From: Eric Paris <eparis@redhat.com>
To: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org
Cc: agruen@suse.de, tvrtko.ursulin@sophos.com
Subject: [PATCH 12/20] fanotify: allow userspace to override max marks
Date: Thu, 28 Oct 2010 17:32:44 -0400 [thread overview]
Message-ID: <20101028213244.24810.19075.stgit@paris.rdu.redhat.com> (raw)
In-Reply-To: <20101028213139.24810.34058.stgit@paris.rdu.redhat.com>
Some fanotify groups, especially those like AV scanners, will need to place
lots of marks, particularly ignore marks. Since ignore marks do not pin
inodes in cache and are cleared if the inode is removed from core (usually
under memory pressure) we expose an interface for listeners, with
CAP_SYS_ADMIN, to override the maximum number of marks and be allowed to
set and 'unlimited' number of marks. Programs which make use of this
feature will be able to OOM a machine.
Signed-off-by: Eric Paris <eparis@redhat.com>
---
fs/notify/fanotify/fanotify_user.c | 9 ++++++++-
include/linux/fanotify.h | 4 +++-
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
index 1d33d7d..f921610 100644
--- a/fs/notify/fanotify/fanotify_user.c
+++ b/fs/notify/fanotify/fanotify_user.c
@@ -707,7 +707,14 @@ SYSCALL_DEFINE2(fanotify_init, unsigned int, flags, unsigned int, event_f_flags)
group->max_events = FANOTIFY_DEFAULT_MAX_EVENTS;
}
- group->fanotify_data.max_marks = FANOTIFY_DEFAULT_MAX_MARKS;
+ if (flags & FAN_UNLIMITED_MARKS) {
+ fd = -EPERM;
+ if (!capable(CAP_SYS_ADMIN))
+ goto out_put_group;
+ group->fanotify_data.max_marks = UINT_MAX;
+ } else {
+ group->fanotify_data.max_marks = FANOTIFY_DEFAULT_MAX_MARKS;
+ }
fd = anon_inode_getfd("[fanotify]", &fanotify_fops, group, f_flags);
if (fd < 0)
diff --git a/include/linux/fanotify.h b/include/linux/fanotify.h
index e37f559..7592a36 100644
--- a/include/linux/fanotify.h
+++ b/include/linux/fanotify.h
@@ -32,9 +32,11 @@
FAN_CLASS_PRE_CONTENT)
#define FAN_UNLIMITED_QUEUE 0x00000010
+#define FAN_UNLIMITED_MARKS 0x00000020
#define FAN_ALL_INIT_FLAGS (FAN_CLOEXEC | FAN_NONBLOCK | \
- FAN_ALL_CLASS_BITS | FAN_UNLIMITED_QUEUE)
+ FAN_ALL_CLASS_BITS | FAN_UNLIMITED_QUEUE |\
+ FAN_UNLIMITED_MARKS)
/* flags used for fanotify_modify_mark() */
#define FAN_MARK_ADD 0x00000001
next prev parent reply other threads:[~2010-10-28 21:32 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-28 21:31 [PATCH 01/20] fanotify: allow fanotify to be built Eric Paris
2010-10-28 21:31 ` [PATCH 02/20] fsnotify: implement ordering between notifiers Eric Paris
2010-10-28 21:31 ` [PATCH 03/20] fanotify: implement fanotify listener ordering Eric Paris
2010-10-29 15:01 ` John Stoffel
2010-10-28 21:31 ` [PATCH 04/20] fanotify: use __aligned_u64 in fanotify userspace metadata Eric Paris
2010-10-28 21:32 ` [PATCH 05/20] fsnotify: correctly handle return codes from listeners Eric Paris
2010-10-28 21:32 ` [PATCH 06/20] fsnotify: call fsnotify_parent in perm events Eric Paris
2010-10-28 21:32 ` [PATCH 07/20] fanotify: allow userspace to flush all marks Eric Paris
2010-10-28 21:32 ` [PATCH 08/20] fanotify: ignore fanotify ignore marks if open writers Eric Paris
2010-10-28 21:32 ` [PATCH 09/20] fsnotify: implement a default maximum queue depth Eric Paris
2010-10-28 21:32 ` [PATCH 10/20] fanotify: allow userspace to override max " Eric Paris
2010-11-01 17:09 ` Tvrtko Ursulin
2010-11-01 17:23 ` Eric Paris
2010-11-01 17:34 ` Tvrtko Ursulin
2010-10-28 21:32 ` [PATCH 11/20] fanotify: limit the number of marks in a single fanotify group Eric Paris
2010-10-28 21:32 ` Eric Paris [this message]
2010-11-01 17:16 ` [PATCH 12/20] fanotify: allow userspace to override max marks Tvrtko Ursulin
2010-10-28 21:32 ` [PATCH 13/20] fanotify: limit number of listeners per user Eric Paris
2010-10-28 21:32 ` [PATCH 14/20] fanotify: do not send events for irregular files Eric Paris
2010-10-28 21:33 ` [PATCH 15/20] fsnotify: rename FS_IN_ISDIR to FS_ISDIR Eric Paris
2010-10-28 21:33 ` [PATCH 16/20] fanotify: ignore events on directories unless specifically requested Eric Paris
2010-10-28 21:33 ` [PATCH 17/20] fanotify: do not recalculate the mask if the ignored mask changed Eric Paris
2010-10-28 21:33 ` [PATCH 18/20] fanotify: Fix FAN_CLOSE comments Eric Paris
2010-10-28 21:33 ` [PATCH 19/20] fs/notify/fanotify/fanotify_user.c: fix warnings Eric Paris
2010-10-28 21:33 ` [PATCH 20/20] fsnotify: remove alignment padding from fsnotify_mark on 64 bit builds Eric Paris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101028213244.24810.19075.stgit@paris.rdu.redhat.com \
--to=eparis@redhat.com \
--cc=agruen@suse.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tvrtko.ursulin@sophos.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).