* [PATCH] fsnotify: compile out fsnotify permission hooks if !FANOTIFY_ACCESS_PERMISSIONS
@ 2024-01-09 18:22 Amir Goldstein
2024-01-09 18:23 ` Jens Axboe
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Amir Goldstein @ 2024-01-09 18:22 UTC (permalink / raw)
To: Christian Brauner; +Cc: Jens Axboe, Jan Kara, linux-fsdevel
The depency of FANOTIFY_ACCESS_PERMISSIONS on SECURITY made sure that
the fsnotify permission hooks were never called when SECURITY was
disabled.
Moving the fsnotify permission hook out of the secutiy hook broke that
optimisation.
Reported-and-tested-by: Jens Axboe <axboe@kernel.dk>
Closes: https://lore.kernel.org/linux-fsdevel/53682ece-f0e7-48de-9a1c-879ee34b0449@kernel.dk/
Fixes: d9e5d31084b0 ("fsnotify: optionally pass access range in file permission hooks")
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
---
include/linux/fsnotify.h | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
index 11e6434b8e71..8300a5286988 100644
--- a/include/linux/fsnotify.h
+++ b/include/linux/fsnotify.h
@@ -100,6 +100,7 @@ static inline int fsnotify_file(struct file *file, __u32 mask)
return fsnotify_parent(path->dentry, mask, path, FSNOTIFY_EVENT_PATH);
}
+#ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS
/*
* fsnotify_file_area_perm - permission hook before access to file range
*/
@@ -145,6 +146,24 @@ static inline int fsnotify_open_perm(struct file *file)
return fsnotify_file(file, FS_OPEN_PERM);
}
+#else
+static inline int fsnotify_file_area_perm(struct file *file, int perm_mask,
+ const loff_t *ppos, size_t count)
+{
+ return 0;
+}
+
+static inline int fsnotify_file_perm(struct file *file, int perm_mask)
+{
+ return 0;
+}
+
+static inline int fsnotify_open_perm(struct file *file)
+{
+ return 0;
+}
+#endif
+
/*
* fsnotify_link_count - inode's link count changed
*/
--
2.34.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] fsnotify: compile out fsnotify permission hooks if !FANOTIFY_ACCESS_PERMISSIONS
2024-01-09 18:22 [PATCH] fsnotify: compile out fsnotify permission hooks if !FANOTIFY_ACCESS_PERMISSIONS Amir Goldstein
@ 2024-01-09 18:23 ` Jens Axboe
2024-01-10 10:13 ` Jan Kara
2024-01-10 10:11 ` Christian Brauner
2024-01-10 10:47 ` Jan Kara
2 siblings, 1 reply; 5+ messages in thread
From: Jens Axboe @ 2024-01-09 18:23 UTC (permalink / raw)
To: Amir Goldstein, Christian Brauner; +Cc: Jan Kara, linux-fsdevel
On 1/9/24 11:22 AM, Amir Goldstein wrote:
> The depency of FANOTIFY_ACCESS_PERMISSIONS on SECURITY made sure that
dependency
> the fsnotify permission hooks were never called when SECURITY was
> disabled.
>
> Moving the fsnotify permission hook out of the secutiy hook broke that
security
> optimisation.
Patch obviously looks good to me, as I already tested it :-)
Thanks for fixing this up.
--
Jens Axboe
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] fsnotify: compile out fsnotify permission hooks if !FANOTIFY_ACCESS_PERMISSIONS
2024-01-09 18:22 [PATCH] fsnotify: compile out fsnotify permission hooks if !FANOTIFY_ACCESS_PERMISSIONS Amir Goldstein
2024-01-09 18:23 ` Jens Axboe
@ 2024-01-10 10:11 ` Christian Brauner
2024-01-10 10:47 ` Jan Kara
2 siblings, 0 replies; 5+ messages in thread
From: Christian Brauner @ 2024-01-10 10:11 UTC (permalink / raw)
To: Amir Goldstein; +Cc: Christian Brauner, Jens Axboe, Jan Kara, linux-fsdevel
On Tue, 09 Jan 2024 20:22:45 +0200, Amir Goldstein wrote:
> The depency of FANOTIFY_ACCESS_PERMISSIONS on SECURITY made sure that
> the fsnotify permission hooks were never called when SECURITY was
> disabled.
>
> Moving the fsnotify permission hook out of the secutiy hook broke that
> optimisation.
>
> [...]
Applied to the vfs.fixes branch of the vfs/vfs.git tree.
Patches in the vfs.fixes branch should appear in linux-next soon.
Please report any outstanding bugs that were missed during review in a
new review to the original patch series allowing us to drop it.
It's encouraged to provide Acked-bys and Reviewed-bys even though the
patch has now been applied. If possible patch trailers will be updated.
Note that commit hashes shown below are subject to change due to rebase,
trailer updates or similar. If in doubt, please check the listed branch.
tree: https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git
branch: vfs.fixes
[1/1] fsnotify: compile out fsnotify permission hooks if !FANOTIFY_ACCESS_PERMISSIONS
https://git.kernel.org/vfs/vfs/c/b0f2ac4fe541
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] fsnotify: compile out fsnotify permission hooks if !FANOTIFY_ACCESS_PERMISSIONS
2024-01-09 18:23 ` Jens Axboe
@ 2024-01-10 10:13 ` Jan Kara
0 siblings, 0 replies; 5+ messages in thread
From: Jan Kara @ 2024-01-10 10:13 UTC (permalink / raw)
To: Jens Axboe; +Cc: Amir Goldstein, Christian Brauner, Jan Kara, linux-fsdevel
On Tue 09-01-24 11:23:49, Jens Axboe wrote:
> On 1/9/24 11:22 AM, Amir Goldstein wrote:
> > The depency of FANOTIFY_ACCESS_PERMISSIONS on SECURITY made sure that
>
> dependency
>
> > the fsnotify permission hooks were never called when SECURITY was
> > disabled.
> >
> > Moving the fsnotify permission hook out of the secutiy hook broke that
>
> security
>
> > optimisation.
>
> Patch obviously looks good to me, as I already tested it :-)
>
> Thanks for fixing this up.
Thanks Amir for the fix and Jens for the spelling fixes. I'll fix them on
commit.
Honza
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] fsnotify: compile out fsnotify permission hooks if !FANOTIFY_ACCESS_PERMISSIONS
2024-01-09 18:22 [PATCH] fsnotify: compile out fsnotify permission hooks if !FANOTIFY_ACCESS_PERMISSIONS Amir Goldstein
2024-01-09 18:23 ` Jens Axboe
2024-01-10 10:11 ` Christian Brauner
@ 2024-01-10 10:47 ` Jan Kara
2 siblings, 0 replies; 5+ messages in thread
From: Jan Kara @ 2024-01-10 10:47 UTC (permalink / raw)
To: Amir Goldstein; +Cc: Christian Brauner, Jens Axboe, Jan Kara, linux-fsdevel
On Tue 09-01-24 20:22:45, Amir Goldstein wrote:
> The depency of FANOTIFY_ACCESS_PERMISSIONS on SECURITY made sure that
> the fsnotify permission hooks were never called when SECURITY was
> disabled.
>
> Moving the fsnotify permission hook out of the secutiy hook broke that
> optimisation.
>
> Reported-and-tested-by: Jens Axboe <axboe@kernel.dk>
> Closes: https://lore.kernel.org/linux-fsdevel/53682ece-f0e7-48de-9a1c-879ee34b0449@kernel.dk/
> Fixes: d9e5d31084b0 ("fsnotify: optionally pass access range in file permission hooks")
> Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Originally I didn't notice this was directed to Christian but it makes
sense since he merged the original patches. The fix looks good (modulo the
typo fixes from Jens). Feel free to add:
Reviewed-by: Jan Kara <jack@suse.cz>
Honza
> ---
> include/linux/fsnotify.h | 19 +++++++++++++++++++
> 1 file changed, 19 insertions(+)
>
> diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
> index 11e6434b8e71..8300a5286988 100644
> --- a/include/linux/fsnotify.h
> +++ b/include/linux/fsnotify.h
> @@ -100,6 +100,7 @@ static inline int fsnotify_file(struct file *file, __u32 mask)
> return fsnotify_parent(path->dentry, mask, path, FSNOTIFY_EVENT_PATH);
> }
>
> +#ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS
> /*
> * fsnotify_file_area_perm - permission hook before access to file range
> */
> @@ -145,6 +146,24 @@ static inline int fsnotify_open_perm(struct file *file)
> return fsnotify_file(file, FS_OPEN_PERM);
> }
>
> +#else
> +static inline int fsnotify_file_area_perm(struct file *file, int perm_mask,
> + const loff_t *ppos, size_t count)
> +{
> + return 0;
> +}
> +
> +static inline int fsnotify_file_perm(struct file *file, int perm_mask)
> +{
> + return 0;
> +}
> +
> +static inline int fsnotify_open_perm(struct file *file)
> +{
> + return 0;
> +}
> +#endif
> +
> /*
> * fsnotify_link_count - inode's link count changed
> */
> --
> 2.34.1
>
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-01-10 10:47 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-01-09 18:22 [PATCH] fsnotify: compile out fsnotify permission hooks if !FANOTIFY_ACCESS_PERMISSIONS Amir Goldstein
2024-01-09 18:23 ` Jens Axboe
2024-01-10 10:13 ` Jan Kara
2024-01-10 10:11 ` Christian Brauner
2024-01-10 10:47 ` Jan Kara
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).