From: Jan Kara <jack@suse.cz>
To: Amir Goldstein <amir73il@gmail.com>
Cc: Jan Kara <jack@suse.cz>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Matthew Bobrowski <mbobrowski@mbobrowski.org>
Subject: Re: [PATCH] fanotify: Disallow permission events for proc filesystem
Date: Thu, 16 May 2019 10:36:32 +0200 [thread overview]
Message-ID: <20190516083632.GC13274@quack2.suse.cz> (raw)
In-Reply-To: <CAOQ4uxhKV9qXGDA6PuCKrbBjM_f2ed_XScY3KkWVX8PXzwCwCA@mail.gmail.com>
On Thu 16-05-19 08:54:37, Amir Goldstein wrote:
> On Wed, May 15, 2019 at 10:33 PM Jan Kara <jack@suse.cz> wrote:
> >
> > Proc filesystem has special locking rules for various files. Thus
> > fanotify which opens files on event delivery can easily deadlock
> > against another process that waits for fanotify permission event to be
> > handled. Since permission events on /proc have doubtful value anyway,
> > just disallow them.
> >
>
> Let's add context:
> Link: https://lore.kernel.org/linux-fsdevel/20190320131642.GE9485@quack2.suse.cz/
OK, will add.
> > Signed-off-by: Jan Kara <jack@suse.cz>
> > ---
> > fs/notify/fanotify/fanotify_user.c | 20 ++++++++++++++++++++
> > 1 file changed, 20 insertions(+)
> >
> > diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
> > index a90bb19dcfa2..73719949faa6 100644
> > --- a/fs/notify/fanotify/fanotify_user.c
> > +++ b/fs/notify/fanotify/fanotify_user.c
> > @@ -920,6 +920,20 @@ static int fanotify_test_fid(struct path *path, __kernel_fsid_t *fsid)
> > return 0;
> > }
> >
> > +static int fanotify_events_supported(struct path *path, __u64 mask)
> > +{
> > + /*
> > + * Proc is special and various files have special locking rules so
> > + * fanotify permission events have high chances of deadlocking the
> > + * system. Just disallow them.
> > + */
> > + if (mask & FANOTIFY_PERM_EVENTS &&
> > + !strcmp(path->mnt->mnt_sb->s_type->name, "proc")) {
>
> Better use an SB_I_ flag to forbid permission events on fs?
So checking s_type->name indeed felt dirty. I don't think we need a
superblock flag though. I'll probably just go with FS_XXX flag in
file_system_type.
>
> > + return -EOPNOTSUPP;
>
> I would go with EINVAL following precedent of per filesystem flags
> check on rename(2), but not insisting.
I was undecided between EOPNOTSUPP and EINVAL. So let's go with EINVAL.
> Anyway, following Matthew's man page update for FAN_REPORT_FID,
> we should also add this as reason for EOPNOTSUPP/EINVAL.
Good point.
Thanks for review!
Honza
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
next prev parent reply other threads:[~2019-05-16 8:36 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-15 19:33 [PATCH] fanotify: Disallow permission events for proc filesystem Jan Kara
2019-05-16 5:54 ` Amir Goldstein
2019-05-16 8:36 ` Jan Kara [this message]
2019-05-21 21:57 ` Matthew Bobrowski
2019-05-22 9:42 ` Jan Kara
2019-05-26 11:38 ` Matthew Bobrowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190516083632.GC13274@quack2.suse.cz \
--to=jack@suse.cz \
--cc=amir73il@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=mbobrowski@mbobrowski.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).