On Sat, 2026-03-07 at 20:06 +0600, Dorjoy Chowdhury wrote: > This flag indicates the path should be opened if it's a regular file. > This is useful to write secure programs that want to avoid being > tricked into opening device nodes with special semantics while thinking > they operate on regular files. This is a requested feature from the > uapi-group[1]. > > A corresponding error code EFTYPE has been introduced. For example, if > openat2 is called on path /dev/null with OPENAT2_REGULAR in the flag > param, it will return -EFTYPE. EFTYPE is already used in BSD systems > like FreeBSD, macOS. > > When used in combination with O_CREAT, either the regular file is > created, or if the path already exists, it is opened if it's a regular > file. Otherwise, -EFTYPE is returned. > > When OPENAT2_REGULAR is combined with O_DIRECTORY, -EINVAL is returned > as it doesn't make sense to open a path that is both a directory and a > regular file. > > [1]: > https://uapi-group.org/kernel-features/#ability-to-only-open-regular-files > > Signed-off-by: Dorjoy Chowdhury <[email protected]> > --- > arch/alpha/include/uapi/asm/errno.h | 2 ++ > arch/alpha/include/uapi/asm/fcntl.h | 1 + > arch/mips/include/uapi/asm/errno.h | 2 ++ > arch/parisc/include/uapi/asm/errno.h | 2 ++ > arch/parisc/include/uapi/asm/fcntl.h | 1 + > arch/sparc/include/uapi/asm/errno.h | 2 ++ > arch/sparc/include/uapi/asm/fcntl.h | 1 + > fs/ceph/file.c | 4 ++++ > fs/gfs2/inode.c | 6 ++++++ > fs/namei.c | 4 ++++ > fs/nfs/dir.c | 4 ++++ > fs/open.c | 4 +++- > fs/smb/client/dir.c | 14 +++++++++++++- > include/linux/fcntl.h | 2 ++ > include/uapi/asm-generic/errno.h | 2 ++ > include/uapi/asm-generic/fcntl.h | 4 ++++ > tools/arch/alpha/include/uapi/asm/errno.h | 2 ++ > tools/arch/mips/include/uapi/asm/errno.h | 2 ++ > tools/arch/parisc/include/uapi/asm/errno.h | 2 ++ > tools/arch/sparc/include/uapi/asm/errno.h | 2 ++ > tools/include/uapi/asm-generic/errno.h | 2 ++ > 21 files changed, 63 insertions(+), 2 deletions(-) > >
I pointed Claude at this patch and got this back. Both issues that it found will need to be fixed: Analysis Summary Commit: 7e7fa2653ca57 - openat2: new OPENAT2_REGULAR flag support This patch adds a new OPENAT2_REGULAR flag for openat2() that restricts opens to regular files only, returning a new EFTYPE errno for non-regular files. It adds filesystem-specific checks in ceph, gfs2, nfs, and cifs atomic_open paths, plus a VFS-level fallback in do_open(). Issues found: 1. OPENAT2_REGULAR leaks into f_flags - do_dentry_open() strips open-time-only flags (O_CREAT|O_EXCL|O_NOCTTY|O_TRUNC) but does not strip OPENAT2_REGULAR. When a regular file is successfully opened via openat2() with this flag, the bit persists in file->f_flags and will be returned by fcntl(fd, F_GETFL). 2. BUILD_BUG_ON not updated - The compile-time guard checks upper_32_bits(VALID_OPEN_FLAGS) but the code now accepts VALID_OPENAT2_FLAGS. The guard should cover the expanded flag set. Verified correct: - All hex→octal conversions in MIPS and SPARC fcntl.h are numerically correct - Legacy open()/openat() properly strips OPENAT2_REGULAR via build_open_how() masking with VALID_OPEN_FLAGS - All filesystem cleanup paths (ceph, gfs2, nfs, cifs) properly handle resources when returning -EFTYPE - O_DIRECTORY + OPENAT2_REGULAR mutual exclusion is correct - O_PATH + OPENAT2_REGULAR is properly rejected by O_PATH_FLAGS check Ruled out: - NFS -ENOTDIR to -EFTYPE conversion: in atomic_open context, parent path is VFS-resolved, server errors relate to target - CIFS resource leak: out_err label properly closes server handle and calls iput() - OPENAT2_REGULAR + O_TMPFILE: silently accepted but tmpfiles are always regular, so harmless FINAL REGRESSIONS FOUND: 2 FINAL TOKENS USED: ~45000 False positives eliminated: NFS -ENOTDIR conversion, CIFS resource leak, O_TMPFILE interaction Cheers, -- Jeff Layton <[email protected]>
