From: Song Liu <songliubraving@meta.com>
To: Jan Kara <jack@suse.cz>
Cc: Song Liu <song@kernel.org>, bpf <bpf@vger.kernel.org>,
Linux-Fsdevel <linux-fsdevel@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Kernel Team <kernel-team@meta.com>,
Andrii Nakryiko <andrii@kernel.org>,
Eduard Zingerman <eddyz87@gmail.com>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Martin KaFai Lau <martin.lau@linux.dev>,
Al Viro <viro@zeniv.linux.org.uk>,
Christian Brauner <brauner@kernel.org>,
KP Singh <kpsingh@kernel.org>,
Matt Bobrowski <mattbobrowski@google.com>,
Amir Goldstein <amir73il@gmail.com>,
"repnop@google.com" <repnop@google.com>,
"jlayton@kernel.org" <jlayton@kernel.org>,
Josef Bacik <josef@toxicpanda.com>
Subject: Re: [RFC bpf-next fanotify 1/5] fanotify: Introduce fanotify fastpath handler
Date: Thu, 7 Nov 2024 19:13:23 +0000 [thread overview]
Message-ID: <AE6EEE9B-B84F-4097-859B-B4509F2B6AF8@fb.com> (raw)
In-Reply-To: <20241107104821.xpu45m3volgixour@quack3>
> On Nov 7, 2024, at 2:48 AM, Jan Kara <jack@suse.cz> wrote:
>
> On Tue 29-10-24 16:12:40, Song Liu wrote:
>> fanotify fastpath handler enables handling fanotify events within the
>> kernel, and thus saves a trip to the user space. fanotify fastpath handler
>> can be useful in many use cases. For example, if a user is only interested
>> in events for some files in side a directory, a fastpath handler can be
>> used to filter out irrelevant events.
>>
>> fanotify fastpath handler is attached to fsnotify_group. At most one
>> fastpath handler can be attached to a fsnotify_group. The attach/detach
>> of fastpath handlers are controlled by two new ioctls on the fanotify fds:
>> FAN_IOC_ADD_FP and FAN_IOC_DEL_FP.
>>
>> fanotify fastpath handler is packaged in a kernel module. In the future,
>> it is also possible to package fastpath handler in a BPF program. Since
>> loading modules requires CAP_SYS_ADMIN, _loading_ fanotify fastpath
>> handler in kernel modules is limited to CAP_SYS_ADMIN. However,
>> non-SYS_CAP_ADMIN users can _attach_ fastpath handler loaded by sys admin
>> to their fanotify fds. To make fanotify fastpath handler more useful
>> for non-CAP_SYS_ADMIN users, a fastpath handler can take arguments at
>> attach time.
>
> Hum, I'm not sure I'd be fine as an sysadmin to allow arbitary users to
> attach arbitrary filters to their groups. I might want some filters for
> priviledged programs which know what they are doing (e.g. because the
> filters are expensive) and other filters may be fine for anybody. But
> overall I'd think we'll soon hit requirements for permission control over
> who can attach what... Somebody must have created a solution for this
> already?
I have "flags" in fanotify_fastpath_ops. In an earlier version of my
local code, I actually have "SYS_ADMIN_ONLY" flag that specifies some
filters are only available to users with CAP_SYS_ADMIN. I removed this
flag later before sending the first RFC for simplicity.
The model here (fast path loaded in kernel modules) is similar to
different TCP congestion control algorithms. Regular user can choose
which algorithm to use for each TCP connection. This model is
straightforward because the kernel modules are global. With BPF, we
have the option not to add the fast path to a global list, so that
whoever loads the fast path can attach it to specific group (I didn't
include this model in the RFC).
For the first version, I think a SYS_ADMIN_ONLY flag would be good
enough?
Thanks,
Song
next prev parent reply other threads:[~2024-11-07 19:13 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-29 23:12 [RFC bpf-next fanotify 0/5] Fanotify fastpath handler Song Liu
2024-10-29 23:12 ` [RFC bpf-next fanotify 1/5] fanotify: Introduce fanotify " Song Liu
2024-10-30 12:45 ` Jeff Layton
2024-11-07 10:48 ` Jan Kara
2024-11-07 19:13 ` Song Liu [this message]
2024-11-11 14:09 ` Jan Kara
2024-10-29 23:12 ` [RFC bpf-next fanotify 2/5] samples/fanotify: Add a sample " Song Liu
2024-10-30 0:11 ` Al Viro
2024-10-30 1:48 ` Al Viro
2024-10-30 2:07 ` Song Liu
2024-10-30 2:35 ` Song Liu
2024-10-30 13:03 ` Jeff Layton
2024-10-30 20:30 ` Song Liu
2024-10-31 0:23 ` Jeff Layton
2024-10-31 1:52 ` Song Liu
2024-11-06 19:40 ` Amir Goldstein
2024-11-06 22:10 ` Song Liu
2024-11-07 10:41 ` Jan Kara
2024-11-07 19:39 ` Song Liu
2024-11-07 11:19 ` Amir Goldstein
2024-11-07 19:39 ` Song Liu
2024-11-02 2:57 ` kernel test robot
2024-10-29 23:12 ` [RFC bpf-next fanotify 3/5] bpf: Make bpf inode storage available to tracing programs Song Liu
2024-10-29 23:12 ` [RFC bpf-next fanotify 4/5] fanotify: Enable bpf based fanotify fastpath handler Song Liu
2024-11-02 5:02 ` kernel test robot
2024-11-02 5:23 ` kernel test robot
2024-10-29 23:12 ` [RFC bpf-next fanotify 5/5] selftests/bpf: Add test for BPF " Song Liu
2024-11-07 11:10 ` Amir Goldstein
2024-11-07 19:53 ` Song Liu
2024-11-07 20:33 ` Amir Goldstein
2024-11-07 20:48 ` Song Liu
2024-11-08 8:18 ` Amir Goldstein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AE6EEE9B-B84F-4097-859B-B4509F2B6AF8@fb.com \
--to=songliubraving@meta.com \
--cc=amir73il@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brauner@kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=jack@suse.cz \
--cc=jlayton@kernel.org \
--cc=josef@toxicpanda.com \
--cc=kernel-team@meta.com \
--cc=kpsingh@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=mattbobrowski@google.com \
--cc=repnop@google.com \
--cc=song@kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.