From: Jan Kara <jack@suse.cz>
To: Amir Goldstein <amir73il@gmail.com>
Cc: Christian Brauner <brauner@kernel.org>,
Jens Axboe <axboe@kernel.dk>, Jan Kara <jack@suse.cz>,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH] fsnotify: compile out fsnotify permission hooks if !FANOTIFY_ACCESS_PERMISSIONS
Date: Wed, 10 Jan 2024 11:47:11 +0100 [thread overview]
Message-ID: <20240110104711.kbkkvugsp72kaigz@quack3> (raw)
In-Reply-To: <20240109182245.38884-1-amir73il@gmail.com>
On Tue 09-01-24 20:22:45, Amir Goldstein wrote:
> The depency of FANOTIFY_ACCESS_PERMISSIONS on SECURITY made sure that
> the fsnotify permission hooks were never called when SECURITY was
> disabled.
>
> Moving the fsnotify permission hook out of the secutiy hook broke that
> optimisation.
>
> Reported-and-tested-by: Jens Axboe <axboe@kernel.dk>
> Closes: https://lore.kernel.org/linux-fsdevel/53682ece-f0e7-48de-9a1c-879ee34b0449@kernel.dk/
> Fixes: d9e5d31084b0 ("fsnotify: optionally pass access range in file permission hooks")
> Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Originally I didn't notice this was directed to Christian but it makes
sense since he merged the original patches. The fix looks good (modulo the
typo fixes from Jens). Feel free to add:
Reviewed-by: Jan Kara <jack@suse.cz>
Honza
> ---
> include/linux/fsnotify.h | 19 +++++++++++++++++++
> 1 file changed, 19 insertions(+)
>
> diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
> index 11e6434b8e71..8300a5286988 100644
> --- a/include/linux/fsnotify.h
> +++ b/include/linux/fsnotify.h
> @@ -100,6 +100,7 @@ static inline int fsnotify_file(struct file *file, __u32 mask)
> return fsnotify_parent(path->dentry, mask, path, FSNOTIFY_EVENT_PATH);
> }
>
> +#ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS
> /*
> * fsnotify_file_area_perm - permission hook before access to file range
> */
> @@ -145,6 +146,24 @@ static inline int fsnotify_open_perm(struct file *file)
> return fsnotify_file(file, FS_OPEN_PERM);
> }
>
> +#else
> +static inline int fsnotify_file_area_perm(struct file *file, int perm_mask,
> + const loff_t *ppos, size_t count)
> +{
> + return 0;
> +}
> +
> +static inline int fsnotify_file_perm(struct file *file, int perm_mask)
> +{
> + return 0;
> +}
> +
> +static inline int fsnotify_open_perm(struct file *file)
> +{
> + return 0;
> +}
> +#endif
> +
> /*
> * fsnotify_link_count - inode's link count changed
> */
> --
> 2.34.1
>
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
prev parent reply other threads:[~2024-01-10 10:47 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-09 18:22 [PATCH] fsnotify: compile out fsnotify permission hooks if !FANOTIFY_ACCESS_PERMISSIONS Amir Goldstein
2024-01-09 18:23 ` Jens Axboe
2024-01-10 10:13 ` Jan Kara
2024-01-10 10:11 ` Christian Brauner
2024-01-10 10:47 ` Jan Kara [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240110104711.kbkkvugsp72kaigz@quack3 \
--to=jack@suse.cz \
--cc=amir73il@gmail.com \
--cc=axboe@kernel.dk \
--cc=brauner@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).