig			__ia32_sys_fsconfig
+432	i386	fsmount			sys_fsmount			__ia32_sys_fsmount
+433	i386	fspick			sys_fspick			__ia32_sys_fspick
diff --git a/arch/x86/entry/syscalls/syscall_64.tbl b/arch/x86/entry/syscalls/syscall_64.tbl
index 64ca0d06259a..b4e6f9e6204a 100644
--- a/arch/x86/entry/syscalls/syscall_64.tbl
+++ b/arch/x86/entry/syscalls/syscall_64.tbl
@@ -343,18 +343,18 @@
 332	common	statx			__x64_sys_statx
 333	common	io_pgetevents		__x64_sys_io_pgetevents
 334	common	rseq			__x64_sys_rseq
-335	common	open_tree		__x64_sys_open_tree
-336	common	move_mount		__x64_sys_move_mount
-337	common	fsopen			__x64_sys_fsopen
-338	common	fsconfig		__x64_sys_fsconfig
-339	common	fsmount			__x64_sys_fsmount
-340	common	fspick			__x64_sys_fspick
 # don't use numbers 387 through 423, add new calls after the last
 # 'common' entry
 424	common	pidfd_send_signal	__x64_sys_pidfd_send_signal
 425	common	io_uring_setup		__x64_sys_io_uring_setup
 426	common	io_uring_enter		__x64_sys_io_uring_enter
 427	common	io_uring_register	__x64_sys_io_uring_register
+428	common	open_tree		__x64_sys_open_tree
+429	common	move_mount		__x64_sys_move_mount
+430	common	fsopen			__x64_sys_fsopen
+431	common	fsconfig		__x64_sys_fsconfig
+432	common	fsmount			__x64_sys_fsmount
+433	common	fspick			__x64_sys_fspick
 
 #
 # x32-specific system call numbers start at 512 to avoid cache impact


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [PATCH 4/4] uapi: Wire up the mount API syscalls on non-x86 arches [ver #2]
  2019-05-16 11:52 [PATCH 0/4] uapi, vfs: Change the mount API UAPI [ver #2] David Howells
                   ` (2 preceding siblings ...)
  2019-05-16 11:52 ` [PATCH 3/4] uapi, x86: Fix the syscall numbering of the mount API syscalls " David Howells
@ 2019-05-16 11:52 ` David Howells
  2019-05-16 13:01   ` Christian Brauner
  2019-05-16 14:56   ` Geert Uytterhoeven
  2019-05-16 16:22 ` [PATCH 0/4] uapi, vfs: Change the mount API UAPI " Al Viro
  4 siblings, 2 replies; 21+ messages in thread
From: David Howells @ 2019-05-16 11:52 UTC (permalink / raw)
  To: torvalds, viro
  Cc: Arnd Bergmann, Arnd Bergmann, dhowells, christian, arnd,
	linux-fsdevel, linux-kernel

Wire up the mount API syscalls on non-x86 arches.

Reported-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
---

 arch/alpha/kernel/syscalls/syscall.tbl      |    6 ++++++
 arch/arm/tools/syscall.tbl                  |    6 ++++++
 arch/arm64/include/asm/unistd.h             |    2 +-
 arch/arm64/include/asm/unistd32.h           |   12 ++++++++++++
 arch/ia64/kernel/syscalls/syscall.tbl       |    6 ++++++
 arch/m68k/kernel/syscalls/syscall.tbl       |    6 ++++++
 arch/microblaze/kernel/syscalls/syscall.tbl |    6 ++++++
 arch/mips/kernel/syscalls/syscall_n32.tbl   |    6 ++++++
 arch/mips/kernel/syscalls/syscall_n64.tbl   |    6 ++++++
 arch/mips/kernel/syscalls/syscall_o32.tbl   |    6 ++++++
 arch/parisc/kernel/syscalls/syscall.tbl     |    6 ++++++
 arch/powerpc/kernel/syscalls/syscall.tbl    |    6 ++++++
 arch/s390/kernel/syscalls/syscall.tbl       |    6 ++++++
 arch/sh/kernel/syscalls/syscall.tbl         |    6 ++++++
 arch/sparc/kernel/syscalls/syscall.tbl      |    6 ++++++
 arch/xtensa/kernel/syscalls/syscall.tbl     |    6 ++++++
 include/uapi/asm-generic/unistd.h           |   14 +++++++++++++-
 17 files changed, 110 insertions(+), 2 deletions(-)

diff --git a/arch/alpha/kernel/syscalls/syscall.tbl b/arch/alpha/kernel/syscalls/syscall.tbl
index 165f268beafc..9e7704e44f6d 100644
--- a/arch/alpha/kernel/syscalls/syscall.tbl
+++ b/arch/alpha/kernel/syscalls/syscall.tbl
@@ -467,3 +467,9 @@
 535	common	io_uring_setup			sys_io_uring_setup
 536	common	io_uring_enter			sys_io_uring_enter
 537	common	io_uring_register		sys_io_uring_register
+538	common	open_tree			sys_open_tree
+539	common	move_mount			sys_move_mount
+540	common	fsopen				sys_fsopen
+541	common	fsconfig			sys_fsconfig
+542	common	fsmount				sys_fsmount
+543	common	fspick				sys_fspick
diff --git a/arch/arm/tools/syscall.tbl b/arch/arm/tools/syscall.tbl
index 0393917eaa57..aaf479a9e92d 100644
--- a/arch/arm/tools/syscall.tbl
+++ b/arch/arm/tools/syscall.tbl
@@ -441,3 +441,9 @@
 425	common	io_uring_setup			sys_io_uring_setup
 426	common	io_uring_enter			sys_io_uring_enter
 427	common	io_uring_register		sys_io_uring_register
+428	common	open_tree			sys_open_tree
+429	common	move_mount			sys_move_mount
+430	common	fsopen				sys_fsopen
+431	common	fsconfig			sys_fsconfig
+432	common	fsmount				sys_fsmount
+433	common	fspick				sys_fspick
diff --git a/arch/arm64/include/asm/unistd.h b/arch/arm64/include/asm/unistd.h
index f2a83ff6b73c..70e6882853c0 100644
--- a/arch/arm64/include/asm/unistd.h
+++ b/arch/arm64/include/asm/unistd.h
@@ -44,7 +44,7 @@
 #define __ARM_NR_compat_set_tls		(__ARM_NR_COMPAT_BASE + 5)
 #define __ARM_NR_COMPAT_END		(__ARM_NR_COMPAT_BASE + 0x800)
 
-#define __NR_compat_syscalls		428
+#define __NR_compat_syscalls		434
 #endif
 
 #define __ARCH_WANT_SYS_CLONE
diff --git a/arch/arm64/include/asm/unistd32.h b/arch/arm64/include/asm/unistd32.h
index 23f1a44acada..c39e90600bb3 100644
--- a/arch/arm64/include/asm/unistd32.h
+++ b/arch/arm64/include/asm/unistd32.h
@@ -874,6 +874,18 @@ __SYSCALL(__NR_io_uring_setup, sys_io_uring_setup)
 __SYSCALL(__NR_io_uring_enter, sys_io_uring_enter)
 #define __NR_io_uring_register 427
 __SYSCALL(__NR_io_uring_register, sys_io_uring_register)
+#define __NR_open_tree 428
+__SYSCALL(__NR_open_tree, sys_open_tree)
+#define __NR_move_mount 429
+__SYSCALL(__NR_move_mount, sys_move_mount)
+#define __NR_fsopen 430
+__SYSCALL(__NR_fsopen, sys_fsopen)
+#define __NR_fsconfig 431
+__SYSCALL(__NR_fsconfig, sys_fsconfig)
+#define __NR_fsmount 432
+__SYSCALL(__NR_fsmount, sys_fsmount)
+#define __NR_fspick 433
+__SYSCALL(__NR_fspick, sys_fspick)
 
 /*
  * Please add new compat syscalls above this comment and update
diff --git a/arch/ia64/kernel/syscalls/syscall.tbl b/arch/ia64/kernel/syscalls/syscall.tbl
index 56e3d0b685e1..e01df3f2f80d 100644
--- a/arch/ia64/kernel/syscalls/syscall.tbl
+++ b/arch/ia64/kernel/syscalls/syscall.tbl
@@ -348,3 +348,9 @@
 425	common	io_uring_setup			sys_io_uring_setup
 426	common	io_uring_enter			sys_io_uring_enter
 427	common	io_uring_register		sys_io_uring_register
+428	common	open_tree			sys_open_tree
+429	common	move_mount			sys_move_mount
+430	common	fsopen				sys_fsopen
+431	common	fsconfig			sys_fsconfig
+432	common	fsmount				sys_fsmount
+433	common	fspick				sys_fspick
diff --git a/arch/m68k/kernel/syscalls/syscall.tbl b/arch/m68k/kernel/syscalls/syscall.tbl
index df4ec3ec71d1..7e3d0734b2f3 100644
--- a/arch/m68k/kernel/syscalls/syscall.tbl
+++ b/arch/m68k/kernel/syscalls/syscall.tbl
@@ -427,3 +427,9 @@
 425	common	io_uring_setup			sys_io_uring_setup
 426	common	io_uring_enter			sys_io_uring_enter
 427	common	io_uring_register		sys_io_uring_register
+428	common	open_tree			sys_open_tree
+429	common	move_mount			sys_move_mount
+430	common	fsopen				sys_fsopen
+431	common	fsconfig			sys_fsconfig
+432	common	fsmount				sys_fsmount
+433	common	fspick				sys_fspick
diff --git a/arch/microblaze/kernel/syscalls/syscall.tbl b/arch/microblaze/kernel/syscalls/syscall.tbl
index 4964947732af..26339e417695 100644
--- a/arch/microblaze/kernel/syscalls/syscall.tbl
+++ b/arch/microblaze/kernel/syscalls/syscall.tbl
@@ -433,3 +433,9 @@
 425	common	io_uring_setup			sys_io_uring_setup
 426	common	io_uring_enter			sys_io_uring_enter
 427	common	io_uring_register		sys_io_uring_register
+428	common	open_tree			sys_open_tree
+429	common	move_mount			sys_move_mount
+430	common	fsopen				sys_fsopen
+431	common	fsconfig			sys_fsconfig
+432	common	fsmount				sys_fsmount
+433	common	fspick				sys_fspick
diff --git a/arch/mips/kernel/syscalls/syscall_n32.tbl b/arch/mips/kernel/syscalls/syscall_n32.tbl
index 9392dfe33f97..0e2dd68ade57 100644
--- a/arch/mips/kernel/syscalls/syscall_n32.tbl
+++ b/arch/mips/kernel/syscalls/syscall_n32.tbl
@@ -366,3 +366,9 @@
 425	n32	io_uring_setup			sys_io_uring_setup
 426	n32	io_uring_enter			sys_io_uring_enter
 427	n32	io_uring_register		sys_io_uring_register
+428	n32	open_tree			sys_open_tree
+429	n32	move_mount			sys_move_mount
+430	n32	fsopen				sys_fsopen
+431	n32	fsconfig			sys_fsconfig
+432	n32	fsmount				sys_fsmount
+433	n32	fspick				sys_fspick
diff --git a/arch/mips/kernel/syscalls/syscall_n64.tbl b/arch/mips/kernel/syscalls/syscall_n64.tbl
index cd0c8aa21fba..5eebfa0d155c 100644
--- a/arch/mips/kernel/syscalls/syscall_n64.tbl
+++ b/arch/mips/kernel/syscalls/syscall_n64.tbl
@@ -342,3 +342,9 @@
 425	n64	io_uring_setup			sys_io_uring_setup
 426	n64	io_uring_enter			sys_io_uring_enter
 427	n64	io_uring_register		sys_io_uring_register
+428	n64	open_tree			sys_open_tree
+429	n64	move_mount			sys_move_mount
+430	n64	fsopen				sys_fsopen
+431	n64	fsconfig			sys_fsconfig
+432	n64	fsmount				sys_fsmount
+433	n64	fspick				sys_fspick
diff --git a/arch/mips/kernel/syscalls/syscall_o32.tbl b/arch/mips/kernel/syscalls/syscall_o32.tbl
index e849e8ffe4a2..3cc1374e02d0 100644
--- a/arch/mips/kernel/syscalls/syscall_o32.tbl
+++ b/arch/mips/kernel/syscalls/syscall_o32.tbl
@@ -415,3 +415,9 @@
 425	o32	io_uring_setup			sys_io_uring_setup
 426	o32	io_uring_enter			sys_io_uring_enter
 427	o32	io_uring_register		sys_io_uring_register
+428	o32	open_tree			sys_open_tree
+429	o32	move_mount			sys_move_mount
+430	o32	fsopen				sys_fsopen
+431	o32	fsconfig			sys_fsconfig
+432	o32	fsmount				sys_fsmount
+433	o32	fspick				sys_fspick
diff --git a/arch/parisc/kernel/syscalls/syscall.tbl b/arch/parisc/kernel/syscalls/syscall.tbl
index fe8ca623add8..c9e377d59232 100644
--- a/arch/parisc/kernel/syscalls/syscall.tbl
+++ b/arch/parisc/kernel/syscalls/syscall.tbl
@@ -424,3 +424,9 @@
 425	common	io_uring_setup			sys_io_uring_setup
 426	common	io_uring_enter			sys_io_uring_enter
 427	common	io_uring_register		sys_io_uring_register
+428	common	open_tree			sys_open_tree
+429	common	move_mount			sys_move_mount
+430	common	fsopen				sys_fsopen
+431	common	fsconfig			sys_fsconfig
+432	common	fsmount				sys_fsmount
+433	common	fspick				sys_fspick
diff --git a/arch/powerpc/kernel/syscalls/syscall.tbl b/arch/powerpc/kernel/syscalls/syscall.tbl
index 00f5a63c8d9a..103655d84b4b 100644
--- a/arch/powerpc/kernel/syscalls/syscall.tbl
+++ b/arch/powerpc/kernel/syscalls/syscall.tbl
@@ -509,3 +509,9 @@
 425	common	io_uring_setup			sys_io_uring_setup
 426	common	io_uring_enter			sys_io_uring_enter
 427	common	io_uring_register		sys_io_uring_register
+428	common	open_tree			sys_open_tree
+429	common	move_mount			sys_move_mount
+430	common	fsopen				sys_fsopen
+431	common	fsconfig			sys_fsconfig
+432	common	fsmount				sys_fsmount
+433	common	fspick				sys_fspick
diff --git a/arch/s390/kernel/syscalls/syscall.tbl b/arch/s390/kernel/syscalls/syscall.tbl
index 061418f787c3..e822b2964a83 100644
--- a/arch/s390/kernel/syscalls/syscall.tbl
+++ b/arch/s390/kernel/syscalls/syscall.tbl
@@ -430,3 +430,9 @@
 425  common	io_uring_setup		sys_io_uring_setup              sys_io_uring_setup
 426  common	io_uring_enter		sys_io_uring_enter              sys_io_uring_enter
 427  common	io_uring_register	sys_io_uring_register           sys_io_uring_register
+428  common	open_tree		sys_open_tree			sys_open_tree
+429  common	move_mount		sys_move_mount			sys_move_mount
+430  common	fsopen			sys_fsopen			sys_fsopen
+431  common	fsconfig		sys_fsconfig			sys_fsconfig
+432  common	fsmount			sys_fsmount			sys_fsmount
+433  common	fspick			sys_fspick			sys_fspick
diff --git a/arch/sh/kernel/syscalls/syscall.tbl b/arch/sh/kernel/syscalls/syscall.tbl
index 480b057556ee..016a727d4357 100644
--- a/arch/sh/kernel/syscalls/syscall.tbl
+++ b/arch/sh/kernel/syscalls/syscall.tbl
@@ -430,3 +430,9 @@
 425	common	io_uring_setup			sys_io_uring_setup
 426	common	io_uring_enter			sys_io_uring_enter
 427	common	io_uring_register		sys_io_uring_register
+428	common	open_tree			sys_open_tree
+429	common	move_mount			sys_move_mount
+430	common	fsopen				sys_fsopen
+431	common	fsconfig			sys_fsconfig
+432	common	fsmount				sys_fsmount
+433	common	fspick				sys_fspick
diff --git a/arch/sparc/kernel/syscalls/syscall.tbl b/arch/sparc/kernel/syscalls/syscall.tbl
index a1dd24307b00..e047480b1605 100644
--- a/arch/sparc/kernel/syscalls/syscall.tbl
+++ b/arch/sparc/kernel/syscalls/syscall.tbl
@@ -473,3 +473,9 @@
 425	common	io_uring_setup			sys_io_uring_setup
 426	common	io_uring_enter			sys_io_uring_enter
 427	common	io_uring_register		sys_io_uring_register
+428	common	open_tree			sys_open_tree
+429	common	move_mount			sys_move_mount
+430	common	fsopen				sys_fsopen
+431	common	fsconfig			sys_fsconfig
+432	common	fsmount				sys_fsmount
+433	common	fspick				sys_fspick
diff --git a/arch/xtensa/kernel/syscalls/syscall.tbl b/arch/xtensa/kernel/syscalls/syscall.tbl
index 30084eaf8422..5fa0ee1c8e00 100644
--- a/arch/xtensa/kernel/syscalls/syscall.tbl
+++ b/arch/xtensa/kernel/syscalls/syscall.tbl
@@ -398,3 +398,9 @@
 425	common	io_uring_setup			sys_io_uring_setup
 426	common	io_uring_enter			sys_io_uring_enter
 427	common	io_uring_register		sys_io_uring_register
+428	common	open_tree			sys_open_tree
+429	common	move_mount			sys_move_mount
+430	common	fsopen				sys_fsopen
+431	common	fsconfig			sys_fsconfig
+432	common	fsmount				sys_fsmount
+433	common	fspick				sys_fspick
diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h
index dee7292e1df6..a87904daf103 100644
--- a/include/uapi/asm-generic/unistd.h
+++ b/include/uapi/asm-generic/unistd.h
@@ -832,9 +832,21 @@ __SYSCALL(__NR_io_uring_setup, sys_io_uring_setup)
 __SYSCALL(__NR_io_uring_enter, sys_io_uring_enter)
 #define __NR_io_uring_register 427
 __SYSCALL(__NR_io_uring_register, sys_io_uring_register)
+#define __NR_open_tree 428
+__SYSCALL(__NR_open_tree, sys_open_tree)
+#define __NR_move_mount 429
+__SYSCALL(__NR_move_mount, sys_move_mount)
+#define __NR_fsopen 430
+__SYSCALL(__NR_fsopen, sys_fsopen)
+#define __NR_fsconfig 431
+__SYSCALL(__NR_fsconfig, sys_fsconfig)
+#define __NR_fsmount 432
+__SYSCALL(__NR_fsmount, sys_fsmount)
+#define __NR_fspick 433
+__SYSCALL(__NR_fspick, sys_fspick)
 
 #undef __NR_syscalls
-#define __NR_syscalls 428
+#define __NR_syscalls 434
 
 /*
  * 32 bit systems traditionally used different


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 3/4] uapi, x86: Fix the syscall numbering of the mount API syscalls [ver #2]
  2019-05-16 11:52 ` [PATCH 3/4] uapi, x86: Fix the syscall numbering of the mount API syscalls " David Howells
@ 2019-05-16 13:01   ` Christian Brauner
  0 siblings, 0 replies; 21+ messages in thread
From: Christian Brauner @ 2019-05-16 13:01 UTC (permalink / raw)
  To: David Howells; +Cc: torvalds, viro, Arnd Bergmann, linux-fsdevel, linux-kernel

On Thu, May 16, 2019 at 12:52:27PM +0100, David Howells wrote:
> Fix the syscall numbering of the mount API syscalls so that the numbers
> match between i386 and x86_64 and that they're in the common numbering
> scheme space.
> 
> Fixes: a07b20004793 ("vfs: syscall: Add open_tree(2) to reference or clone a mount")
> Fixes: 2db154b3ea8e ("vfs: syscall: Add move_mount(2) to move mounts around")
> Fixes: 24dcb3d90a1f ("vfs: syscall: Add fsopen() to prepare for superblock creation")
> Fixes: ecdab150fddb ("vfs: syscall: Add fsconfig() for configuring and managing a context")
> Fixes: 93766fbd2696 ("vfs: syscall: Add fsmount() to create a mount for a superblock")
> Fixes: cf3cba4a429b ("vfs: syscall: Add fspick() to select a superblock for reconfiguration")
> Reported-by: Arnd Bergmann <arnd@arndb.de>
> Signed-off-by: David Howells <dhowells@redhat.com>
> Reviewed-by: Arnd Bergmann <arnd@arndb.de>

Reviewed-by: Christian Brauner <christian@brauner.io>

> ---
> 
>  arch/x86/entry/syscalls/syscall_32.tbl |   12 ++++++------
>  arch/x86/entry/syscalls/syscall_64.tbl |   12 ++++++------
>  2 files changed, 12 insertions(+), 12 deletions(-)
> 
> diff --git a/arch/x86/entry/syscalls/syscall_32.tbl b/arch/x86/entry/syscalls/syscall_32.tbl
> index 4cd5f982b1e5..ad968b7bac72 100644
> --- a/arch/x86/entry/syscalls/syscall_32.tbl
> +++ b/arch/x86/entry/syscalls/syscall_32.tbl
> @@ -398,12 +398,6 @@
>  384	i386	arch_prctl		sys_arch_prctl			__ia32_compat_sys_arch_prctl
>  385	i386	io_pgetevents		sys_io_pgetevents_time32	__ia32_compat_sys_io_pgetevents
>  386	i386	rseq			sys_rseq			__ia32_sys_rseq
> -387	i386	open_tree		sys_open_tree			__ia32_sys_open_tree
> -388	i386	move_mount		sys_move_mount			__ia32_sys_move_mount
> -389	i386	fsopen			sys_fsopen			__ia32_sys_fsopen
> -390	i386	fsconfig		sys_fsconfig			__ia32_sys_fsconfig
> -391	i386	fsmount			sys_fsmount			__ia32_sys_fsmount
> -392	i386	fspick			sys_fspick			__ia32_sys_fspick
>  393	i386	semget			sys_semget    			__ia32_sys_semget
>  394	i386	semctl			sys_semctl    			__ia32_compat_sys_semctl
>  395	i386	shmget			sys_shmget    			__ia32_sys_shmget
> @@ -438,3 +432,9 @@
>  425	i386	io_uring_setup		sys_io_uring_setup		__ia32_sys_io_uring_setup
>  426	i386	io_uring_enter		sys_io_uring_enter		__ia32_sys_io_uring_enter
>  427	i386	io_uring_register	sys_io_uring_register		__ia32_sys_io_uring_register
> +428	i386	open_tree		sys_open_tree			__ia32_sys_open_tree
> +429	i386	move_mount		sys_move_mount			__ia32_sys_move_mount
> +430	i386	fsopen			sys_fsopen			__ia32_sys_fsopen
> +431	i386	fsconfig		sys_fsconfig			__ia32_sys_fsconfig
> +432	i386	fsmount			sys_fsmount			__ia32_sys_fsmount
> +433	i386	fspick			sys_fspick			__ia32_sys_fspick
> diff --git a/arch/x86/entry/syscalls/syscall_64.tbl b/arch/x86/entry/syscalls/syscall_64.tbl
> index 64ca0d06259a..b4e6f9e6204a 100644
> --- a/arch/x86/entry/syscalls/syscall_64.tbl
> +++ b/arch/x86/entry/syscalls/syscall_64.tbl
> @@ -343,18 +343,18 @@
>  332	common	statx			__x64_sys_statx
>  333	common	io_pgetevents		__x64_sys_io_pgetevents
>  334	common	rseq			__x64_sys_rseq
> -335	common	open_tree		__x64_sys_open_tree
> -336	common	move_mount		__x64_sys_move_mount
> -337	common	fsopen			__x64_sys_fsopen
> -338	common	fsconfig		__x64_sys_fsconfig
> -339	common	fsmount			__x64_sys_fsmount
> -340	common	fspick			__x64_sys_fspick
>  # don't use numbers 387 through 423, add new calls after the last
>  # 'common' entry
>  424	common	pidfd_send_signal	__x64_sys_pidfd_send_signal
>  425	common	io_uring_setup		__x64_sys_io_uring_setup
>  426	common	io_uring_enter		__x64_sys_io_uring_enter
>  427	common	io_uring_register	__x64_sys_io_uring_register
> +428	common	open_tree		__x64_sys_open_tree
> +429	common	move_mount		__x64_sys_move_mount
> +430	common	fsopen			__x64_sys_fsopen
> +431	common	fsconfig		__x64_sys_fsconfig
> +432	common	fsmount			__x64_sys_fsmount
> +433	common	fspick			__x64_sys_fspick
>  
>  #
>  # x32-specific system call numbers start at 512 to avoid cache impact
> 

^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 4/4] uapi: Wire up the mount API syscalls on non-x86 arches [ver #2]
  2019-05-16 11:52 ` [PATCH 4/4] uapi: Wire up the mount API syscalls on non-x86 arches " David Howells
@ 2019-05-16 13:01   ` Christian Brauner
  2019-05-16 14:56   ` Geert Uytterhoeven
  1 sibling, 0 replies; 21+ messages in thread
From: Christian Brauner @ 2019-05-16 13:01 UTC (permalink / raw)
  To: David Howells; +Cc: torvalds, viro, Arnd Bergmann, linux-fsdevel, linux-kernel

On Thu, May 16, 2019 at 12:52:34PM +0100, David Howells wrote:
> Wire up the mount API syscalls on non-x86 arches.
> 
> Reported-by: Arnd Bergmann <arnd@arndb.de>
> Signed-off-by: David Howells <dhowells@redhat.com>
> Reviewed-by: Arnd Bergmann <arnd@arndb.de>

Reviewed-by: Christian Brauner <christian@brauner.io>

> ---
> 
>  arch/alpha/kernel/syscalls/syscall.tbl      |    6 ++++++
>  arch/arm/tools/syscall.tbl                  |    6 ++++++
>  arch/arm64/include/asm/unistd.h             |    2 +-
>  arch/arm64/include/asm/unistd32.h           |   12 ++++++++++++
>  arch/ia64/kernel/syscalls/syscall.tbl       |    6 ++++++
>  arch/m68k/kernel/syscalls/syscall.tbl       |    6 ++++++
>  arch/microblaze/kernel/syscalls/syscall.tbl |    6 ++++++
>  arch/mips/kernel/syscalls/syscall_n32.tbl   |    6 ++++++
>  arch/mips/kernel/syscalls/syscall_n64.tbl   |    6 ++++++
>  arch/mips/kernel/syscalls/syscall_o32.tbl   |    6 ++++++
>  arch/parisc/kernel/syscalls/syscall.tbl     |    6 ++++++
>  arch/powerpc/kernel/syscalls/syscall.tbl    |    6 ++++++
>  arch/s390/kernel/syscalls/syscall.tbl       |    6 ++++++
>  arch/sh/kernel/syscalls/syscall.tbl         |    6 ++++++
>  arch/sparc/kernel/syscalls/syscall.tbl      |    6 ++++++
>  arch/xtensa/kernel/syscalls/syscall.tbl     |    6 ++++++
>  include/uapi/asm-generic/unistd.h           |   14 +++++++++++++-
>  17 files changed, 110 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/alpha/kernel/syscalls/syscall.tbl b/arch/alpha/kernel/syscalls/syscall.tbl
> index 165f268beafc..9e7704e44f6d 100644
> --- a/arch/alpha/kernel/syscalls/syscall.tbl
> +++ b/arch/alpha/kernel/syscalls/syscall.tbl
> @@ -467,3 +467,9 @@
>  535	common	io_uring_setup			sys_io_uring_setup
>  536	common	io_uring_enter			sys_io_uring_enter
>  537	common	io_uring_register		sys_io_uring_register
> +538	common	open_tree			sys_open_tree
> +539	common	move_mount			sys_move_mount
> +540	common	fsopen				sys_fsopen
> +541	common	fsconfig			sys_fsconfig
> +542	common	fsmount				sys_fsmount
> +543	common	fspick				sys_fspick
> diff --git a/arch/arm/tools/syscall.tbl b/arch/arm/tools/syscall.tbl
> index 0393917eaa57..aaf479a9e92d 100644
> --- a/arch/arm/tools/syscall.tbl
> +++ b/arch/arm/tools/syscall.tbl
> @@ -441,3 +441,9 @@
>  425	common	io_uring_setup			sys_io_uring_setup
>  426	common	io_uring_enter			sys_io_uring_enter
>  427	common	io_uring_register		sys_io_uring_register
> +428	common	open_tree			sys_open_tree
> +429	common	move_mount			sys_move_mount
> +430	common	fsopen				sys_fsopen
> +431	common	fsconfig			sys_fsconfig
> +432	common	fsmount				sys_fsmount
> +433	common	fspick				sys_fspick
> diff --git a/arch/arm64/include/asm/unistd.h b/arch/arm64/include/asm/unistd.h
> index f2a83ff6b73c..70e6882853c0 100644
> --- a/arch/arm64/include/asm/unistd.h
> +++ b/arch/arm64/include/asm/unistd.h
> @@ -44,7 +44,7 @@
>  #define __ARM_NR_compat_set_tls		(__ARM_NR_COMPAT_BASE + 5)
>  #define __ARM_NR_COMPAT_END		(__ARM_NR_COMPAT_BASE + 0x800)
>  
> -#define __NR_compat_syscalls		428
> +#define __NR_compat_syscalls		434
>  #endif
>  
>  #define __ARCH_WANT_SYS_CLONE
> diff --git a/arch/arm64/include/asm/unistd32.h b/arch/arm64/include/asm/unistd32.h
> index 23f1a44acada..c39e90600bb3 100644
> --- a/arch/arm64/include/asm/unistd32.h
> +++ b/arch/arm64/include/asm/unistd32.h
> @@ -874,6 +874,18 @@ __SYSCALL(__NR_io_uring_setup, sys_io_uring_setup)
>  __SYSCALL(__NR_io_uring_enter, sys_io_uring_enter)
>  #define __NR_io_uring_register 427
>  __SYSCALL(__NR_io_uring_register, sys_io_uring_register)
> +#define __NR_open_tree 428
> +__SYSCALL(__NR_open_tree, sys_open_tree)
> +#define __NR_move_mount 429
> +__SYSCALL(__NR_move_mount, sys_move_mount)
> +#define __NR_fsopen 430
> +__SYSCALL(__NR_fsopen, sys_fsopen)
> +#define __NR_fsconfig 431
> +__SYSCALL(__NR_fsconfig, sys_fsconfig)
> +#define __NR_fsmount 432
> +__SYSCALL(__NR_fsmount, sys_fsmount)
> +#define __NR_fspick 433
> +__SYSCALL(__NR_fspick, sys_fspick)
>  
>  /*
>   * Please add new compat syscalls above this comment and update
> diff --git a/arch/ia64/kernel/syscalls/syscall.tbl b/arch/ia64/kernel/syscalls/syscall.tbl
> index 56e3d0b685e1..e01df3f2f80d 100644
> --- a/arch/ia64/kernel/syscalls/syscall.tbl
> +++ b/arch/ia64/kernel/syscalls/syscall.tbl
> @@ -348,3 +348,9 @@
>  425	common	io_uring_setup			sys_io_uring_setup
>  426	common	io_uring_enter			sys_io_uring_enter
>  427	common	io_uring_register		sys_io_uring_register
> +428	common	open_tree			sys_open_tree
> +429	common	move_mount			sys_move_mount
> +430	common	fsopen				sys_fsopen
> +431	common	fsconfig			sys_fsconfig
> +432	common	fsmount				sys_fsmount
> +433	common	fspick				sys_fspick
> diff --git a/arch/m68k/kernel/syscalls/syscall.tbl b/arch/m68k/kernel/syscalls/syscall.tbl
> index df4ec3ec71d1..7e3d0734b2f3 100644
> --- a/arch/m68k/kernel/syscalls/syscall.tbl
> +++ b/arch/m68k/kernel/syscalls/syscall.tbl
> @@ -427,3 +427,9 @@
>  425	common	io_uring_setup			sys_io_uring_setup
>  426	common	io_uring_enter			sys_io_uring_enter
>  427	common	io_uring_register		sys_io_uring_register
> +428	common	open_tree			sys_open_tree
> +429	common	move_mount			sys_move_mount
> +430	common	fsopen				sys_fsopen
> +431	common	fsconfig			sys_fsconfig
> +432	common	fsmount				sys_fsmount
> +433	common	fspick				sys_fspick
> diff --git a/arch/microblaze/kernel/syscalls/syscall.tbl b/arch/microblaze/kernel/syscalls/syscall.tbl
> index 4964947732af..26339e417695 100644
> --- a/arch/microblaze/kernel/syscalls/syscall.tbl
> +++ b/arch/microblaze/kernel/syscalls/syscall.tbl
> @@ -433,3 +433,9 @@
>  425	common	io_uring_setup			sys_io_uring_setup
>  426	common	io_uring_enter			sys_io_uring_enter
>  427	common	io_uring_register		sys_io_uring_register
> +428	common	open_tree			sys_open_tree
> +429	common	move_mount			sys_move_mount
> +430	common	fsopen				sys_fsopen
> +431	common	fsconfig			sys_fsconfig
> +432	common	fsmount				sys_fsmount
> +433	common	fspick				sys_fspick
> diff --git a/arch/mips/kernel/syscalls/syscall_n32.tbl b/arch/mips/kernel/syscalls/syscall_n32.tbl
> index 9392dfe33f97..0e2dd68ade57 100644
> --- a/arch/mips/kernel/syscalls/syscall_n32.tbl
> +++ b/arch/mips/kernel/syscalls/syscall_n32.tbl
> @@ -366,3 +366,9 @@
>  425	n32	io_uring_setup			sys_io_uring_setup
>  426	n32	io_uring_enter			sys_io_uring_enter
>  427	n32	io_uring_register		sys_io_uring_register
> +428	n32	open_tree			sys_open_tree
> +429	n32	move_mount			sys_move_mount
> +430	n32	fsopen				sys_fsopen
> +431	n32	fsconfig			sys_fsconfig
> +432	n32	fsmount				sys_fsmount
> +433	n32	fspick				sys_fspick
> diff --git a/arch/mips/kernel/syscalls/syscall_n64.tbl b/arch/mips/kernel/syscalls/syscall_n64.tbl
> index cd0c8aa21fba..5eebfa0d155c 100644
> --- a/arch/mips/kernel/syscalls/syscall_n64.tbl
> +++ b/arch/mips/kernel/syscalls/syscall_n64.tbl
> @@ -342,3 +342,9 @@
>  425	n64	io_uring_setup			sys_io_uring_setup
>  426	n64	io_uring_enter			sys_io_uring_enter
>  427	n64	io_uring_register		sys_io_uring_register
> +428	n64	open_tree			sys_open_tree
> +429	n64	move_mount			sys_move_mount
> +430	n64	fsopen				sys_fsopen
> +431	n64	fsconfig			sys_fsconfig
> +432	n64	fsmount				sys_fsmount
> +433	n64	fspick				sys_fspick
> diff --git a/arch/mips/kernel/syscalls/syscall_o32.tbl b/arch/mips/kernel/syscalls/syscall_o32.tbl
> index e849e8ffe4a2..3cc1374e02d0 100644
> --- a/arch/mips/kernel/syscalls/syscall_o32.tbl
> +++ b/arch/mips/kernel/syscalls/syscall_o32.tbl
> @@ -415,3 +415,9 @@
>  425	o32	io_uring_setup			sys_io_uring_setup
>  426	o32	io_uring_enter			sys_io_uring_enter
>  427	o32	io_uring_register		sys_io_uring_register
> +428	o32	open_tree			sys_open_tree
> +429	o32	move_mount			sys_move_mount
> +430	o32	fsopen				sys_fsopen
> +431	o32	fsconfig			sys_fsconfig
> +432	o32	fsmount				sys_fsmount
> +433	o32	fspick				sys_fspick
> diff --git a/arch/parisc/kernel/syscalls/syscall.tbl b/arch/parisc/kernel/syscalls/syscall.tbl
> index fe8ca623add8..c9e377d59232 100644
> --- a/arch/parisc/kernel/syscalls/syscall.tbl
> +++ b/arch/parisc/kernel/syscalls/syscall.tbl
> @@ -424,3 +424,9 @@
>  425	common	io_uring_setup			sys_io_uring_setup
>  426	common	io_uring_enter			sys_io_uring_enter
>  427	common	io_uring_register		sys_io_uring_register
> +428	common	open_tree			sys_open_tree
> +429	common	move_mount			sys_move_mount
> +430	common	fsopen				sys_fsopen
> +431	common	fsconfig			sys_fsconfig
> +432	common	fsmount				sys_fsmount
> +433	common	fspick				sys_fspick
> diff --git a/arch/powerpc/kernel/syscalls/syscall.tbl b/arch/powerpc/kernel/syscalls/syscall.tbl
> index 00f5a63c8d9a..103655d84b4b 100644
> --- a/arch/powerpc/kernel/syscalls/syscall.tbl
> +++ b/arch/powerpc/kernel/syscalls/syscall.tbl
> @@ -509,3 +509,9 @@
>  425	common	io_uring_setup			sys_io_uring_setup
>  426	common	io_uring_enter			sys_io_uring_enter
>  427	common	io_uring_register		sys_io_uring_register
> +428	common	open_tree			sys_open_tree
> +429	common	move_mount			sys_move_mount
> +430	common	fsopen				sys_fsopen
> +431	common	fsconfig			sys_fsconfig
> +432	common	fsmount				sys_fsmount
> +433	common	fspick				sys_fspick
> diff --git a/arch/s390/kernel/syscalls/syscall.tbl b/arch/s390/kernel/syscalls/syscall.tbl
> index 061418f787c3..e822b2964a83 100644
> --- a/arch/s390/kernel/syscalls/syscall.tbl
> +++ b/arch/s390/kernel/syscalls/syscall.tbl
> @@ -430,3 +430,9 @@
>  425  common	io_uring_setup		sys_io_uring_setup              sys_io_uring_setup
>  426  common	io_uring_enter		sys_io_uring_enter              sys_io_uring_enter
>  427  common	io_uring_register	sys_io_uring_register           sys_io_uring_register
> +428  common	open_tree		sys_open_tree			sys_open_tree
> +429  common	move_mount		sys_move_mount			sys_move_mount
> +430  common	fsopen			sys_fsopen			sys_fsopen
> +431  common	fsconfig		sys_fsconfig			sys_fsconfig
> +432  common	fsmount			sys_fsmount			sys_fsmount
> +433  common	fspick			sys_fspick			sys_fspick
> diff --git a/arch/sh/kernel/syscalls/syscall.tbl b/arch/sh/kernel/syscalls/syscall.tbl
> index 480b057556ee..016a727d4357 100644
> --- a/arch/sh/kernel/syscalls/syscall.tbl
> +++ b/arch/sh/kernel/syscalls/syscall.tbl
> @@ -430,3 +430,9 @@
>  425	common	io_uring_setup			sys_io_uring_setup
>  426	common	io_uring_enter			sys_io_uring_enter
>  427	common	io_uring_register		sys_io_uring_register
> +428	common	open_tree			sys_open_tree
> +429	common	move_mount			sys_move_mount
> +430	common	fsopen				sys_fsopen
> +431	common	fsconfig			sys_fsconfig
> +432	common	fsmount				sys_fsmount
> +433	common	fspick				sys_fspick
> diff --git a/arch/sparc/kernel/syscalls/syscall.tbl b/arch/sparc/kernel/syscalls/syscall.tbl
> index a1dd24307b00..e047480b1605 100644
> --- a/arch/sparc/kernel/syscalls/syscall.tbl
> +++ b/arch/sparc/kernel/syscalls/syscall.tbl
> @@ -473,3 +473,9 @@
>  425	common	io_uring_setup			sys_io_uring_setup
>  426	common	io_uring_enter			sys_io_uring_enter
>  427	common	io_uring_register		sys_io_uring_register
> +428	common	open_tree			sys_open_tree
> +429	common	move_mount			sys_move_mount
> +430	common	fsopen				sys_fsopen
> +431	common	fsconfig			sys_fsconfig
> +432	common	fsmount				sys_fsmount
> +433	common	fspick				sys_fspick
> diff --git a/arch/xtensa/kernel/syscalls/syscall.tbl b/arch/xtensa/kernel/syscalls/syscall.tbl
> index 30084eaf8422..5fa0ee1c8e00 100644
> --- a/arch/xtensa/kernel/syscalls/syscall.tbl
> +++ b/arch/xtensa/kernel/syscalls/syscall.tbl
> @@ -398,3 +398,9 @@
>  425	common	io_uring_setup			sys_io_uring_setup
>  426	common	io_uring_enter			sys_io_uring_enter
>  427	common	io_uring_register		sys_io_uring_register
> +428	common	open_tree			sys_open_tree
> +429	common	move_mount			sys_move_mount
> +430	common	fsopen				sys_fsopen
> +431	common	fsconfig			sys_fsconfig
> +432	common	fsmount				sys_fsmount
> +433	common	fspick				sys_fspick
> diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h
> index dee7292e1df6..a87904daf103 100644
> --- a/include/uapi/asm-generic/unistd.h
> +++ b/include/uapi/asm-generic/unistd.h
> @@ -832,9 +832,21 @@ __SYSCALL(__NR_io_uring_setup, sys_io_uring_setup)
>  __SYSCALL(__NR_io_uring_enter, sys_io_uring_enter)
>  #define __NR_io_uring_register 427
>  __SYSCALL(__NR_io_uring_register, sys_io_uring_register)
> +#define __NR_open_tree 428
> +__SYSCALL(__NR_open_tree, sys_open_tree)
> +#define __NR_move_mount 429
> +__SYSCALL(__NR_move_mount, sys_move_mount)
> +#define __NR_fsopen 430
> +__SYSCALL(__NR_fsopen, sys_fsopen)
> +#define __NR_fsconfig 431
> +__SYSCALL(__NR_fsconfig, sys_fsconfig)
> +#define __NR_fsmount 432
> +__SYSCALL(__NR_fsmount, sys_fsmount)
> +#define __NR_fspick 433
> +__SYSCALL(__NR_fspick, sys_fspick)
>  
>  #undef __NR_syscalls
> -#define __NR_syscalls 428
> +#define __NR_syscalls 434
>  
>  /*
>   * 32 bit systems traditionally used different
> 

^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 4/4] uapi: Wire up the mount API syscalls on non-x86 arches [ver #2]
  2019-05-16 11:52 ` [PATCH 4/4] uapi: Wire up the mount API syscalls on non-x86 arches " David Howells
  2019-05-16 13:01   ` Christian Brauner
@ 2019-05-16 14:56   ` Geert Uytterhoeven
  2019-05-16 14:59     ` Christian Brauner
  1 sibling, 1 reply; 21+ messages in thread
From: Geert Uytterhoeven @ 2019-05-16 14:56 UTC (permalink / raw)
  To: David Howells, Christian Brauner
  Cc: torvalds, Al Viro, Arnd Bergmann, Linux FS Devel,
	Linux Kernel Mailing List

Hi David, Christian,

On Thu, May 16, 2019 at 1:54 PM David Howells <dhowells@redhat.com> wrote:
> Wire up the mount API syscalls on non-x86 arches.
>
> Reported-by: Arnd Bergmann <arnd@arndb.de>
> Signed-off-by: David Howells <dhowells@redhat.com>
> Reviewed-by: Arnd Bergmann <arnd@arndb.de>

> +428    common  open_tree                       sys_open_tree
> +429    common  move_mount                      sys_move_mount
> +430    common  fsopen                          sys_fsopen
> +431    common  fsconfig                        sys_fsconfig
> +432    common  fsmount                         sys_fsmount
> +433    common  fspick                          sys_fspick

The first number conflicts with "[PATCH v1 1/2] pid: add pidfd_open()".

Note that none of this is part of linux-next.

Gr{oetje,eeting}s,

                        Geert


--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 4/4] uapi: Wire up the mount API syscalls on non-x86 arches [ver #2]
  2019-05-16 14:56   ` Geert Uytterhoeven
@ 2019-05-16 14:59     ` Christian Brauner
  0 siblings, 0 replies; 21+ messages in thread
From: Christian Brauner @ 2019-05-16 14:59 UTC (permalink / raw)
  To: Geert Uytterhoeven
  Cc: David Howells, torvalds, Al Viro, Arnd Bergmann, Linux FS Devel,
	Linux Kernel Mailing List

On Thu, May 16, 2019 at 04:56:10PM +0200, Geert Uytterhoeven wrote:
> Hi David, Christian,
> 
> On Thu, May 16, 2019 at 1:54 PM David Howells <dhowells@redhat.com> wrote:
> > Wire up the mount API syscalls on non-x86 arches.
> >
> > Reported-by: Arnd Bergmann <arnd@arndb.de>
> > Signed-off-by: David Howells <dhowells@redhat.com>
> > Reviewed-by: Arnd Bergmann <arnd@arndb.de>
> 
> > +428    common  open_tree                       sys_open_tree
> > +429    common  move_mount                      sys_move_mount
> > +430    common  fsopen                          sys_fsopen
> > +431    common  fsconfig                        sys_fsconfig
> > +432    common  fsmount                         sys_fsmount
> > +433    common  fspick                          sys_fspick
> 
> The first number conflicts with "[PATCH v1 1/2] pid: add pidfd_open()".
> 
> Note that none of this is part of linux-next.

Yep, already spotted this thanks to Arnd.
David, there's nothing you need to do of course. I'll change the syscall
number for pidfd_open(). Your patchset obviously has priority!

Thanks!
Christian

> 
> Gr{oetje,eeting}s,
> 
>                         Geert
> 
> 
> --
> Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
> 
> In personal conversations with technical people, I call myself a hacker. But
> when I'm talking to journalists I just say "programmer" or something like that.
>                                 -- Linus Torvalds

^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 0/4] uapi, vfs: Change the mount API UAPI [ver #2]
  2019-05-16 11:52 [PATCH 0/4] uapi, vfs: Change the mount API UAPI [ver #2] David Howells
                   ` (3 preceding siblings ...)
  2019-05-16 11:52 ` [PATCH 4/4] uapi: Wire up the mount API syscalls on non-x86 arches " David Howells
@ 2019-05-16 16:22 ` Al Viro
  2019-05-16 16:31   ` Al Viro
  2019-05-16 16:31   ` Christian Brauner
  4 siblings, 2 replies; 21+ messages in thread
From: Al Viro @ 2019-05-16 16:22 UTC (permalink / raw)
  To: David Howells
  Cc: torvalds, Christian Brauner, Arnd Bergmann, linux-fsdevel, linux-kernel

On Thu, May 16, 2019 at 12:52:04PM +0100, David Howells wrote:
> 
> Hi Linus, Al,
> 
> Here are some patches that make changes to the mount API UAPI and two of
> them really need applying, before -rc1 - if they're going to be applied at
> all.

I'm fine with 2--4, but I'm not convinced that cloexec-by-default crusade
makes any sense.  Could somebody give coherent arguments in favour of
abandoning the existing conventions?

^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 0/4] uapi, vfs: Change the mount API UAPI [ver #2]
  2019-05-16 16:22 ` [PATCH 0/4] uapi, vfs: Change the mount API UAPI " Al Viro
@ 2019-05-16 16:31   ` Al Viro
  2019-05-16 16:31   ` Christian Brauner
  1 sibling, 0 replies; 21+ messages in thread
From: Al Viro @ 2019-05-16 16:31 UTC (permalink / raw)
  To: David Howells
  Cc: torvalds, Christian Brauner, Arnd Bergmann, linux-fsdevel, linux-kernel

On Thu, May 16, 2019 at 05:22:59PM +0100, Al Viro wrote:
> On Thu, May 16, 2019 at 12:52:04PM +0100, David Howells wrote:
> > 
> > Hi Linus, Al,
> > 
> > Here are some patches that make changes to the mount API UAPI and two of
> > them really need applying, before -rc1 - if they're going to be applied at
> > all.
> 
> I'm fine with 2--4, but I'm not convinced that cloexec-by-default crusade
> makes any sense.  Could somebody give coherent arguments in favour of
> abandoning the existing conventions?

To elaborate: existing syscalls (open, socket, pipe, accept, epoll_create,
etc., etc.) are not cloexec-by-default and that's not going to change,
simply because it would be break the living hell out of existing userland
code.

IOW, the userland has to worry about leaking stuff over sensitive execve(),
no matter what.  All this change does is complicate things for userland
programmer - which syscall belongs to which class.

Where's the benefit?  I could buy an argument about gradually changing
over to APIs that are cloexec-by-default across the board, except for
the obvious fact that it's not going to happen; not with the things
like open() involved.

^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 0/4] uapi, vfs: Change the mount API UAPI [ver #2]
  2019-05-16 16:22 ` [PATCH 0/4] uapi, vfs: Change the mount API UAPI " Al Viro
  2019-05-16 16:31   ` Al Viro
@ 2019-05-16 16:31   ` Christian Brauner
  2019-05-16 16:50     ` Al Viro
  1 sibling, 1 reply; 21+ messages in thread
From: Christian Brauner @ 2019-05-16 16:31 UTC (permalink / raw)
  To: Al Viro
  Cc: David Howells, torvalds, Arnd Bergmann, linux-fsdevel, linux-kernel

On Thu, May 16, 2019 at 05:22:59PM +0100, Al Viro wrote:
> On Thu, May 16, 2019 at 12:52:04PM +0100, David Howells wrote:
> > 
> > Hi Linus, Al,
> > 
> > Here are some patches that make changes to the mount API UAPI and two of
> > them really need applying, before -rc1 - if they're going to be applied at
> > all.
> 
> I'm fine with 2--4, but I'm not convinced that cloexec-by-default crusade
> makes any sense.  Could somebody give coherent arguments in favour of
> abandoning the existing conventions?

So as I said in the commit message. From a userspace perspective it's
more of an issue if one accidently leaks an fd to a task during exec.

Also, most of the time one does not want to inherit an fd during an
exec. It is a hazzle to always have to specify an extra flag.

As Al pointed out to me open() semantics are not going anywhere. Sure,
no argument there at all.
But the idea of making fds cloexec by default is only targeted at fds
that come from separate syscalls. fsopen(), open_tree_clone(), etc. they
all return fds independent of open() so it's really easy to have them
cloexec by default without regressing anyone and we also remove the need
for a bunch of separate flags for each syscall to turn them into
cloexec-fds. I mean, those for syscalls came with 4 separate flags to be
able to specify that the returned fd should be made cloexec. The other
way around, cloexec by default, fcntl() to remove the cloexec bit is way
saner imho.

Christian

^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 0/4] uapi, vfs: Change the mount API UAPI [ver #2]
  2019-05-16 16:31   ` Christian Brauner
@ 2019-05-16 16:50     ` Al Viro
  2019-05-16 17:01       ` Christian Brauner
                         ` (3 more replies)
  0 siblings, 4 replies; 21+ messages in thread
From: Al Viro @ 2019-05-16 16:50 UTC (permalink / raw)
  To: Christian Brauner
  Cc: David Howells, torvalds, Arnd Bergmann, linux-fsdevel,
	linux-kernel, linux-abi

[linux-abi cc'd]

On Thu, May 16, 2019 at 06:31:52PM +0200, Christian Brauner wrote:
> On Thu, May 16, 2019 at 05:22:59PM +0100, Al Viro wrote:
> > On Thu, May 16, 2019 at 12:52:04PM +0100, David Howells wrote:
> > > 
> > > Hi Linus, Al,
> > > 
> > > Here are some patches that make changes to the mount API UAPI and two of
> > > them really need applying, before -rc1 - if they're going to be applied at
> > > all.
> > 
> > I'm fine with 2--4, but I'm not convinced that cloexec-by-default crusade
> > makes any sense.  Could somebody give coherent arguments in favour of
> > abandoning the existing conventions?
> 
> So as I said in the commit message. From a userspace perspective it's
> more of an issue if one accidently leaks an fd to a task during exec.
> 
> Also, most of the time one does not want to inherit an fd during an
> exec. It is a hazzle to always have to specify an extra flag.
> 
> As Al pointed out to me open() semantics are not going anywhere. Sure,
> no argument there at all.
> But the idea of making fds cloexec by default is only targeted at fds
> that come from separate syscalls. fsopen(), open_tree_clone(), etc. they
> all return fds independent of open() so it's really easy to have them
> cloexec by default without regressing anyone and we also remove the need
> for a bunch of separate flags for each syscall to turn them into
> cloexec-fds. I mean, those for syscalls came with 4 separate flags to be
> able to specify that the returned fd should be made cloexec. The other
> way around, cloexec by default, fcntl() to remove the cloexec bit is way
> saner imho.

Re separate flags - it is, in principle, a valid argument.  OTOH, I'm not
sure if they need to be separate - they all have the same value and
I don't see any reason for that to change...

Only tangentially related, but I wonder if something like close_range(from, to)
would be a more useful approach...  That kind of open-coded loops is not
rare in userland and kernel-side code can do them much cheaper.  Something
like
	/* that exec is sensitive */
	unshare(CLONE_FILES);
	/* we don't want anything past stderr here */
	close_range(3, ~0U);
	execve(....);
on the userland side of thing.  Comments?

^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 0/4] uapi, vfs: Change the mount API UAPI [ver #2]
  2019-05-16 16:50     ` Al Viro
@ 2019-05-16 17:01       ` Christian Brauner
  2019-05-16 20:23       ` Dmitry V. Levin
                         ` (2 subsequent siblings)
  3 siblings, 0 replies; 21+ messages in thread
From: Christian Brauner @ 2019-05-16 17:01 UTC (permalink / raw)
  To: Al Viro
  Cc: David Howells, torvalds, Arnd Bergmann, linux-fsdevel,
	linux-kernel, linux-abi

On May 16, 2019 6:50:22 PM GMT+02:00, Al Viro <viro@zeniv.linux.org.uk> wrote:
>[linux-abi cc'd]
>
>On Thu, May 16, 2019 at 06:31:52PM +0200, Christian Brauner wrote:
>> On Thu, May 16, 2019 at 05:22:59PM +0100, Al Viro wrote:
>> > On Thu, May 16, 2019 at 12:52:04PM +0100, David Howells wrote:
>> > > 
>> > > Hi Linus, Al,
>> > > 
>> > > Here are some patches that make changes to the mount API UAPI and
>two of
>> > > them really need applying, before -rc1 - if they're going to be
>applied at
>> > > all.
>> > 
>> > I'm fine with 2--4, but I'm not convinced that cloexec-by-default
>crusade
>> > makes any sense.  Could somebody give coherent arguments in favour
>of
>> > abandoning the existing conventions?
>> 
>> So as I said in the commit message. From a userspace perspective it's
>> more of an issue if one accidently leaks an fd to a task during exec.
>> 
>> Also, most of the time one does not want to inherit an fd during an
>> exec. It is a hazzle to always have to specify an extra flag.
>> 
>> As Al pointed out to me open() semantics are not going anywhere.
>Sure,
>> no argument there at all.
>> But the idea of making fds cloexec by default is only targeted at fds
>> that come from separate syscalls. fsopen(), open_tree_clone(), etc.
>they
>> all return fds independent of open() so it's really easy to have them
>> cloexec by default without regressing anyone and we also remove the
>need
>> for a bunch of separate flags for each syscall to turn them into
>> cloexec-fds. I mean, those for syscalls came with 4 separate flags to
>be
>> able to specify that the returned fd should be made cloexec. The
>other
>> way around, cloexec by default, fcntl() to remove the cloexec bit is
>way
>> saner imho.
>
>Re separate flags - it is, in principle, a valid argument.  OTOH, I'm
>not
>sure if they need to be separate - they all have the same value and
>I don't see any reason for that to change...
>
>Only tangentially related, but I wonder if something like
>close_range(from, to)
>would be a more useful approach...  That kind of open-coded loops is
>not
>rare in userland and kernel-side code can do them much cheaper. 
>Something
>like
>	/* that exec is sensitive */
>	unshare(CLONE_FILES);
>	/* we don't want anything past stderr here */
>	close_range(3, ~0U);
>	execve(....);
>on the userland side of thing.  Comments?

Very much in favor of that!
That'd be a neat new addition.

^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 0/4] uapi, vfs: Change the mount API UAPI [ver #2]
  2019-05-16 16:50     ` Al Viro
  2019-05-16 17:01       ` Christian Brauner
@ 2019-05-16 20:23       ` Dmitry V. Levin
  2019-05-17  6:54         ` Christian Brauner
  2019-05-17  7:01       ` Christian Brauner
  2019-05-17  7:13       ` David Howells
  3 siblings, 1 reply; 21+ messages in thread
From: Dmitry V. Levin @ 2019-05-16 20:23 UTC (permalink / raw)
  To: Al Viro
  Cc: Christian Brauner, David Howells, torvalds, Arnd Bergmann,
	linux-fsdevel, linux-kernel, linux-api

[looks like linux-abi is a typo, Cc'ed linux-api instead]

On Thu, May 16, 2019 at 05:50:22PM +0100, Al Viro wrote:
> [linux-abi cc'd]
> 
> On Thu, May 16, 2019 at 06:31:52PM +0200, Christian Brauner wrote:
> > On Thu, May 16, 2019 at 05:22:59PM +0100, Al Viro wrote:
> > > On Thu, May 16, 2019 at 12:52:04PM +0100, David Howells wrote:
> > > > 
> > > > Hi Linus, Al,
> > > > 
> > > > Here are some patches that make changes to the mount API UAPI and two of
> > > > them really need applying, before -rc1 - if they're going to be applied at
> > > > all.
> > > 
> > > I'm fine with 2--4, but I'm not convinced that cloexec-by-default crusade
> > > makes any sense.  Could somebody give coherent arguments in favour of
> > > abandoning the existing conventions?
> > 
> > So as I said in the commit message. From a userspace perspective it's
> > more of an issue if one accidently leaks an fd to a task during exec.
> > 
> > Also, most of the time one does not want to inherit an fd during an
> > exec. It is a hazzle to always have to specify an extra flag.
> > 
> > As Al pointed out to me open() semantics are not going anywhere. Sure,
> > no argument there at all.
> > But the idea of making fds cloexec by default is only targeted at fds
> > that come from separate syscalls. fsopen(), open_tree_clone(), etc. they
> > all return fds independent of open() so it's really easy to have them
> > cloexec by default without regressing anyone and we also remove the need
> > for a bunch of separate flags for each syscall to turn them into
> > cloexec-fds. I mean, those for syscalls came with 4 separate flags to be
> > able to specify that the returned fd should be made cloexec. The other
> > way around, cloexec by default, fcntl() to remove the cloexec bit is way
> > saner imho.
> 
> Re separate flags - it is, in principle, a valid argument.  OTOH, I'm not
> sure if they need to be separate - they all have the same value and
> I don't see any reason for that to change...
> 
> Only tangentially related, but I wonder if something like close_range(from, to)
> would be a more useful approach...  That kind of open-coded loops is not
> rare in userland and kernel-side code can do them much cheaper.  Something
> like
> 	/* that exec is sensitive */
> 	unshare(CLONE_FILES);
> 	/* we don't want anything past stderr here */
> 	close_range(3, ~0U);
> 	execve(....);
> on the userland side of thing.  Comments?

glibc people need a syscall to implement closefrom properly, see
https://sourceware.org/bugzilla/show_bug.cgi?id=10353#c14


-- 
ldv

^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 0/4] uapi, vfs: Change the mount API UAPI [ver #2]
  2019-05-16 20:23       ` Dmitry V. Levin
@ 2019-05-17  6:54         ` Christian Brauner
  0 siblings, 0 replies; 21+ messages in thread
From: Christian Brauner @ 2019-05-17  6:54 UTC (permalink / raw)
  To: Dmitry V. Levin, Al Viro
  Cc: David Howells, torvalds, Arnd Bergmann, linux-fsdevel,
	linux-kernel, linux-api

On May 16, 2019 10:23:31 PM GMT+02:00, "Dmitry V. Levin" <ldv@altlinux.org> wrote:
>[looks like linux-abi is a typo, Cc'ed linux-api instead]
>
>On Thu, May 16, 2019 at 05:50:22PM +0100, Al Viro wrote:
>> [linux-abi cc'd]
>> 
>> On Thu, May 16, 2019 at 06:31:52PM +0200, Christian Brauner wrote:
>> > On Thu, May 16, 2019 at 05:22:59PM +0100, Al Viro wrote:
>> > > On Thu, May 16, 2019 at 12:52:04PM +0100, David Howells wrote:
>> > > > 
>> > > > Hi Linus, Al,
>> > > > 
>> > > > Here are some patches that make changes to the mount API UAPI
>and two of
>> > > > them really need applying, before -rc1 - if they're going to be
>applied at
>> > > > all.
>> > > 
>> > > I'm fine with 2--4, but I'm not convinced that cloexec-by-default
>crusade
>> > > makes any sense.  Could somebody give coherent arguments in
>favour of
>> > > abandoning the existing conventions?
>> > 
>> > So as I said in the commit message. From a userspace perspective
>it's
>> > more of an issue if one accidently leaks an fd to a task during
>exec.
>> > 
>> > Also, most of the time one does not want to inherit an fd during an
>> > exec. It is a hazzle to always have to specify an extra flag.
>> > 
>> > As Al pointed out to me open() semantics are not going anywhere.
>Sure,
>> > no argument there at all.
>> > But the idea of making fds cloexec by default is only targeted at
>fds
>> > that come from separate syscalls. fsopen(), open_tree_clone(), etc.
>they
>> > all return fds independent of open() so it's really easy to have
>them
>> > cloexec by default without regressing anyone and we also remove the
>need
>> > for a bunch of separate flags for each syscall to turn them into
>> > cloexec-fds. I mean, those for syscalls came with 4 separate flags
>to be
>> > able to specify that the returned fd should be made cloexec. The
>other
>> > way around, cloexec by default, fcntl() to remove the cloexec bit
>is way
>> > saner imho.
>> 
>> Re separate flags - it is, in principle, a valid argument.  OTOH, I'm
>not
>> sure if they need to be separate - they all have the same value and
>> I don't see any reason for that to change...
>> 
>> Only tangentially related, but I wonder if something like
>close_range(from, to)
>> would be a more useful approach...  That kind of open-coded loops is
>not
>> rare in userland and kernel-side code can do them much cheaper. 
>Something
>> like
>> 	/* that exec is sensitive */
>> 	unshare(CLONE_FILES);
>> 	/* we don't want anything past stderr here */
>> 	close_range(3, ~0U);
>> 	execve(....);
>> on the userland side of thing.  Comments?
>
>glibc people need a syscall to implement closefrom properly, see
>https://sourceware.org/bugzilla/show_bug.cgi?id=10353#c14

I have a prototype for close_range().
I'll send it out after rc1.

Christian


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 0/4] uapi, vfs: Change the mount API UAPI [ver #2]
  2019-05-16 16:50     ` Al Viro
  2019-05-16 17:01       ` Christian Brauner
  2019-05-16 20:23       ` Dmitry V. Levin
@ 2019-05-17  7:01       ` Christian Brauner
  2019-05-17  7:13       ` David Howells
  3 siblings, 0 replies; 21+ messages in thread
From: Christian Brauner @ 2019-05-17  7:01 UTC (permalink / raw)
  To: Al Viro
  Cc: David Howells, torvalds, Arnd Bergmann, linux-fsdevel,
	linux-kernel, linux-api

On May 16, 2019 6:50:22 PM GMT+02:00, Al Viro <viro@zeniv.linux.org.uk> wrote:
>[linux-abi cc'd]
>
>On Thu, May 16, 2019 at 06:31:52PM +0200, Christian Brauner wrote:
>> On Thu, May 16, 2019 at 05:22:59PM +0100, Al Viro wrote:
>> > On Thu, May 16, 2019 at 12:52:04PM +0100, David Howells wrote:
>> > > 
>> > > Hi Linus, Al,
>> > > 
>> > > Here are some patches that make changes to the mount API UAPI and
>two of
>> > > them really need applying, before -rc1 - if they're going to be
>applied at
>> > > all.
>> > 
>> > I'm fine with 2--4, but I'm not convinced that cloexec-by-default
>crusade
>> > makes any sense.  Could somebody give coherent arguments in favour
>of
>> > abandoning the existing conventions?
>> 
>> So as I said in the commit message. From a userspace perspective it's
>> more of an issue if one accidently leaks an fd to a task during exec.
>> 
>> Also, most of the time one does not want to inherit an fd during an
>> exec. It is a hazzle to always have to specify an extra flag.
>> 
>> As Al pointed out to me open() semantics are not going anywhere.
>Sure,
>> no argument there at all.
>> But the idea of making fds cloexec by default is only targeted at fds
>> that come from separate syscalls. fsopen(), open_tree_clone(), etc.
>they
>> all return fds independent of open() so it's really easy to have them
>> cloexec by default without regressing anyone and we also remove the
>need
>> for a bunch of separate flags for each syscall to turn them into
>> cloexec-fds. I mean, those for syscalls came with 4 separate flags to
>be
>> able to specify that the returned fd should be made cloexec. The
>other
>> way around, cloexec by default, fcntl() to remove the cloexec bit is
>way
>> saner imho.
>
>Re separate flags - it is, in principle, a valid argument.  OTOH, I'm
>not
>sure if they need to be separate - they all have the same value and
>I don't see any reason for that to change...

One last thing I'd like to point out is that
we already have syscalls and ioctls that
return cloexec fds. So the consistency
argument is kinda dead.

If you still prefer to have cloexec flags
for the 4 new syscalls then yes,
if they could at least all have the same name
(FSMOUNT_CLOEXEC?) that would be good.

>
>Only tangentially related, but I wonder if something like
>close_range(from, to)
>would be a more useful approach...  That kind of open-coded loops is
>not
>rare in userland and kernel-side code can do them much cheaper. 
>Something
>like
>	/* that exec is sensitive */
>	unshare(CLONE_FILES);
>	/* we don't want anything past stderr here */
>	close_range(3, ~0U);
>	execve(....);
>on the userland side of thing.  Comments?

Said it before but, the list was mistyped so again:
I think that's a great idea.
I have a prototype for close_range(start, end, flags).
I'll wait after rc1 and then send it out.

Christian

^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 0/4] uapi, vfs: Change the mount API UAPI [ver #2]
  2019-05-16 16:50     ` Al Viro
                         ` (2 preceding siblings ...)
  2019-05-17  7:01       ` Christian Brauner
@ 2019-05-17  7:13       ` David Howells
  2019-05-17  7:25         ` Miklos Szeredi
  2019-05-17  7:27         ` Christian Brauner
  3 siblings, 2 replies; 21+ messages in thread
From: David Howells @ 2019-05-17  7:13 UTC (permalink / raw)
  To: Christian Brauner
  Cc: dhowells, Al Viro, torvalds, Arnd Bergmann, linux-fsdevel,
	linux-kernel, linux-api

Christian Brauner <christian@brauner.io> wrote:

> If you still prefer to have cloexec flags
> for the 4 new syscalls then yes,
> if they could at least all have the same name
> (FSMOUNT_CLOEXEC?) that would be good.

They don't all have the same value (see OPEN_TREE_CLOEXEC).

Note that I also don't want to blindly #define them to O_CLOEXEC because it's
not necessarily the same value on all arches.  Currently it can be 02000000,
010000000 or 0x400000 for instance, which means that if it's sharing a mask
with other flags, at least three bits have to be reserved for it or we have to
have arch-dependent bit juggling.

One thing I like about your approach of just making them O_CLOEXEC by default
and removing the constants is that it avoids this mess entirely.

David

^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 0/4] uapi, vfs: Change the mount API UAPI [ver #2]
  2019-05-17  7:13       ` David Howells
@ 2019-05-17  7:25         ` Miklos Szeredi
  2019-05-17  7:27         ` Christian Brauner
  1 sibling, 0 replies; 21+ messages in thread
From: Miklos Szeredi @ 2019-05-17  7:25 UTC (permalink / raw)
  To: David Howells
  Cc: Christian Brauner, Al Viro, Linus Torvalds, Arnd Bergmann,
	linux-fsdevel, linux-kernel, linux-api

On Fri, May 17, 2019 at 9:13 AM David Howells <dhowells@redhat.com> wrote:
>
> Christian Brauner <christian@brauner.io> wrote:
>
> > If you still prefer to have cloexec flags
> > for the 4 new syscalls then yes,
> > if they could at least all have the same name
> > (FSMOUNT_CLOEXEC?) that would be good.
>
> They don't all have the same value (see OPEN_TREE_CLOEXEC).
>
> Note that I also don't want to blindly #define them to O_CLOEXEC because it's
> not necessarily the same value on all arches.  Currently it can be 02000000,
> 010000000 or 0x400000 for instance, which means that if it's sharing a mask
> with other flags, at least three bits have to be reserved for it or we have to
> have arch-dependent bit juggling.
>
> One thing I like about your approach of just making them O_CLOEXEC by default
> and removing the constants is that it avoids this mess entirely.

+1.

Confusion caused by inconsistency of naming is going to hurt more than
inconsistency of semantics wrt. open(2).

Thanks,
Miklos

^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 0/4] uapi, vfs: Change the mount API UAPI [ver #2]
  2019-05-17  7:13       ` David Howells
  2019-05-17  7:25         ` Miklos Szeredi
@ 2019-05-17  7:27         ` Christian Brauner
  1 sibling, 0 replies; 21+ messages in thread
From: Christian Brauner @ 2019-05-17  7:27 UTC (permalink / raw)
  To: David Howells
  Cc: dhowells, Al Viro, torvalds, Arnd Bergmann, linux-fsdevel,
	linux-kernel, linux-api

On May 17, 2019 9:13:26 AM GMT+02:00, David Howells <dhowells@redhat.com> wrote:
>Christian Brauner <christian@brauner.io> wrote:
>
>> If you still prefer to have cloexec flags
>> for the 4 new syscalls then yes,
>> if they could at least all have the same name
>> (FSMOUNT_CLOEXEC?) that would be good.
>
>They don't all have the same value (see OPEN_TREE_CLOEXEC).
>
>Note that I also don't want to blindly #define them to O_CLOEXEC
>because it's
>not necessarily the same value on all arches.  Currently it can be
>02000000,
>010000000 or 0x400000 for instance, which means that if it's sharing a
>mask
>with other flags, at least three bits have to be reserved for it or we
>have to
>have arch-dependent bit juggling.


Ugh. Right, I forgot about that entirely.

Christian

>
>One thing I like about your approach of just making them O_CLOEXEC by
>default
>and removing the constants is that it avoids this mess entirely.
>
>David


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 0/4] uapi, vfs: Change the mount API UAPI [ver #2]
@ 2019-05-16 18:57 Alexey Dobriyan
  0 siblings, 0 replies; 21+ messages in thread
From: Alexey Dobriyan @ 2019-05-16 18:57 UTC (permalink / raw)
  To: viro; +Cc: linux-kernel, linux-abi, christian, dhowells

>	unshare(CLONE_FILES);
> 	/* we don't want anything past stderr here */
> 	close_range(3, ~0U);
> 	execve(....);

Yes please.

nextfd(2)
https://lkml.org/lkml/2012/4/1/71

fdmap(2)
https://marc.info/?t=150628366900006&r=1&w=4

I like fdmap more.

^ permalink raw reply	[flat|nested] 21+ messages in thread

end of thread, other threads:[~2019-05-17  7:27 UTC | newest]

Thread overview: 21+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-16 11:52 [PATCH 0/4] uapi, vfs: Change the mount API UAPI [ver #2] David Howells
2019-05-16 11:52 ` [PATCH 1/4] uapi, fs: make all new mount api fds cloexec by default " David Howells
2019-05-16 11:52 ` [PATCH 2/4] uapi, fsopen: use square brackets around "fscontext" " David Howells
2019-05-16 11:52 ` [PATCH 3/4] uapi, x86: Fix the syscall numbering of the mount API syscalls " David Howells
2019-05-16 13:01   ` Christian Brauner
2019-05-16 11:52 ` [PATCH 4/4] uapi: Wire up the mount API syscalls on non-x86 arches " David Howells
2019-05-16 13:01   ` Christian Brauner
2019-05-16 14:56   ` Geert Uytterhoeven
2019-05-16 14:59     ` Christian Brauner
2019-05-16 16:22 ` [PATCH 0/4] uapi, vfs: Change the mount API UAPI " Al Viro
2019-05-16 16:31   ` Al Viro
2019-05-16 16:31   ` Christian Brauner
2019-05-16 16:50     ` Al Viro
2019-05-16 17:01       ` Christian Brauner
2019-05-16 20:23       ` Dmitry V. Levin
2019-05-17  6:54         ` Christian Brauner
2019-05-17  7:01       ` Christian Brauner
2019-05-17  7:13       ` David Howells
2019-05-17  7:25         ` Miklos Szeredi
2019-05-17  7:27         ` Christian Brauner
2019-05-16 18:57 Alexey Dobriyan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).