From: Josef Bacik <josef@toxicpanda.com>
To: Amir Goldstein <amir73il@gmail.com>
Cc: Miklos Szeredi <miklos@szeredi.hu>,
Christian Brauner <brauner@kernel.org>,
linux-unionfs@vger.kernel.org
Subject: Re: [PATCH 00/15] Tidy up file permission hooks
Date: Fri, 17 Nov 2023 15:34:58 -0500 [thread overview]
Message-ID: <20231117203458.GA1516584@perftesting> (raw)
In-Reply-To: <20231114153254.1715969-1-amir73il@gmail.com>
On Tue, Nov 14, 2023 at 05:32:39PM +0200, Amir Goldstein wrote:
> Hi Christian,
>
> I realize you won't have time to review this week, but wanted to get
> this series out for review for a wider audience soon.
>
> During my work on fanotify "pre content" events [1], Jan and I noticed
> some inconsistencies in the call sites of security_file_permission()
> hooks inside rw_verify_area() and remap_verify_area().
>
> The majority of call sites are before file_start_write(), which is how
> we want them to be for fanotify "pre content" events.
>
> For splice code, there are many duplicate calls to rw_verify_area()
> for the entire range as well as for partial ranges inside iterator.
>
> This cleanup series, mostly following Jan's suggestions, moves all
> the security_file_permission() hooks before file_start_write() and
> eliminates duplicate permission hook calls in the same call chain.
>
> The last 3 patches are helpers that I used in fanotify patches to
> assert that permission hooks are called with expected locking scope.
>
> My hope is to get this work reviewed and staged in the vfs tree
> for the 6.8 cycle, so that I can send Jan fanotify patches for
> "pre content" events based on a stable branch in the vfs tree.
>
> Thanks,
> Amir.
You can add
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
to patches 1-11. Thanks,
Josef
prev parent reply other threads:[~2023-11-17 20:35 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-14 15:32 [PATCH 00/15] Tidy up file permission hooks Amir Goldstein
2023-11-14 15:32 ` [PATCH 01/15] ovl: add permission hooks outside of do_splice_direct() Amir Goldstein
2023-11-14 15:32 ` [PATCH 02/15] splice: remove permission hook from do_splice_direct() Amir Goldstein
2023-11-14 15:32 ` [PATCH 03/15] splice: move permission hook out of splice_direct_to_actor() Amir Goldstein
2023-11-14 16:08 ` Chuck Lever
2023-11-14 15:32 ` [PATCH 04/15] splice: move permission hook out of splice_file_to_pipe() Amir Goldstein
2023-11-14 15:32 ` [PATCH 05/15] splice: remove permission hook from iter_file_splice_write() Amir Goldstein
2023-11-14 15:32 ` [PATCH 06/15] remap_range: move permission hooks out of do_clone_file_range() Amir Goldstein
2023-11-14 15:32 ` [PATCH 07/15] remap_range: move file_start_write() to after permission hook Amir Goldstein
2023-11-14 15:32 ` [PATCH 08/15] btrfs: " Amir Goldstein
2023-11-14 15:32 ` [PATCH 09/15] fs: move file_start_write() into vfs_iter_write() Amir Goldstein
2023-11-14 23:42 ` Jan Harkes
2023-11-15 9:01 ` Amir Goldstein
2023-11-16 1:07 ` Jan Harkes
2023-11-14 15:32 ` [PATCH 10/15] fs: move permission hook out of do_iter_write() Amir Goldstein
2023-11-14 15:32 ` [PATCH 11/15] fs: move permission hook out of do_iter_read() Amir Goldstein
2023-11-14 15:32 ` [PATCH 12/15] fs: move kiocb_start_write() into vfs_iocb_iter_write() Amir Goldstein
2023-11-17 19:46 ` Josef Bacik
2023-11-18 9:08 ` Amir Goldstein
2023-11-14 15:35 ` [PATCH 00/15] Tidy up file permission hooks Amir Goldstein
2023-11-17 19:44 ` Josef Bacik
2023-11-18 6:59 ` Amir Goldstein
2023-11-21 11:07 ` Amir Goldstein
2023-11-21 15:41 ` Christian Brauner
2023-11-17 20:34 ` Josef Bacik [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231117203458.GA1516584@perftesting \
--to=josef@toxicpanda.com \
--cc=amir73il@gmail.com \
--cc=brauner@kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox