From: Yann Droneaud <ydroneaud@opteya.com>
To: linux-kernel@vger.kernel.org, linux-ia64@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org, cbe-oss-dev@lists.ozlabs.org,
linux-rdma@vger.kernel.org, devel@driverdev.osuosl.org,
kvm@vger.kernel.org, linux-fsdevel@vger.kernel.org,
xfs@oss.sgi.com, linux-sctp@vger.kernel.org,
netdev@vger.kernel.org, Eric Paris <eparis@redhat.com>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Paul Mackerras <paulus@samba.org>, Ingo Molnar <mingo@redhat.com>,
Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Cc: Yann Droneaud <ydroneaud@opteya.com>
Subject: [PATCH 00/13] Getting rid of get_unused_fd()
Date: Tue, 02 Jul 2013 16:39:24 +0000 [thread overview]
Message-ID: <cover.1372777600.git.ydroneaud@opteya.com> (raw)
Hi,
Macro get_unused_fd() is a shortcut to call function get_unused_fd_flags(),
to allocate a file descriptor.
The macro use 0 as flags, so the file descriptor is created
without O_CLOEXEC flag.
This can be seen as an unsafe default eg. in most case O_CLOEXEC
must be used to not leak file descriptor across exec().
Newer kernel code should use anon_inode_getfd() or get_unused_fd_flags()
with flags provided by userspace. If flags cannot be given by userspace,
O_CLOEXEC must be the default flag.
Using O_CLOEXEC by default allows userspace to choose, without race,
if the file descriptor is going to be inherited across exec().
They are two ways to achieve this:
- makes get_unused_fd() use O_CLOEXEC by default
It's difficult to get it right: every code using of get_unused_fd()
must take this change into account and be fixed as soon as
macro get_unused_fd() do the switch. Non updated code will have
unexpected behavor and it's likely going to break API contract.
- remove get_unused_fd()
It's going to break some out of tree, not yet upstream kernel code,
but it's easy to notice and fix. Anyway, newer code should use
anon_inode_getfd() or get_unused_fd_flags().
The latter option was choosen to ensure no unexpected behavor
for out of tree, not yet upstream code. Removing the macro is the safest
choice: it's better to break build than trying to make get_unused_fd()
use O_CLOEXEC by default and get all user of get_unused_fd() update.
Additionnaly, removing the macro is not going to break modules ABI.
In linux-next tag 20130702, they're currently:
- 15 calls to get_unused_fd_flags()
not counting get_unused_fd() and anon_inode_getfd()
- 14 calls to get_unused_fd()
- 11 calls to anon_inode_getfd()
The following patchset try to convert all calls to get_unused_fd()
to get_unused_fd_flags(0) before removing get_unused_fd() macro.
Without get_unused_fd() macro, more subsystems are likely to use
anon_inode_getfd() and be teached to provide an API that let userspace
choose the opening flags of the file descriptor.
Yann Droneaud (13):
ia64: use get_unused_fd_flags(0) instead of get_unused_fd()
ppc/cell: use get_unused_fd_flags(0) instead of get_unused_fd()
infiniband: use get_unused_fd_flags(0) instead of get_unused_fd()
android/sw_sync: use get_unused_fd_flags(0) instead of get_unused_fd()
android/sync: use get_unused_fd_flags(0) instead of get_unused_fd()
vfio: use get_unused_fd_flags(0) instead of get_unused_fd()
binfmt_misc: use get_unused_fd_flags(0) instead of get_unused_fd()
file: use get_unused_fd_flags(0) instead of get_unused_fd()
fanotify: use get_unused_fd_flags(0) instead of get_unused_fd()
xfs: use get_unused_fd_flags(0) instead of get_unused_fd()
events: use get_unused_fd_flags(0) instead of get_unused_fd()
sctp: use get_unused_fd_flags(0) instead of get_unused_fd()
file: remove get_unused_fd()
arch/ia64/kernel/perfmon.c | 2 +-
arch/powerpc/platforms/cell/spufs/inode.c | 4 ++--
drivers/infiniband/core/uverbs_cmd.c | 4 ++--
drivers/staging/android/sw_sync.c | 2 +-
drivers/staging/android/sync.c | 2 +-
drivers/vfio/vfio.c | 2 +-
fs/binfmt_misc.c | 2 +-
fs/file.c | 2 +-
fs/notify/fanotify/fanotify_user.c | 2 +-
fs/xfs/xfs_ioctl.c | 2 +-
include/linux/file.h | 1 -
kernel/events/core.c | 2 +-
net/sctp/socket.c | 2 +-
13 files changed, 14 insertions(+), 15 deletions(-)
--
1.8.3.1
WARNING: multiple messages have this Message-ID (diff)
From: Yann Droneaud <ydroneaud@opteya.com>
To: linux-kernel@vger.kernel.org, linux-ia64@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org, cbe-oss-dev@lists.ozlabs.org,
linux-rdma@vger.kernel.org, devel@driverdev.osuosl.org,
kvm@vger.kernel.org, linux-fsdevel@vger.kernel.org,
xfs@oss.sgi.com, linux-sctp@vger.kernel.org,
netdev@vger.kernel.org, Eric Paris <eparis@redhat.com>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Paul Mackerras <paulus@samba.org>, Ingo Molnar <mingo@redhat.com>,
Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Cc: Yann Droneaud <ydroneaud@opteya.com>
Subject: [PATCH 00/13] Getting rid of get_unused_fd()
Date: Tue, 2 Jul 2013 18:39:24 +0200 [thread overview]
Message-ID: <cover.1372777600.git.ydroneaud@opteya.com> (raw)
Hi,
Macro get_unused_fd() is a shortcut to call function get_unused_fd_flags(),
to allocate a file descriptor.
The macro use 0 as flags, so the file descriptor is created
without O_CLOEXEC flag.
This can be seen as an unsafe default eg. in most case O_CLOEXEC
must be used to not leak file descriptor across exec().
Newer kernel code should use anon_inode_getfd() or get_unused_fd_flags()
with flags provided by userspace. If flags cannot be given by userspace,
O_CLOEXEC must be the default flag.
Using O_CLOEXEC by default allows userspace to choose, without race,
if the file descriptor is going to be inherited across exec().
They are two ways to achieve this:
- makes get_unused_fd() use O_CLOEXEC by default
It's difficult to get it right: every code using of get_unused_fd()
must take this change into account and be fixed as soon as
macro get_unused_fd() do the switch. Non updated code will have
unexpected behavor and it's likely going to break API contract.
- remove get_unused_fd()
It's going to break some out of tree, not yet upstream kernel code,
but it's easy to notice and fix. Anyway, newer code should use
anon_inode_getfd() or get_unused_fd_flags().
The latter option was choosen to ensure no unexpected behavor
for out of tree, not yet upstream code. Removing the macro is the safest
choice: it's better to break build than trying to make get_unused_fd()
use O_CLOEXEC by default and get all user of get_unused_fd() update.
Additionnaly, removing the macro is not going to break modules ABI.
In linux-next tag 20130702, they're currently:
- 15 calls to get_unused_fd_flags()
not counting get_unused_fd() and anon_inode_getfd()
- 14 calls to get_unused_fd()
- 11 calls to anon_inode_getfd()
The following patchset try to convert all calls to get_unused_fd()
to get_unused_fd_flags(0) before removing get_unused_fd() macro.
Without get_unused_fd() macro, more subsystems are likely to use
anon_inode_getfd() and be teached to provide an API that let userspace
choose the opening flags of the file descriptor.
Yann Droneaud (13):
ia64: use get_unused_fd_flags(0) instead of get_unused_fd()
ppc/cell: use get_unused_fd_flags(0) instead of get_unused_fd()
infiniband: use get_unused_fd_flags(0) instead of get_unused_fd()
android/sw_sync: use get_unused_fd_flags(0) instead of get_unused_fd()
android/sync: use get_unused_fd_flags(0) instead of get_unused_fd()
vfio: use get_unused_fd_flags(0) instead of get_unused_fd()
binfmt_misc: use get_unused_fd_flags(0) instead of get_unused_fd()
file: use get_unused_fd_flags(0) instead of get_unused_fd()
fanotify: use get_unused_fd_flags(0) instead of get_unused_fd()
xfs: use get_unused_fd_flags(0) instead of get_unused_fd()
events: use get_unused_fd_flags(0) instead of get_unused_fd()
sctp: use get_unused_fd_flags(0) instead of get_unused_fd()
file: remove get_unused_fd()
arch/ia64/kernel/perfmon.c | 2 +-
arch/powerpc/platforms/cell/spufs/inode.c | 4 ++--
drivers/infiniband/core/uverbs_cmd.c | 4 ++--
drivers/staging/android/sw_sync.c | 2 +-
drivers/staging/android/sync.c | 2 +-
drivers/vfio/vfio.c | 2 +-
fs/binfmt_misc.c | 2 +-
fs/file.c | 2 +-
fs/notify/fanotify/fanotify_user.c | 2 +-
fs/xfs/xfs_ioctl.c | 2 +-
include/linux/file.h | 1 -
kernel/events/core.c | 2 +-
net/sctp/socket.c | 2 +-
13 files changed, 14 insertions(+), 15 deletions(-)
--
1.8.3.1
WARNING: multiple messages have this Message-ID (diff)
From: Yann Droneaud <ydroneaud@opteya.com>
To: linux-kernel@vger.kernel.org, linux-ia64@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org, cbe-oss-dev@lists.ozlabs.org,
linux-rdma@vger.kernel.org, devel@driverdev.osuosl.org,
kvm@vger.kernel.org, linux-fsdevel@vger.kernel.org,
xfs@oss.sgi.com, linux-sctp@vger.kernel.org,
netdev@vger.kernel.org, Eric Paris <eparis@redhat.com>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Paul Mackerras <paulus@samba.org>, Ingo Molnar <mingo@redhat.com>,
Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Cc: Yann Droneaud <ydroneaud@opteya.com>
Subject: [PATCH 00/13] Getting rid of get_unused_fd()
Date: Tue, 2 Jul 2013 18:39:24 +0200 [thread overview]
Message-ID: <cover.1372777600.git.ydroneaud@opteya.com> (raw)
Hi,
Macro get_unused_fd() is a shortcut to call function get_unused_fd_flags(),
to allocate a file descriptor.
The macro use 0 as flags, so the file descriptor is created
without O_CLOEXEC flag.
This can be seen as an unsafe default eg. in most case O_CLOEXEC
must be used to not leak file descriptor across exec().
Newer kernel code should use anon_inode_getfd() or get_unused_fd_flags()
with flags provided by userspace. If flags cannot be given by userspace,
O_CLOEXEC must be the default flag.
Using O_CLOEXEC by default allows userspace to choose, without race,
if the file descriptor is going to be inherited across exec().
They are two ways to achieve this:
- makes get_unused_fd() use O_CLOEXEC by default
It's difficult to get it right: every code using of get_unused_fd()
must take this change into account and be fixed as soon as
macro get_unused_fd() do the switch. Non updated code will have
unexpected behavor and it's likely going to break API contract.
- remove get_unused_fd()
It's going to break some out of tree, not yet upstream kernel code,
but it's easy to notice and fix. Anyway, newer code should use
anon_inode_getfd() or get_unused_fd_flags().
The latter option was choosen to ensure no unexpected behavor
for out of tree, not yet upstream code. Removing the macro is the safest
choice: it's better to break build than trying to make get_unused_fd()
use O_CLOEXEC by default and get all user of get_unused_fd() update.
Additionnaly, removing the macro is not going to break modules ABI.
In linux-next tag 20130702, they're currently:
- 15 calls to get_unused_fd_flags()
not counting get_unused_fd() and anon_inode_getfd()
- 14 calls to get_unused_fd()
- 11 calls to anon_inode_getfd()
The following patchset try to convert all calls to get_unused_fd()
to get_unused_fd_flags(0) before removing get_unused_fd() macro.
Without get_unused_fd() macro, more subsystems are likely to use
anon_inode_getfd() and be teached to provide an API that let userspace
choose the opening flags of the file descriptor.
Yann Droneaud (13):
ia64: use get_unused_fd_flags(0) instead of get_unused_fd()
ppc/cell: use get_unused_fd_flags(0) instead of get_unused_fd()
infiniband: use get_unused_fd_flags(0) instead of get_unused_fd()
android/sw_sync: use get_unused_fd_flags(0) instead of get_unused_fd()
android/sync: use get_unused_fd_flags(0) instead of get_unused_fd()
vfio: use get_unused_fd_flags(0) instead of get_unused_fd()
binfmt_misc: use get_unused_fd_flags(0) instead of get_unused_fd()
file: use get_unused_fd_flags(0) instead of get_unused_fd()
fanotify: use get_unused_fd_flags(0) instead of get_unused_fd()
xfs: use get_unused_fd_flags(0) instead of get_unused_fd()
events: use get_unused_fd_flags(0) instead of get_unused_fd()
sctp: use get_unused_fd_flags(0) instead of get_unused_fd()
file: remove get_unused_fd()
arch/ia64/kernel/perfmon.c | 2 +-
arch/powerpc/platforms/cell/spufs/inode.c | 4 ++--
drivers/infiniband/core/uverbs_cmd.c | 4 ++--
drivers/staging/android/sw_sync.c | 2 +-
drivers/staging/android/sync.c | 2 +-
drivers/vfio/vfio.c | 2 +-
fs/binfmt_misc.c | 2 +-
fs/file.c | 2 +-
fs/notify/fanotify/fanotify_user.c | 2 +-
fs/xfs/xfs_ioctl.c | 2 +-
include/linux/file.h | 1 -
kernel/events/core.c | 2 +-
net/sctp/socket.c | 2 +-
13 files changed, 14 insertions(+), 15 deletions(-)
--
1.8.3.1
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
next reply other threads:[~2013-07-02 16:39 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-02 16:39 Yann Droneaud [this message]
2013-07-02 16:39 ` [PATCH 00/13] Getting rid of get_unused_fd() Yann Droneaud
2013-07-02 16:39 ` Yann Droneaud
2013-07-02 16:39 ` [PATCH 01/13] ia64: use get_unused_fd_flags(0) instead " Yann Droneaud
2013-07-02 16:39 ` Yann Droneaud
2013-07-02 16:39 ` [PATCH 02/13] ppc/cell: " Yann Droneaud
2014-01-12 23:06 ` Benjamin Herrenschmidt
2014-01-12 23:06 ` Benjamin Herrenschmidt
2014-01-13 9:30 ` Yann Droneaud
2014-01-13 9:30 ` Yann Droneaud
2014-01-20 17:01 ` Yann Droneaud
2014-01-20 17:01 ` Yann Droneaud
2013-07-02 16:39 ` [PATCH 03/13] infiniband: " Yann Droneaud
[not found] ` <651e35493f6a970610d35785e1972ec9e2426abf.1372777600.git.ydroneaud-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org>
2013-07-08 18:23 ` Roland Dreier
2013-07-08 18:23 ` Roland Dreier
2013-07-08 21:26 ` Yann Droneaud
2013-07-02 16:39 ` [PATCH 04/13] android/sw_sync: " Yann Droneaud
2013-07-02 22:22 ` Erik Gilling
2013-07-02 16:39 ` [PATCH 05/13] android/sync: " Yann Droneaud
2013-07-02 22:22 ` Erik Gilling
2013-07-02 16:39 ` [PATCH 06/13] vfio: " Yann Droneaud
2013-07-02 16:39 ` [PATCH 07/13] binfmt_misc: " Yann Droneaud
2013-07-02 16:39 ` [PATCH 08/13] file: " Yann Droneaud
2013-07-02 16:39 ` [PATCH 09/13] fanotify: " Yann Droneaud
2013-07-02 16:39 ` [PATCH 10/13] xfs: " Yann Droneaud
2013-07-02 16:39 ` Yann Droneaud
2013-07-08 22:41 ` Ben Myers
2013-07-08 22:41 ` Ben Myers
2013-07-09 20:53 ` Ben Myers
2013-07-09 20:53 ` Ben Myers
2013-07-10 10:00 ` Yann Droneaud
2013-07-10 10:00 ` Yann Droneaud
2013-07-11 0:36 ` Dave Chinner
2013-07-11 0:36 ` Dave Chinner
2013-07-02 16:39 ` [PATCH 11/13] events: " Yann Droneaud
2013-07-02 16:39 ` [PATCH 12/13] sctp: " Yann Droneaud
2013-07-02 16:39 ` Yann Droneaud
2013-07-02 17:50 ` Vlad Yasevich
2013-07-02 17:50 ` Vlad Yasevich
2013-07-02 23:14 ` David Miller
2013-07-02 23:14 ` David Miller
2013-07-02 16:39 ` [PATCH 13/13] file: remove get_unused_fd() Yann Droneaud
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1372777600.git.ydroneaud@opteya.com \
--to=ydroneaud@opteya.com \
--cc=a.p.zijlstra@chello.nl \
--cc=acme@ghostprotocols.net \
--cc=cbe-oss-dev@lists.ozlabs.org \
--cc=devel@driverdev.osuosl.org \
--cc=eparis@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-ia64@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-sctp@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mingo@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=paulus@samba.org \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.