From: Christian Brauner <brauner@kernel.org>
To: Josef Bacik <josef@toxicpanda.com>
Cc: kernel-team@fb.com, linux-fsdevel@vger.kernel.org, jack@suse.cz,
amir73il@gmail.com, linux-xfs@vger.kernel.org,
gfs2@lists.linux.dev, linux-bcachefs@vger.kernel.org
Subject: Re: [PATCH v2 04/16] fanotify: introduce FAN_PRE_ACCESS permission event
Date: Fri, 9 Aug 2024 13:57:17 +0200 [thread overview]
Message-ID: <20240809-heizen-umgehen-b56bbe6b3409@brauner> (raw)
In-Reply-To: <e8d1f99389aa81f0bfbfb082f9cbaa614e59f994.1723144881.git.josef@toxicpanda.com>
On Thu, Aug 08, 2024 at 03:27:06PM GMT, Josef Bacik wrote:
> From: Amir Goldstein <amir73il@gmail.com>
>
> Similar to FAN_ACCESS_PERM permission event, but it is only allowed with
> class FAN_CLASS_PRE_CONTENT and only allowed on regular files and dirs.
>
> Unlike FAN_ACCESS_PERM, it is safe to write to the file being accessed
> in the context of the event handler.
>
> This pre-content event is meant to be used by hierarchical storage
> managers that want to fill the content of files on first read access.
>
> Signed-off-by: Amir Goldstein <amir73il@gmail.com>
> ---
> fs/notify/fanotify/fanotify.c | 3 ++-
> fs/notify/fanotify/fanotify_user.c | 17 ++++++++++++++---
> include/linux/fanotify.h | 14 ++++++++++----
> include/uapi/linux/fanotify.h | 2 ++
> 4 files changed, 28 insertions(+), 8 deletions(-)
>
> diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c
> index 224bccaab4cc..7dac8e4486df 100644
> --- a/fs/notify/fanotify/fanotify.c
> +++ b/fs/notify/fanotify/fanotify.c
> @@ -910,8 +910,9 @@ static int fanotify_handle_event(struct fsnotify_group *group, u32 mask,
> BUILD_BUG_ON(FAN_OPEN_EXEC_PERM != FS_OPEN_EXEC_PERM);
> BUILD_BUG_ON(FAN_FS_ERROR != FS_ERROR);
> BUILD_BUG_ON(FAN_RENAME != FS_RENAME);
> + BUILD_BUG_ON(FAN_PRE_ACCESS != FS_PRE_ACCESS);
>
> - BUILD_BUG_ON(HWEIGHT32(ALL_FANOTIFY_EVENT_BITS) != 21);
> + BUILD_BUG_ON(HWEIGHT32(ALL_FANOTIFY_EVENT_BITS) != 22);
>
> mask = fanotify_group_event_mask(group, iter_info, &match_mask,
> mask, data, data_type, dir);
> diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
> index 2e2fba8a9d20..c294849e474f 100644
> --- a/fs/notify/fanotify/fanotify_user.c
> +++ b/fs/notify/fanotify/fanotify_user.c
> @@ -1628,6 +1628,7 @@ static int fanotify_events_supported(struct fsnotify_group *group,
> unsigned int flags)
> {
> unsigned int mark_type = flags & FANOTIFY_MARK_TYPE_BITS;
> + bool is_dir = d_is_dir(path->dentry);
> /* Strict validation of events in non-dir inode mask with v5.17+ APIs */
> bool strict_dir_events = FAN_GROUP_FLAG(group, FAN_REPORT_TARGET_FID) ||
> (mask & FAN_RENAME) ||
> @@ -1665,9 +1666,15 @@ static int fanotify_events_supported(struct fsnotify_group *group,
> * but because we always allowed it, error only when using new APIs.
> */
> if (strict_dir_events && mark_type == FAN_MARK_INODE &&
> - !d_is_dir(path->dentry) && (mask & FANOTIFY_DIRONLY_EVENT_BITS))
> + !is_dir && (mask & FANOTIFY_DIRONLY_EVENT_BITS))
> return -ENOTDIR;
>
> + /* Pre-content events are only supported on regular files and dirs */
> + if (mask & FANOTIFY_PRE_CONTENT_EVENTS) {
> + if (!is_dir && !d_is_reg(path->dentry))
> + return -EINVAL;
> + }
> +
> return 0;
> }
>
> @@ -1769,11 +1776,15 @@ static int do_fanotify_mark(int fanotify_fd, unsigned int flags, __u64 mask,
> goto fput_and_out;
>
> /*
> - * Permission events require minimum priority FAN_CLASS_CONTENT.
> + * Permission events are not allowed for FAN_CLASS_NOTIF.
> + * Pre-content permission events are not allowed for FAN_CLASS_CONTENT.
> */
> ret = -EINVAL;
> if (mask & FANOTIFY_PERM_EVENTS &&
> - group->priority < FSNOTIFY_PRIO_CONTENT)
> + group->priority == FSNOTIFY_PRIO_NORMAL)
> + goto fput_and_out;
> + else if (mask & FANOTIFY_PRE_CONTENT_EVENTS &&
> + group->priority == FSNOTIFY_PRIO_CONTENT)
> goto fput_and_out;
>
> if (mask & FAN_FS_ERROR &&
> diff --git a/include/linux/fanotify.h b/include/linux/fanotify.h
> index 4f1c4f603118..5c811baf44d2 100644
> --- a/include/linux/fanotify.h
> +++ b/include/linux/fanotify.h
> @@ -88,6 +88,16 @@
> #define FANOTIFY_DIRENT_EVENTS (FAN_MOVE | FAN_CREATE | FAN_DELETE | \
> FAN_RENAME)
>
> +/* Content events can be used to inspect file content */
> +#define FANOTIFY_CONTENT_PERM_EVENTS (FAN_OPEN_PERM | FAN_OPEN_EXEC_PERM | \
> + FAN_ACCESS_PERM)
> +/* Pre-content events can be used to fill file content */
> +#define FANOTIFY_PRE_CONTENT_EVENTS (FAN_PRE_ACCESS)
> +
> +/* Events that require a permission response from user */
> +#define FANOTIFY_PERM_EVENTS (FANOTIFY_CONTENT_PERM_EVENTS | \
> + FANOTIFY_PRE_CONTENT_EVENTS)
> +
Fwiw, this is one of my pet peeves with fanotify. It uses nesting of
defines very liberally. For the occasional reader that needs to
understand what flags are checked for its quite an excercise having to
go back and resolving multiple levels of defines. I would humbly urge
some restraint in that area.
Reviewed-by: Christian Brauner <brauner@kernel.org>
next prev parent reply other threads:[~2024-08-09 11:57 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-08 19:27 [PATCH v2 00/16] fanotify: add pre-content hooks Josef Bacik
2024-08-08 19:27 ` [PATCH v2 01/16] fanotify: don't skip extra event info if no info_mode is set Josef Bacik
2024-08-08 19:27 ` [PATCH v2 02/16] fsnotify: introduce pre-content permission event Josef Bacik
2024-08-08 19:27 ` [PATCH v2 03/16] fsnotify: generate pre-content permission event on open Josef Bacik
2024-08-09 11:51 ` Christian Brauner
2024-08-08 19:27 ` [PATCH v2 04/16] fanotify: introduce FAN_PRE_ACCESS permission event Josef Bacik
2024-08-09 11:57 ` Christian Brauner [this message]
2024-08-08 19:27 ` [PATCH v2 05/16] fanotify: introduce FAN_PRE_MODIFY " Josef Bacik
2024-08-09 11:57 ` Christian Brauner
2024-08-08 19:27 ` [PATCH v2 06/16] fanotify: pass optional file access range in pre-content event Josef Bacik
2024-08-09 12:00 ` Christian Brauner
2024-08-09 18:36 ` Josef Bacik
2024-08-08 19:27 ` [PATCH v2 07/16] fanotify: rename a misnamed constant Josef Bacik
2024-08-09 11:41 ` Christian Brauner
2024-08-08 19:27 ` [PATCH v2 08/16] fanotify: report file range info with pre-content events Josef Bacik
2024-08-08 19:27 ` [PATCH v2 09/16] fanotify: allow to set errno in FAN_DENY permission response Josef Bacik
2024-08-09 12:06 ` Christian Brauner
2024-08-09 18:38 ` Josef Bacik
2024-08-08 19:27 ` [PATCH v2 10/16] fanotify: add a helper to check for pre content events Josef Bacik
2024-08-09 12:10 ` Christian Brauner
2024-08-08 19:27 ` [PATCH v2 11/16] fanotify: disable readahead if we have pre-content watches Josef Bacik
2024-08-09 12:12 ` Christian Brauner
2024-08-08 19:27 ` [PATCH v2 12/16] mm: don't allow huge faults for files with pre content watches Josef Bacik
2024-08-09 12:13 ` Christian Brauner
2024-08-08 19:27 ` [PATCH v2 13/16] fsnotify: generate pre-content permission event on page fault Josef Bacik
2024-08-09 10:34 ` Amir Goldstein
2024-08-09 14:19 ` Josef Bacik
2024-08-08 19:27 ` [PATCH v2 14/16] bcachefs: add pre-content fsnotify hook to fault Josef Bacik
2024-08-09 13:11 ` Amir Goldstein
2024-08-09 14:21 ` Josef Bacik
2024-08-08 19:27 ` [PATCH v2 15/16] gfs2: " Josef Bacik
2024-08-08 19:27 ` [PATCH v2 16/16] xfs: add pre-content fsnotify hook for write faults Josef Bacik
2024-08-08 22:03 ` Dave Chinner
2024-08-09 14:15 ` Josef Bacik
2024-08-08 22:15 ` [PATCH v2 00/16] fanotify: add pre-content hooks Dave Chinner
2024-08-09 14:18 ` Josef Bacik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240809-heizen-umgehen-b56bbe6b3409@brauner \
--to=brauner@kernel.org \
--cc=amir73il@gmail.com \
--cc=gfs2@lists.linux.dev \
--cc=jack@suse.cz \
--cc=josef@toxicpanda.com \
--cc=kernel-team@fb.com \
--cc=linux-bcachefs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox