From: Matthew Bobrowski <mbobrowski@mbobrowski.org>
To: Jan Kara <jack@suse.cz>
Cc: amir73il@gmail.com, linux-api@vger.kernel.org,
linux-fsdevel@vger.kernel.org, sgrubb@redhat.com
Subject: Re: [PATCH v4 1/3] fanotify: introduce new event type FAN_OPEN_EXEC
Date: Wed, 17 Oct 2018 17:30:33 +1100 [thread overview]
Message-ID: <20181017063032.GA1664@development.internal.lab> (raw)
In-Reply-To: <20181016115832.GJ18918@quack2.suse.cz>
On Tue, Oct 16, 2018 at 01:58:32PM +0200, Jan Kara wrote:
> On Thu 11-10-18 21:42:23, Matthew Bobrowski wrote:
> > A new event type FAN_OPEN_EXEC has been defined so that users have the
> > ability to receive events specifically when a file has been opened with
> > the intent to be executed.
>
> Can we perhaps expand this a bit to clarify that this means execve(),
> execve_at(), and uselib() syscalls? Then the sentence below could just
> clarify that feature is implemented by fanotify_open() generating
> FAN_OPEN_EXEC event if __FMODE_EXEC is set within file->f_flags. Thanks!
Updated.
I will include these updates within the new patch series I'm going to post
through.
> > The FAN_OPEN_EXEC flag is set within the fsnotify_open() hook only if a
> > file has the __FMODE_EXEC bit set within file->f_flags.
> >
> > Signed-off-by: Matthew Bobrowski <mbobrowski@mbobrowski.org>
> > ---
> > fs/notify/fanotify/fanotify.c | 3 ++-
> > fs/notify/fsnotify.c | 2 +-
> > include/linux/fanotify.h | 2 +-
> > include/linux/fsnotify.h | 2 ++
> > include/linux/fsnotify_backend.h | 7 +++++--
> > include/uapi/linux/fanotify.h | 1 +
> > 6 files changed, 12 insertions(+), 5 deletions(-)
> >
> > diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c
> > index 2c57186caa2e..b3e92302ed84 100644
> > --- a/fs/notify/fanotify/fanotify.c
> > +++ b/fs/notify/fanotify/fanotify.c
> > @@ -207,8 +207,9 @@ static int fanotify_handle_event(struct fsnotify_group *group,
> > BUILD_BUG_ON(FAN_OPEN_PERM != FS_OPEN_PERM);
> > BUILD_BUG_ON(FAN_ACCESS_PERM != FS_ACCESS_PERM);
> > BUILD_BUG_ON(FAN_ONDIR != FS_ISDIR);
> > + BUILD_BUG_ON(FAN_OPEN_EXEC != FS_OPEN_EXEC);
> >
> > - BUILD_BUG_ON(HWEIGHT32(ALL_FANOTIFY_EVENT_BITS) != 10);
> > + BUILD_BUG_ON(HWEIGHT32(ALL_FANOTIFY_EVENT_BITS) != 11);
> >
> > if (!fanotify_should_send_event(iter_info, mask, data, data_type))
> > return 0;
> > diff --git a/fs/notify/fsnotify.c b/fs/notify/fsnotify.c
> > index a0ad06285450..051e5fc0dba1 100644
> > --- a/fs/notify/fsnotify.c
> > +++ b/fs/notify/fsnotify.c
> > @@ -402,7 +402,7 @@ static __init int fsnotify_init(void)
> > {
> > int ret;
> >
> > - BUILD_BUG_ON(HWEIGHT32(ALL_FSNOTIFY_BITS) != 23);
> > + BUILD_BUG_ON(HWEIGHT32(ALL_FSNOTIFY_BITS) != 24);
> >
> > ret = init_srcu_struct(&fsnotify_mark_srcu);
> > if (ret)
> > diff --git a/include/linux/fanotify.h b/include/linux/fanotify.h
> > index 05b696b4856b..0e07d23b6c17 100644
> > --- a/include/linux/fanotify.h
> > +++ b/include/linux/fanotify.h
> > @@ -39,7 +39,7 @@
> >
> > /* Events that user can request to be notified on */
> > #define FANOTIFY_EVENTS (FAN_ACCESS | FAN_MODIFY | \
> > - FAN_CLOSE | FAN_OPEN)
> > + FAN_CLOSE | FAN_OPEN | FAN_OPEN_EXEC)
> >
> > /* Events that require a permission response from user */
> > #define FANOTIFY_PERM_EVENTS (FAN_OPEN_PERM | FAN_ACCESS_PERM)
> > diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
> > index fd1ce10553bf..1fe5ac93b252 100644
> > --- a/include/linux/fsnotify.h
> > +++ b/include/linux/fsnotify.h
> > @@ -215,6 +215,8 @@ static inline void fsnotify_open(struct file *file)
> >
> > if (S_ISDIR(inode->i_mode))
> > mask |= FS_ISDIR;
> > + if (file->f_flags & __FMODE_EXEC)
> > + mask |= FS_OPEN_EXEC;
> >
> > fsnotify_parent(path, NULL, mask);
> > fsnotify(inode, mask, path, FSNOTIFY_EVENT_PATH, NULL, 0);
> > diff --git a/include/linux/fsnotify_backend.h b/include/linux/fsnotify_backend.h
> > index 135b973e44d1..329ac6684326 100644
> > --- a/include/linux/fsnotify_backend.h
> > +++ b/include/linux/fsnotify_backend.h
> > @@ -38,6 +38,7 @@
> > #define FS_DELETE 0x00000200 /* Subfile was deleted */
> > #define FS_DELETE_SELF 0x00000400 /* Self was deleted */
> > #define FS_MOVE_SELF 0x00000800 /* Self was moved */
> > +#define FS_OPEN_EXEC 0x00001000 /* File was opened for exec */
> >
> > #define FS_UNMOUNT 0x00002000 /* inode on umount fs */
> > #define FS_Q_OVERFLOW 0x00004000 /* Event queued overflowed */
> > @@ -62,7 +63,8 @@
> > #define FS_EVENTS_POSS_ON_CHILD (FS_ACCESS | FS_MODIFY | FS_ATTRIB |\
> > FS_CLOSE_WRITE | FS_CLOSE_NOWRITE | FS_OPEN |\
> > FS_MOVED_FROM | FS_MOVED_TO | FS_CREATE |\
> > - FS_DELETE | FS_OPEN_PERM | FS_ACCESS_PERM)
> > + FS_DELETE | FS_OPEN_PERM | FS_ACCESS_PERM |\
> > + FS_OPEN_EXEC)
> >
> > #define FS_MOVE (FS_MOVED_FROM | FS_MOVED_TO)
> >
> > @@ -74,7 +76,8 @@
> > FS_MOVED_FROM | FS_MOVED_TO | FS_CREATE | \
> > FS_DELETE | FS_DELETE_SELF | FS_MOVE_SELF | \
> > FS_UNMOUNT | FS_Q_OVERFLOW | FS_IN_IGNORED | \
> > - FS_OPEN_PERM | FS_ACCESS_PERM | FS_DN_RENAME)
> > + FS_OPEN_PERM | FS_ACCESS_PERM | FS_DN_RENAME |\
> > + FS_OPEN_EXEC)
> >
> > /* Extra flags that may be reported with event or control handling of events */
> > #define ALL_FSNOTIFY_FLAGS (FS_EXCL_UNLINK | FS_ISDIR | FS_IN_ONESHOT | \
> > diff --git a/include/uapi/linux/fanotify.h b/include/uapi/linux/fanotify.h
> > index 00b2304ed124..da278f11ab29 100644
> > --- a/include/uapi/linux/fanotify.h
> > +++ b/include/uapi/linux/fanotify.h
> > @@ -10,6 +10,7 @@
> > #define FAN_CLOSE_WRITE 0x00000008 /* Writtable file closed */
> > #define FAN_CLOSE_NOWRITE 0x00000010 /* Unwrittable file closed */
> > #define FAN_OPEN 0x00000020 /* File was opened */
> > +#define FAN_OPEN_EXEC 0x00001000 /* File was opened for exec */
> >
> > #define FAN_Q_OVERFLOW 0x00004000 /* Event queued overflowed */
> >
> > --
> > 2.17.2
> >
> --
> Jan Kara <jack@suse.com>
> SUSE Labs, CR
next prev parent reply other threads:[~2018-10-17 14:24 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-11 10:42 [PATCH v4 0/3] fanotify: introduce new event types FAN_OPEN_EXEC and FAN_OPEN_EXEC_PERM Matthew Bobrowski
2018-10-11 10:42 ` [PATCH v4 1/3] fanotify: introduce new event type FAN_OPEN_EXEC Matthew Bobrowski
2018-10-16 11:58 ` Jan Kara
2018-10-17 6:30 ` Matthew Bobrowski [this message]
2018-10-11 10:42 ` [PATCH v4 2/3] fanotify: return only user requested event types in event mask Matthew Bobrowski
2018-10-11 11:03 ` Amir Goldstein
2018-10-16 11:52 ` Jan Kara
2018-10-17 6:30 ` Matthew Bobrowski
2018-10-11 10:43 ` [PATCH v4 3/3] fanotify: introduce new event type FAN_OPEN_EXEC_PERM Matthew Bobrowski
2018-10-16 12:04 ` Jan Kara
2018-10-17 6:33 ` Matthew Bobrowski
2018-10-17 11:23 ` Jan Kara
2018-10-11 11:02 ` [PATCH v4 0/3] fanotify: introduce new event types FAN_OPEN_EXEC and FAN_OPEN_EXEC_PERM Amir Goldstein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181017063032.GA1664@development.internal.lab \
--to=mbobrowski@mbobrowski.org \
--cc=amir73il@gmail.com \
--cc=jack@suse.cz \
--cc=linux-api@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=sgrubb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.