From: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
To: "Michel Dänzer" <michel.daenzer@mailbox.org>,
"Julian Orth" <ju.orth@gmail.com>
Cc: "Christian König" <christian.koenig@amd.com>,
"Maxime Ripard" <mripard@kernel.org>,
"Thomas Zimmermann" <tzimmermann@suse.de>,
"David Airlie" <airlied@gmail.com>,
"Simona Vetter" <simona@ffwll.ch>,
"Dmitry Osipenko" <dmitry.osipenko@collabora.com>,
"Rob Clark" <robin.clark@oss.qualcomm.com>,
dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] drm/syncobj: Fix handle <-> fd ioctls with dirty stack
Date: Tue, 3 Mar 2026 18:40:52 +0100 [thread overview]
Message-ID: <88726fec-3bbb-4ca8-b724-c281b5696324@linux.intel.com> (raw)
In-Reply-To: <d90d6eb3-72bc-4502-934d-f77dac83690d@mailbox.org>
Den 2026-03-03 kl. 18:18, skrev Michel Dänzer:
> On 3/3/26 18:11, Julian Orth wrote:
>> On Tue, Mar 3, 2026 at 6:04 PM Michel Dänzer <michel.daenzer@mailbox.org> wrote:
>>> On 3/3/26 17:54, Julian Orth wrote:
>>>> On Tue, Mar 3, 2026 at 5:40 PM Maarten Lankhorst
>>>> <maarten.lankhorst@linux.intel.com> wrote:
>>>>>
>>>>> There is precedence in the ioctl, the pad member is checked against zero for the same reason.
>>>>
>>>> I don't believe that this is comparable. Developers of code developed
>>>> against an older kernel could look at the kernel and see that the pad
>>>> field was checked against zero. They could not see the same for fields
>>>> that didn't exist at the time.
>>>
>>> "Initialize only known fields" isn't a valid approach here. The full struct must be initialized to 0, including any fields added in the future.
>>
>> It worked from the introduction of the ioctl until the new field was
>> added. How could anyone know about this requirement if it is not
>> documented? Some people might not even know that ioctl numbers encode
>> the size of the argument and therefore assume that the argument
>> structure is fixed. I think this is quite different from syscalls such
>> as clone3 which make the size argument explicit and where it can be
>> expected that the developer knows that the struct might grow when the
>> application is recompiled.
>>
>> The new flag was added so that userspace can detect older kernels that
>> don't support the point field, such kernels return EINVAL when they
>> see the new flag.
>> Then why should the kernel not also use the absence of the flag to
>> detect older userspace that might be unaware of the point field?
>
> I wrote in my first post in this thread that I don't object to your patch, so you can relax and stop trying to convince me not to object to it. :)
>
>
> I'm just pointing out that this is working around broken user-space code, and that there are other similar cases where that kind of broken users-space code couldn't be worked around in the kernel, so it's better to also fix the user-space code anyway.
My point is that it works for old userspace without problems. It's only
newly compiled userspace with new headers that will run into problems.
The code as written would have continued to work, but if you update to
the new header and don't initialise the new members then it's a userspace
problem. It should not be worked around in the kernel, since it's newly
written bad userspace code, not old bad userspace code that stopped working
when the kernel changed.
next prev parent reply other threads:[~2026-03-03 17:40 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-01 12:34 [PATCH] drm/syncobj: Fix handle <-> fd ioctls with dirty stack Julian Orth
2026-03-02 11:27 ` Christian König
2026-03-02 11:54 ` Dmitry Osipenko
2026-03-03 11:17 ` Michel Dänzer
2026-03-03 11:23 ` Julian Orth
2026-03-03 11:38 ` Michel Dänzer
2026-03-03 11:41 ` Julian Orth
2026-03-03 14:53 ` Maarten Lankhorst
2026-03-03 14:59 ` Christian König
2026-03-03 15:15 ` Maarten Lankhorst
2026-03-03 15:21 ` Julian Orth
2026-03-03 17:02 ` Michel Dänzer
2026-03-03 15:29 ` Michel Dänzer
2026-03-03 15:36 ` Julian Orth
2026-03-03 16:40 ` Maarten Lankhorst
2026-03-03 16:54 ` Julian Orth
2026-03-03 17:04 ` Michel Dänzer
2026-03-03 17:11 ` Julian Orth
2026-03-03 17:18 ` Michel Dänzer
2026-03-03 17:30 ` Julian Orth
2026-03-03 17:44 ` Maarten Lankhorst
2026-03-03 18:53 ` Michel Dänzer
2026-03-03 19:12 ` Julian Orth
2026-03-04 9:57 ` Maarten Lankhorst
2026-03-04 11:15 ` Michel Dänzer
2026-03-04 11:25 ` Julian Orth
2026-03-04 11:47 ` Michel Dänzer
2026-03-04 12:32 ` Julian Orth
2026-03-04 14:29 ` Michel Dänzer
2026-03-04 14:35 ` Julian Orth
2026-03-05 9:47 ` Maarten Lankhorst
2026-03-03 17:40 ` Maarten Lankhorst [this message]
2026-03-03 17:44 ` Julian Orth
2026-03-03 19:58 ` David Laight
2026-03-04 10:35 ` Maarten Lankhorst
2026-03-03 17:05 ` Maarten Lankhorst
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=88726fec-3bbb-4ca8-b724-c281b5696324@linux.intel.com \
--to=maarten.lankhorst@linux.intel.com \
--cc=airlied@gmail.com \
--cc=christian.koenig@amd.com \
--cc=dmitry.osipenko@collabora.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=ju.orth@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=michel.daenzer@mailbox.org \
--cc=mripard@kernel.org \
--cc=robin.clark@oss.qualcomm.com \
--cc=simona@ffwll.ch \
--cc=tzimmermann@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox