From: Jan Kara <jack@suse.cz>
To: Matthew Bobrowski <mbobrowski@mbobrowski.org>
Cc: Jan Kara <jack@suse.cz>, Amir Goldstein <amir73il@gmail.com>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>
Subject: Re: [PATCH] fanotify: Disallow permission events for proc filesystem
Date: Wed, 22 May 2019 11:42:01 +0200 [thread overview]
Message-ID: <20190522094201.GF17019@quack2.suse.cz> (raw)
In-Reply-To: <20190521215716.GB20383@neo>
On Wed 22-05-19 07:57:18, Matthew Bobrowski wrote:
> On Thu, May 16, 2019 at 10:36:32AM +0200, Jan Kara wrote:
> > On Thu 16-05-19 08:54:37, Amir Goldstein wrote:
> > > > Signed-off-by: Jan Kara <jack@suse.cz>
> > > > ---
> > > > fs/notify/fanotify/fanotify_user.c | 20 ++++++++++++++++++++
> > > > 1 file changed, 20 insertions(+)
> > > >
> > > > diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
> > > > index a90bb19dcfa2..73719949faa6 100644
> > > > --- a/fs/notify/fanotify/fanotify_user.c
> > > > +++ b/fs/notify/fanotify/fanotify_user.c
> > > > @@ -920,6 +920,20 @@ static int fanotify_test_fid(struct path *path, __kernel_fsid_t *fsid)
> > > > return 0;
> > > > }
> > > >
> > > > +static int fanotify_events_supported(struct path *path, __u64 mask)
> > > > +{
> > > > + /*
> > > > + * Proc is special and various files have special locking rules so
> > > > + * fanotify permission events have high chances of deadlocking the
> > > > + * system. Just disallow them.
> > > > + */
> > > > + if (mask & FANOTIFY_PERM_EVENTS &&
> > > > + !strcmp(path->mnt->mnt_sb->s_type->name, "proc")) {
> > >
> > > Better use an SB_I_ flag to forbid permission events on fs?
> >
> > So checking s_type->name indeed felt dirty. I don't think we need a
> > superblock flag though. I'll probably just go with FS_XXX flag in
> > file_system_type.
>
> Would the same apply for some files that backed by sysfs and reside in
> /sys?
So far I'm not aware of similar easy to trigger deadlocks with sysfs. So I
opted for a cautious path and disabled permission events only for proc.
We'll see how that fares.
> > > > + return -EOPNOTSUPP;
> > >
> > > I would go with EINVAL following precedent of per filesystem flags
> > > check on rename(2), but not insisting.
> >
> > I was undecided between EOPNOTSUPP and EINVAL. So let's go with EINVAL.
>
> I was also thinking that EINVAL makes more sense in this particular
> case.
Good, that's what I used in v2.
> > > Anyway, following Matthew's man page update for FAN_REPORT_FID,
> > > we should also add this as reason for EOPNOTSUPP/EINVAL.
> >
> > Good point.
>
> I've followed up Michael in regards to the FAN_REPORT_FID patch series,
> but no response as of yet. I'm happy to write the changes for this one
> if you like?
If you had time for that, that would be nice. Thanks!
Honza
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
next prev parent reply other threads:[~2019-05-22 9:42 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-15 19:33 [PATCH] fanotify: Disallow permission events for proc filesystem Jan Kara
2019-05-16 5:54 ` Amir Goldstein
2019-05-16 8:36 ` Jan Kara
2019-05-21 21:57 ` Matthew Bobrowski
2019-05-22 9:42 ` Jan Kara [this message]
2019-05-26 11:38 ` Matthew Bobrowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190522094201.GF17019@quack2.suse.cz \
--to=jack@suse.cz \
--cc=amir73il@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=mbobrowski@mbobrowski.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).