From: Jan Kara <jack@suse.cz>
To: Josef Bacik <josef@toxicpanda.com>
Cc: kernel-team@fb.com, linux-fsdevel@vger.kernel.org, jack@suse.cz,
amir73il@gmail.com, brauner@kernel.org,
linux-xfs@vger.kernel.org, gfs2@lists.linux.dev,
linux-bcachefs@vger.kernel.org
Subject: Re: [PATCH v4 09/16] fanotify: allow to set errno in FAN_DENY permission response
Date: Thu, 29 Aug 2024 12:25:46 +0200 [thread overview]
Message-ID: <20240829102546.ouke3obnq5o4nx5l@quack3> (raw)
In-Reply-To: <728fb849cd446e6b9a5b9fb9e9985c7d3bd9896a.1723670362.git.josef@toxicpanda.com>
On Wed 14-08-24 17:25:27, Josef Bacik wrote:
> From: Amir Goldstein <amir73il@gmail.com>
>
> With FAN_DENY response, user trying to perform the filesystem operation
> gets an error with errno set to EPERM.
>
> It is useful for hierarchical storage management (HSM) service to be able
> to deny access for reasons more diverse than EPERM, for example EAGAIN,
> if HSM could retry the operation later.
>
> Allow fanotify groups with priority FAN_CLASSS_PRE_CONTENT to responsd
> to permission events with the response value FAN_DENY_ERRNO(errno),
> instead of FAN_DENY to return a custom error.
>
> Limit custom error values to errors expected on read(2)/write(2) and
> open(2) of regular files. This list could be extended in the future.
> Userspace can test for legitimate values of FAN_DENY_ERRNO(errno) by
> writing a response to an fanotify group fd with a value of FAN_NOFD in
> the fd field of the response.
>
> The change in fanotify_response is backward compatible, because errno is
> written in the high 8 bits of the 32bit response field and old kernels
> reject respose value with high bits set.
>
> Signed-off-by: Amir Goldstein <amir73il@gmail.com>
...
> diff --git a/fs/notify/fanotify/fanotify.h b/fs/notify/fanotify/fanotify.h
> index 7f06355afa1f..d0722ef13138 100644
> --- a/fs/notify/fanotify/fanotify.h
> +++ b/fs/notify/fanotify/fanotify.h
> @@ -528,3 +528,13 @@ static inline unsigned int fanotify_mark_user_flags(struct fsnotify_mark *mark)
>
> return mflags;
> }
> +
> +static inline u32 fanotify_get_response_decision(u32 res)
> +{
> + return res & (FANOTIFY_RESPONSE_ACCESS | FANOTIFY_RESPONSE_FLAGS);
> +}
I'm not convinced this helper really helps readability. Probably I'll drop
it on commit...
> +
> +static inline int fanotify_get_response_errno(int res)
'res' should be u32 here. Otherwise C compiler would do arithmetic shifting
and returned errno would be wrong. I can fix this on commit.
> +{
> + return res >> FAN_ERRNO_SHIFT;
> +}
Honza
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
next prev parent reply other threads:[~2024-08-29 10:25 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-14 21:25 [PATCH v4 00/16] fanotify: add pre-content hooks Josef Bacik
2024-08-14 21:25 ` [PATCH v4 01/16] fanotify: don't skip extra event info if no info_mode is set Josef Bacik
2024-08-14 21:25 ` [PATCH v4 02/16] fsnotify: introduce pre-content permission event Josef Bacik
2024-08-14 21:25 ` [PATCH v4 03/16] fsnotify: generate pre-content permission event on open Josef Bacik
2024-08-14 21:25 ` [PATCH v4 04/16] fanotify: introduce FAN_PRE_ACCESS permission event Josef Bacik
2024-08-14 21:25 ` [PATCH v4 05/16] fanotify: introduce FAN_PRE_MODIFY " Josef Bacik
2024-08-14 21:25 ` [PATCH v4 06/16] fanotify: pass optional file access range in pre-content event Josef Bacik
2024-08-14 21:25 ` [PATCH v4 07/16] fanotify: rename a misnamed constant Josef Bacik
2024-08-14 21:25 ` [PATCH v4 08/16] fanotify: report file range info with pre-content events Josef Bacik
2024-08-29 10:13 ` Jan Kara
2024-08-14 21:25 ` [PATCH v4 09/16] fanotify: allow to set errno in FAN_DENY permission response Josef Bacik
2024-08-29 10:25 ` Jan Kara [this message]
2024-08-14 21:25 ` [PATCH v4 10/16] fanotify: add a helper to check for pre content events Josef Bacik
2024-08-14 21:25 ` [PATCH v4 11/16] fanotify: disable readahead if we have pre-content watches Josef Bacik
2024-08-29 10:48 ` Jan Kara
2024-08-29 12:44 ` Josef Bacik
2024-08-14 21:25 ` [PATCH v4 12/16] mm: don't allow huge faults for files with pre content watches Josef Bacik
2024-08-29 10:51 ` Jan Kara
2024-08-14 21:25 ` [PATCH v4 13/16] fsnotify: generate pre-content permission event on page fault Josef Bacik
2024-08-29 11:07 ` Jan Kara
2024-08-14 21:25 ` [PATCH v4 14/16] bcachefs: add pre-content fsnotify hook to fault Josef Bacik
2024-08-29 11:10 ` Jan Kara
2024-08-29 11:26 ` Kent Overstreet
2024-08-29 12:46 ` Josef Bacik
2024-08-29 12:55 ` Kent Overstreet
2024-08-29 12:25 ` Kent Overstreet
2024-08-14 21:25 ` [PATCH v4 15/16] gfs2: " Josef Bacik
2024-08-29 11:15 ` Jan Kara
2024-08-29 11:26 ` Amir Goldstein
2024-08-29 11:43 ` Jan Kara
2024-08-29 12:49 ` Amir Goldstein
2024-08-29 12:42 ` Josef Bacik
2024-08-14 21:25 ` [PATCH v4 16/16] xfs: add pre-content fsnotify hook for write faults Josef Bacik
2024-08-29 11:17 ` Jan Kara
2024-08-30 23:28 ` Darrick J. Wong
2024-09-02 10:23 ` Jan Kara
2024-09-02 11:19 ` Christian Brauner
2024-08-29 21:41 ` [PATCH v4 00/16] fanotify: add pre-content hooks Darrick J. Wong
2024-08-30 8:55 ` Amir Goldstein
2024-08-30 23:22 ` Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240829102546.ouke3obnq5o4nx5l@quack3 \
--to=jack@suse.cz \
--cc=amir73il@gmail.com \
--cc=brauner@kernel.org \
--cc=gfs2@lists.linux.dev \
--cc=josef@toxicpanda.com \
--cc=kernel-team@fb.com \
--cc=linux-bcachefs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).