Re: [PATCH v5 1/4] openat2: new OPENAT2_REGULAR flag support

public inbox for linux-api@vger.kernel.org
 help / color / mirror / Atom feed

From: Jeff Layton <jlayton@kernel.org>
To: Andy Lutomirski <luto@amacapital.net>,
	Dorjoy Chowdhury <dorjoychy111@gmail.com>
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
	 linux-api@vger.kernel.org, ceph-devel@vger.kernel.org,
	gfs2@lists.linux.dev, 	linux-nfs@vger.kernel.org,
	linux-cifs@vger.kernel.org, v9fs@lists.linux.dev,
	 linux-kselftest@vger.kernel.org, viro@zeniv.linux.org.uk,
	brauner@kernel.org, 	jack@suse.cz, chuck.lever@oracle.com,
	alex.aring@gmail.com, arnd@arndb.de, 	adilger@dilger.ca,
	mjguzik@gmail.com, smfrench@gmail.com,
		richard.henderson@linaro.org, mattst88@gmail.com,
	linmag7@gmail.com, 	tsbogend@alpha.franken.de,
	James.Bottomley@hansenpartnership.com, deller@gmx.de,
		davem@davemloft.net, andreas@gaisler.com, idryomov@gmail.com,
	amarkuze@redhat.com,  slava@dubeyko.com, agruenba@redhat.com,
	trondmy@kernel.org, anna@kernel.org, 	sfrench@samba.org,
	pc@manguebit.org, ronniesahlberg@gmail.com,
		sprasad@microsoft.com, tom@talpey.com, bharathsm@microsoft.com,
	shuah@kernel.org, 	miklos@szeredi.hu, hansg@kernel.org
Subject: Re: [PATCH v5 1/4] openat2: new OPENAT2_REGULAR flag support
Date: Sun, 08 Mar 2026 07:40:44 -0400	[thread overview]
Message-ID: <801cf2c42b80d486726ea0a3774e52abcb158100.camel@kernel.org> (raw)
In-Reply-To: <CALCETrXVBA9uGEUdQPEZ2MVdxjLwwcWi5kzhOr1NdOWSSRaROw@mail.gmail.com>

On Sat, 2026-03-07 at 10:56 -0800, Andy Lutomirski wrote:
> On Sat, Mar 7, 2026 at 6:09 AM Dorjoy Chowdhury <dorjoychy111@gmail.com> wrote:
> > 
> > This flag indicates the path should be opened if it's a regular file.
> > This is useful to write secure programs that want to avoid being
> > tricked into opening device nodes with special semantics while thinking
> > they operate on regular files. This is a requested feature from the
> > uapi-group[1].
> > 
> 
> I think this needs a lot more clarification as to what "regular"
> means.  If it's literally
> 
> > A corresponding error code EFTYPE has been introduced. For example, if
> > openat2 is called on path /dev/null with OPENAT2_REGULAR in the flag
> > param, it will return -EFTYPE. EFTYPE is already used in BSD systems
> > like FreeBSD, macOS.
> 
> I think this needs more clarification as to what "regular" means,
> since S_IFREG may not be sufficient.  The UAPI group page says:
> 
> Use-Case: this would be very useful to write secure programs that want
> to avoid being tricked into opening device nodes with special
> semantics while thinking they operate on regular files. This is
> particularly relevant as many device nodes (or even FIFOs) come with
> blocking I/O (or even blocking open()!) by default, which is not
> expected from regular files backed by “fast” disk I/O. Consider
> implementation of a naive web browser which is pointed to
> file://dev/zero, not expecting an endless amount of data to read.
>
> What about procfs?  What about sysfs?  What about /proc/self/fd/17
> where that fd is a memfd?  What about files backed by non-"fast" disk
> I/O like something on a flaky USB stick or a network mount or FUSE?
> 
> Are we concerned about blocking open?  (open blocks as a matter of
> course.)  Are we concerned about open having strange side effects?
> Are we concerned about write having strange side effects?  Are we
> concerned about cases where opening the file as root results in
> elevated privilege beyond merely gaining the ability to write to that
> specific path on an ordinary filesystem?
>

Above the use-case, it also says:

"O_REGULAR (inspired by the existing O_DIRECTORY flag for open()),
which opens a file only if it is of type S_IFREG."

Since we allow programs to open a directory under /proc or /sys using
O_DIRECTORY, I don't think we should do anything different here. To the
VFS, all of the examples you gave above are S_IFREG "regular files",
even if they are backed by something quite irregular.
-- 
Jeff Layton <jlayton@kernel.org>

next prev parent reply	other threads:[~2026-03-08 11:40 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-07 14:06 [PATCH v5 0/4] OPENAT2_REGULAR flag support for openat2 Dorjoy Chowdhury
2026-03-07 14:06 ` [PATCH v5 1/4] openat2: new OPENAT2_REGULAR flag support Dorjoy Chowdhury
2026-03-07 18:56   ` Andy Lutomirski
2026-03-08  6:31     ` Dorjoy Chowdhury
2026-03-08 11:40     ` Jeff Layton [this message]
2026-03-08 17:10       ` Andy Lutomirski
2026-03-09  8:57         ` Christian Brauner
2026-03-09 16:50           ` Andy Lutomirski
2026-03-09 17:39             ` Florian Weimer
2026-03-10 11:24             ` Christian Brauner
2026-03-11  4:48           ` Aleksa Sarai
2026-03-11 16:10             ` Andy Lutomirski
2026-03-12  9:37               ` Aleksa Sarai
2026-03-16 16:53   ` Jeff Layton
2026-03-16 17:22     ` Dorjoy Chowdhury
2026-03-07 14:06 ` [PATCH v5 2/4] kselftest/openat2: test for OPENAT2_REGULAR flag Dorjoy Chowdhury
2026-03-07 14:06 ` [PATCH v5 3/4] sparc/fcntl.h: convert O_* flag macros from hex to octal Dorjoy Chowdhury
2026-03-07 14:06 ` [PATCH v5 4/4] mips/fcntl.h: " Dorjoy Chowdhury
2026-03-16 16:12 ` [PATCH v5 0/4] OPENAT2_REGULAR flag support for openat2 Dorjoy Chowdhury

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=801cf2c42b80d486726ea0a3774e52abcb158100.camel@kernel.org \
    --to=jlayton@kernel.org \
    --cc=James.Bottomley@hansenpartnership.com \
    --cc=adilger@dilger.ca \
    --cc=agruenba@redhat.com \
    --cc=alex.aring@gmail.com \
    --cc=amarkuze@redhat.com \
    --cc=andreas@gaisler.com \
    --cc=anna@kernel.org \
    --cc=arnd@arndb.de \
    --cc=bharathsm@microsoft.com \
    --cc=brauner@kernel.org \
    --cc=ceph-devel@vger.kernel.org \
    --cc=chuck.lever@oracle.com \
    --cc=davem@davemloft.net \
    --cc=deller@gmx.de \
    --cc=dorjoychy111@gmail.com \
    --cc=gfs2@lists.linux.dev \
    --cc=hansg@kernel.org \
    --cc=idryomov@gmail.com \
    --cc=jack@suse.cz \
    --cc=linmag7@gmail.com \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-cifs@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-kselftest@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=mattst88@gmail.com \
    --cc=miklos@szeredi.hu \
    --cc=mjguzik@gmail.com \
    --cc=pc@manguebit.org \
    --cc=richard.henderson@linaro.org \
    --cc=ronniesahlberg@gmail.com \
    --cc=sfrench@samba.org \
    --cc=shuah@kernel.org \
    --cc=slava@dubeyko.com \
    --cc=smfrench@gmail.com \
    --cc=sprasad@microsoft.com \
    --cc=tom@talpey.com \
    --cc=trondmy@kernel.org \
    --cc=tsbogend@alpha.franken.de \
    --cc=v9fs@lists.linux.dev \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox