From: Aleksa Sarai <cyphar@cyphar.com>
To: Dorjoy Chowdhury <dorjoychy111@gmail.com>
Cc: jlayton@kernel.org, linux-fsdevel@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-kernel@vger.kernel.org, linux-api@vger.kernel.org,
ceph-devel@vger.kernel.org, gfs2@lists.linux.dev,
linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org,
v9fs@lists.linux.dev, linux-kselftest@vger.kernel.org,
viro@zeniv.linux.org.uk, brauner@kernel.org, jack@suse.cz,
chuck.lever@oracle.com, alex.aring@gmail.com, arnd@arndb.de,
adilger@dilger.ca, mjguzik@gmail.com, smfrench@gmail.com,
richard.henderson@linaro.org, mattst88@gmail.com,
linmag7@gmail.com, tsbogend@alpha.franken.de,
James.Bottomley@hansenpartnership.com, deller@gmx.de,
davem@davemloft.net, andreas@gaisler.com, idryomov@gmail.com,
amarkuze@redhat.com, slava@dubeyko.com, agruenba@redhat.com,
trondmy@kernel.org, anna@kernel.org, sfrench@samba.org,
pc@manguebit.org, ronniesahlberg@gmail.com,
sprasad@microsoft.com, tom@talpey.com, bharathsm@microsoft.com,
shuah@kernel.org, miklos@szeredi.hu, hansg@kernel.org
Subject: Re: [PATCH v6 1/4] openat2: new OPENAT2_REGULAR flag support
Date: Thu, 16 Apr 2026 23:05:08 +1000 [thread overview]
Message-ID: <2026-04-16-raunchy-random-curfew-guide-GmtLJR@cyphar.com> (raw)
In-Reply-To: <CAFfO_h5kWCYszymaY=tPAbpU=PjLFxsND+CWSYtypN4iuW+qPw@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 4282 bytes --]
On 2026-04-16, Dorjoy Chowdhury <dorjoychy111@gmail.com> wrote:
> On Thu, Apr 16, 2026 at 5:41 PM Aleksa Sarai <cyphar@cyphar.com> wrote:
> >
> > On 2026-03-28, Dorjoy Chowdhury <dorjoychy111@gmail.com> wrote:
> > > This flag indicates the path should be opened if it's a regular file.
> > > This is useful to write secure programs that want to avoid being
> > > tricked into opening device nodes with special semantics while thinking
> > > they operate on regular files. This is a requested feature from the
> > > uapi-group[1].
> > >
> > > A corresponding error code EFTYPE has been introduced. For example, if
> > > openat2 is called on path /dev/null with OPENAT2_REGULAR in the flag
> > > param, it will return -EFTYPE. EFTYPE is already used in BSD systems
> > > like FreeBSD, macOS.
> > >
> > > When used in combination with O_CREAT, either the regular file is
> > > created, or if the path already exists, it is opened if it's a regular
> > > file. Otherwise, -EFTYPE is returned.
> > >
> > > When OPENAT2_REGULAR is combined with O_DIRECTORY, -EINVAL is returned
> > > as it doesn't make sense to open a path that is both a directory and a
> > > regular file.
> > >
> > > [1]: https://uapi-group.org/kernel-features/#ability-to-only-open-regular-files
> > >
> > > Signed-off-by: Dorjoy Chowdhury <dorjoychy111@gmail.com>
> > > ---
> >
> > Aside from the nit below, feel free to take a
> >
> > Reviewed-by: Aleksa Sarai <aleksa@amutable.com>
> >
>
> Thanks for reviewing!
>
> > > diff --git a/fs/open.c b/fs/open.c
> > > index 681d405bc61e..a6f445f72181 100644
> > > --- a/fs/open.c
> > > +++ b/fs/open.c
> > > @@ -960,7 +960,7 @@ static int do_dentry_open(struct file *f,
> > > if (f->f_mapping->a_ops && f->f_mapping->a_ops->direct_IO)
> > > f->f_mode |= FMODE_CAN_ODIRECT;
> > >
> > > - f->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC);
> > > + f->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC | OPENAT2_REGULAR);
> >
> > It's not clear to me why you dropped this, I didn't see a review
> > mentioning it either. (General note: Ideally the cover letter changelog
> > would mention who suggested a change in brackets after the changelog
> > line so it's easier to track where a change might've come from.)
> >
>
> Thanks for the general note. I will keep that in mind.
>
> The review was from Jeff Layton in v5
> https://lore.kernel.org/linux-fsdevel/5fcc2a6e6d92dae0601c6b3b8faa8b2f83981afb.camel@kernel.org/
> " 1. OPENAT2_REGULAR leaks into f_flags - do_dentry_open() strips
> open-time-only flags (O_CREAT|O_EXCL|O_NOCTTY|O_TRUNC)
> but does not strip OPENAT2_REGULAR. When a regular file is
> successfully opened via openat2() with this flag, the bit
> persists in file->f_flags and will be returned by fcntl(fd, F_GETFL)."
>
> I think it makes sense to strip off as OPENAT2_REGULAR is an open time
> only flag (like O_CREAT and the others already), right?
Well, O_DIRECTORY isn't stripped so if we want to mirror that behaviour
then it shouldn't be stripped either IMHO.
O_NOCTTY and O_TRUNC make sense to strip (they are not relevant to the
file after it was opened -- truncation only happens at open time and you
can always set your controlling TTY later).
The story with O_CREAT and O_EXCL is a bit more complicated. They are
stripped but the history there is unclear -- the line was added in Linux
0.98.4(!) with no mention in the release note at the time. (Linus: I
wonder if you remember why this was changed at the time? Sorry for the
trip down memory lane...)
However, the existence of F_CREATED_QUERY kind of shows that these kinds
of checks are stuff that userspace can find handy (though FMODE_CREATED
is more useful than O_CREAT|O_EXCL anyway). O_EXCL is used internally
for stuff so it can be re-exposed, I'm just not sure it's a good
precedent to make a decision based on.
Then again, userspace can check with fstat(2) so it's not the end of the
world, but I don't really see a strong reason to hide information from
userspace. Since the mail was from Claude (and it tends to give silly
nits like that) I'm not sure whether Jeff would agree with my view or
not.
--
Aleksa Sarai
https://www.cyphar.com/
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 265 bytes --]
next prev parent reply other threads:[~2026-04-16 13:05 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-28 17:22 [PATCH v6 0/4] OPENAT2_REGULAR flag support for openat2 Dorjoy Chowdhury
2026-03-28 17:22 ` [PATCH v6 1/4] openat2: new OPENAT2_REGULAR flag support Dorjoy Chowdhury
2026-03-30 11:49 ` Jeff Layton
2026-03-30 15:07 ` Dorjoy Chowdhury
2026-04-01 19:02 ` Jeff Layton
2026-04-04 15:17 ` Dorjoy Chowdhury
2026-04-05 23:27 ` Jeff Layton
2026-04-06 15:30 ` Dorjoy Chowdhury
2026-04-14 17:33 ` Dorjoy Chowdhury
2026-04-16 11:41 ` Aleksa Sarai
2026-04-16 11:58 ` Dorjoy Chowdhury
2026-04-16 13:05 ` Aleksa Sarai [this message]
2026-04-16 13:28 ` Jeff Layton
2026-04-16 13:52 ` Jori Koolstra
2026-04-16 14:21 ` Dorjoy Chowdhury
2026-04-16 15:03 ` Jori Koolstra
2026-04-16 15:15 ` Christian Brauner
2026-04-16 21:36 ` Jori Koolstra
2026-04-16 15:15 ` Aleksa Sarai
2026-04-16 21:42 ` Jori Koolstra
2026-04-17 7:58 ` Aleksa Sarai
2026-04-27 13:27 ` Florian Weimer
2026-04-27 14:17 ` Dorjoy Chowdhury
2026-04-27 14:29 ` Christian Brauner
2026-03-28 17:22 ` [PATCH v6 2/4] kselftest/openat2: test for OPENAT2_REGULAR flag Dorjoy Chowdhury
2026-03-28 17:22 ` [PATCH v6 3/4] sparc/fcntl.h: convert O_* flag macros from hex to octal Dorjoy Chowdhury
2026-03-28 17:22 ` [PATCH v6 4/4] mips/fcntl.h: " Dorjoy Chowdhury
2026-04-16 13:07 ` [PATCH v6 0/4] OPENAT2_REGULAR flag support for openat2 Christian Brauner
2026-04-16 15:22 ` Dorjoy Chowdhury
2026-04-20 13:20 ` Christian Brauner
2026-04-20 14:31 ` Dorjoy Chowdhury
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2026-04-16-raunchy-random-curfew-guide-GmtLJR@cyphar.com \
--to=cyphar@cyphar.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=adilger@dilger.ca \
--cc=agruenba@redhat.com \
--cc=alex.aring@gmail.com \
--cc=amarkuze@redhat.com \
--cc=andreas@gaisler.com \
--cc=anna@kernel.org \
--cc=arnd@arndb.de \
--cc=bharathsm@microsoft.com \
--cc=brauner@kernel.org \
--cc=ceph-devel@vger.kernel.org \
--cc=chuck.lever@oracle.com \
--cc=davem@davemloft.net \
--cc=deller@gmx.de \
--cc=dorjoychy111@gmail.com \
--cc=gfs2@lists.linux.dev \
--cc=hansg@kernel.org \
--cc=idryomov@gmail.com \
--cc=jack@suse.cz \
--cc=jlayton@kernel.org \
--cc=linmag7@gmail.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=mattst88@gmail.com \
--cc=miklos@szeredi.hu \
--cc=mjguzik@gmail.com \
--cc=pc@manguebit.org \
--cc=richard.henderson@linaro.org \
--cc=ronniesahlberg@gmail.com \
--cc=sfrench@samba.org \
--cc=shuah@kernel.org \
--cc=slava@dubeyko.com \
--cc=smfrench@gmail.com \
--cc=sprasad@microsoft.com \
--cc=tom@talpey.com \
--cc=torvalds@linux-foundation.org \
--cc=trondmy@kernel.org \
--cc=tsbogend@alpha.franken.de \
--cc=v9fs@lists.linux.dev \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox