From: Josef Bacik <josef@toxicpanda.com>
To: Christian Brauner <brauner@kernel.org>
Cc: kernel-team@fb.com, linux-fsdevel@vger.kernel.org, jack@suse.cz,
amir73il@gmail.com, linux-xfs@vger.kernel.org,
gfs2@lists.linux.dev, linux-bcachefs@vger.kernel.org
Subject: Re: [PATCH v2 09/16] fanotify: allow to set errno in FAN_DENY permission response
Date: Fri, 9 Aug 2024 14:38:39 -0400 [thread overview]
Message-ID: <20240809183839.GB772468@perftesting> (raw)
In-Reply-To: <20240809-seemeilen-rundum-2096794f9851@brauner>
On Fri, Aug 09, 2024 at 02:06:56PM +0200, Christian Brauner wrote:
> On Thu, Aug 08, 2024 at 03:27:11PM GMT, Josef Bacik wrote:
> > From: Amir Goldstein <amir73il@gmail.com>
> >
> > With FAN_DENY response, user trying to perform the filesystem operation
> > gets an error with errno set to EPERM.
> >
> > It is useful for hierarchical storage management (HSM) service to be able
> > to deny access for reasons more diverse than EPERM, for example EAGAIN,
> > if HSM could retry the operation later.
> >
> > Allow fanotify groups with priority FAN_CLASSS_PRE_CONTENT to responsd
> > to permission events with the response value FAN_DENY_ERRNO(errno),
> > instead of FAN_DENY to return a custom error.
> >
> > Limit custom error values to errors expected on read(2)/write(2) and
> > open(2) of regular files. This list could be extended in the future.
> > Userspace can test for legitimate values of FAN_DENY_ERRNO(errno) by
> > writing a response to an fanotify group fd with a value of FAN_NOFD in
> > the fd field of the response.
> >
> > The change in fanotify_response is backward compatible, because errno is
> > written in the high 8 bits of the 32bit response field and old kernels
> > reject respose value with high bits set.
> >
> > Signed-off-by: Amir Goldstein <amir73il@gmail.com>
> > ---
> > fs/notify/fanotify/fanotify.c | 18 ++++++++++-----
> > fs/notify/fanotify/fanotify.h | 10 +++++++++
> > fs/notify/fanotify/fanotify_user.c | 36 +++++++++++++++++++++++++-----
> > include/linux/fanotify.h | 5 ++++-
> > include/uapi/linux/fanotify.h | 7 ++++++
> > 5 files changed, 65 insertions(+), 11 deletions(-)
> >
> > diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c
> > index 4e8dce39fa8f..1cbf41b34080 100644
> > --- a/fs/notify/fanotify/fanotify.c
> > +++ b/fs/notify/fanotify/fanotify.c
> > @@ -224,7 +224,8 @@ static int fanotify_get_response(struct fsnotify_group *group,
> > struct fanotify_perm_event *event,
> > struct fsnotify_iter_info *iter_info)
> > {
> > - int ret;
> > + int ret, errno;
> > + u32 decision;
> >
> > pr_debug("%s: group=%p event=%p\n", __func__, group, event);
> >
> > @@ -257,20 +258,27 @@ static int fanotify_get_response(struct fsnotify_group *group,
> > goto out;
> > }
> >
> > + decision = fanotify_get_response_decision(event->response);
> > /* userspace responded, convert to something usable */
> > - switch (event->response & FANOTIFY_RESPONSE_ACCESS) {
> > + switch (decision & FANOTIFY_RESPONSE_ACCESS) {
> > case FAN_ALLOW:
> > ret = 0;
> > break;
> > case FAN_DENY:
> > + /* Check custom errno from pre-content events */
> > + errno = fanotify_get_response_errno(event->response);
>
> Fwiw, you're fetching from event->response again but have already
> stashed it in @decision earlier. Probably just an oversight.
>
Decision is the part that has the errno masked off, event->response is the full
mask which will have the errno set in the upper bits, so we have to do the
separate call with event->response to get the errno. Thanks,
Josef
next prev parent reply other threads:[~2024-08-09 18:38 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-08 19:27 [PATCH v2 00/16] fanotify: add pre-content hooks Josef Bacik
2024-08-08 19:27 ` [PATCH v2 01/16] fanotify: don't skip extra event info if no info_mode is set Josef Bacik
2024-08-08 19:27 ` [PATCH v2 02/16] fsnotify: introduce pre-content permission event Josef Bacik
2024-08-08 19:27 ` [PATCH v2 03/16] fsnotify: generate pre-content permission event on open Josef Bacik
2024-08-09 11:51 ` Christian Brauner
2024-08-08 19:27 ` [PATCH v2 04/16] fanotify: introduce FAN_PRE_ACCESS permission event Josef Bacik
2024-08-09 11:57 ` Christian Brauner
2024-08-08 19:27 ` [PATCH v2 05/16] fanotify: introduce FAN_PRE_MODIFY " Josef Bacik
2024-08-09 11:57 ` Christian Brauner
2024-08-08 19:27 ` [PATCH v2 06/16] fanotify: pass optional file access range in pre-content event Josef Bacik
2024-08-09 12:00 ` Christian Brauner
2024-08-09 18:36 ` Josef Bacik
2024-08-08 19:27 ` [PATCH v2 07/16] fanotify: rename a misnamed constant Josef Bacik
2024-08-09 11:41 ` Christian Brauner
2024-08-08 19:27 ` [PATCH v2 08/16] fanotify: report file range info with pre-content events Josef Bacik
2024-08-08 19:27 ` [PATCH v2 09/16] fanotify: allow to set errno in FAN_DENY permission response Josef Bacik
2024-08-09 12:06 ` Christian Brauner
2024-08-09 18:38 ` Josef Bacik [this message]
2024-08-08 19:27 ` [PATCH v2 10/16] fanotify: add a helper to check for pre content events Josef Bacik
2024-08-09 12:10 ` Christian Brauner
2024-08-08 19:27 ` [PATCH v2 11/16] fanotify: disable readahead if we have pre-content watches Josef Bacik
2024-08-09 12:12 ` Christian Brauner
2024-08-08 19:27 ` [PATCH v2 12/16] mm: don't allow huge faults for files with pre content watches Josef Bacik
2024-08-09 12:13 ` Christian Brauner
2024-08-08 19:27 ` [PATCH v2 13/16] fsnotify: generate pre-content permission event on page fault Josef Bacik
2024-08-09 10:34 ` Amir Goldstein
2024-08-09 14:19 ` Josef Bacik
2024-08-08 19:27 ` [PATCH v2 14/16] bcachefs: add pre-content fsnotify hook to fault Josef Bacik
2024-08-09 13:11 ` Amir Goldstein
2024-08-09 14:21 ` Josef Bacik
2024-08-08 19:27 ` [PATCH v2 15/16] gfs2: " Josef Bacik
2024-08-08 19:27 ` [PATCH v2 16/16] xfs: add pre-content fsnotify hook for write faults Josef Bacik
2024-08-08 22:03 ` Dave Chinner
2024-08-09 14:15 ` Josef Bacik
2024-08-08 22:15 ` [PATCH v2 00/16] fanotify: add pre-content hooks Dave Chinner
2024-08-09 14:18 ` Josef Bacik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240809183839.GB772468@perftesting \
--to=josef@toxicpanda.com \
--cc=amir73il@gmail.com \
--cc=brauner@kernel.org \
--cc=gfs2@lists.linux.dev \
--cc=jack@suse.cz \
--cc=kernel-team@fb.com \
--cc=linux-bcachefs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.