From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.6 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 134A4C4727C for ; Mon, 21 Sep 2020 23:51:19 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 9A7B023A75 for ; Mon, 21 Sep 2020 23:51:18 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="SOPAIiRP" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9A7B023A75 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 0BAE790000B; Mon, 21 Sep 2020 19:51:18 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 09215900004; Mon, 21 Sep 2020 19:51:18 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EE9CD90000B; Mon, 21 Sep 2020 19:51:17 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0054.hostedemail.com [216.40.44.54]) by kanga.kvack.org (Postfix) with ESMTP id D4216900004 for ; Mon, 21 Sep 2020 19:51:17 -0400 (EDT) Received: from smtpin29.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 96E378249980 for ; Mon, 21 Sep 2020 23:51:17 +0000 (UTC) X-FDA: 77288717394.29.car39_270bb3c27149 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin29.hostedemail.com (Postfix) with ESMTP id 7756918086CD4 for ; Mon, 21 Sep 2020 23:51:17 +0000 (UTC) X-HE-Tag: car39_270bb3c27149 X-Filterd-Recvd-Size: 5980 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by imf48.hostedemail.com (Postfix) with ESMTP for ; Mon, 21 Sep 2020 23:51:16 +0000 (UTC) Received: from mail-lf1-f44.google.com (mail-lf1-f44.google.com [209.85.167.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id CE31E23A6C for ; Mon, 21 Sep 2020 23:51:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1600732276; bh=39KukzOe6AolOem+gjVISioBf02u3SpMpVZVGYy+mj0=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=SOPAIiRPkuje9erytNJBsy+cXVWs0cUQZcjyFXj6ctvzviNVxuqjCEJ04OB8NAHQQ 83P9Iz3QsxoYR94q+5PhVXDW+A1FbR5oPS+I8dCWOSc+MYvuarhYBlRXrHrttSpghW zjjfX7dnhohFBr6T3oZmTVDWruYVcooHASWAeaM4= Received: by mail-lf1-f44.google.com with SMTP id w11so16026543lfn.2 for ; Mon, 21 Sep 2020 16:51:15 -0700 (PDT) X-Gm-Message-State: AOAM533TRdVIvdBqUhkbHgIxB3Nq9sk59L4ShQjypQHZIGorEtp5Sdp5 211uZ66brAVBZHb3GrUyrYPw6SYhm6uTou4V/TG1bw== X-Google-Smtp-Source: ABdhPJzKuMXKYXqnIGS0yDLp4LGoqUZ+je+eZvXpafAIww15bS0o/seL9c9Y7bM14ZwES1psTTy6TgvO3gjUrDpJ/g4= X-Received: by 2002:adf:ce8e:: with SMTP id r14mr2144251wrn.257.1600732273206; Mon, 21 Sep 2020 16:51:13 -0700 (PDT) MIME-Version: 1.0 References: <563138b5-7073-74bc-f0c5-b2bad6277e87@gmail.com> <486c92d0-0f2e-bd61-1ab8-302524af5e08@gmail.com> In-Reply-To: <486c92d0-0f2e-bd61-1ab8-302524af5e08@gmail.com> From: Andy Lutomirski Date: Mon, 21 Sep 2020 16:51:01 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 1/9] kernel: add a PF_FORCE_COMPAT flag To: Pavel Begunkov Cc: Arnd Bergmann , Andy Lutomirski , Christoph Hellwig , Al Viro , Andrew Morton , Jens Axboe , David Howells , linux-arm-kernel , X86 ML , LKML , "open list:MIPS" , Parisc List , linuxppc-dev , linux-s390 , sparclinux , linux-block , Linux SCSI List , Linux FS Devel , linux-aio , io-uring@vger.kernel.org, linux-arch , Linux-MM , Network Development , keyrings@vger.kernel.org, LSM List Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, Sep 21, 2020 at 9:15 AM Pavel Begunkov wro= te: > > On 21/09/2020 19:10, Pavel Begunkov wrote: > > On 20/09/2020 01:22, Andy Lutomirski wrote: > >> > >>> On Sep 19, 2020, at 2:16 PM, Arnd Bergmann wrote: > >>> > >>> =EF=BB=BFOn Sat, Sep 19, 2020 at 6:21 PM Andy Lutomirski wrote: > >>>>> On Fri, Sep 18, 2020 at 8:16 AM Christoph Hellwig wrot= e: > >>>>> On Fri, Sep 18, 2020 at 02:58:22PM +0100, Al Viro wrote: > >>>>>> Said that, why not provide a variant that would take an explicit > >>>>>> "is it compat" argument and use it there? And have the normal > >>>>>> one pass in_compat_syscall() to that... > >>>>> > >>>>> That would help to not introduce a regression with this series yes. > >>>>> But it wouldn't fix existing bugs when io_uring is used to access > >>>>> read or write methods that use in_compat_syscall(). One example th= at > >>>>> I recently ran into is drivers/scsi/sg.c. > >>> > >>> Ah, so reading /dev/input/event* would suffer from the same issue, > >>> and that one would in fact be broken by your patch in the hypothetica= l > >>> case that someone tried to use io_uring to read /dev/input/event on x= 32... > >>> > >>> For reference, I checked the socket timestamp handling that has a > >>> number of corner cases with time32/time64 formats in compat mode, > >>> but none of those appear to be affected by the problem. > >>> > >>>> Aside from the potentially nasty use of per-task variables, one thin= g > >>>> I don't like about PF_FORCE_COMPAT is that it's one-way. If we're > >>>> going to have a generic mechanism for this, shouldn't we allow a ful= l > >>>> override of the syscall arch instead of just allowing forcing compat > >>>> so that a compat syscall can do a non-compat operation? > >>> > >>> The only reason it's needed here is that the caller is in a kernel > >>> thread rather than a system call. Are there any possible scenarios > >>> where one would actually need the opposite? > >>> > >> > >> I can certainly imagine needing to force x32 mode from a kernel thread= . > >> > >> As for the other direction: what exactly are the desired bitness/arch = semantics of io_uring? Is the operation bitness chosen by the io_uring cre= ation or by the io_uring_enter() bitness? > > > > It's rather the second one. Even though AFAIR it wasn't discussed > > specifically, that how it works now (_partially_). > > Double checked -- I'm wrong, that's the former one. Most of it is based > on a flag that was set an creation. > Could we get away with making io_uring_enter() return -EINVAL (or maybe -ENOTTY?) if you try to do it with bitness that doesn't match the io_uring? And disable SQPOLL in compat mode? --Andy