| Message ID | 8de8e335e07502f31011a18ec91583467dff51eb.1731433903.git.josef@toxicpanda.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | fanotify: add pre-content hooks | expand |
On Tue, Nov 12, 2024 at 6:56 PM Josef Bacik <josef@toxicpanda.com> wrote: > > From: Amir Goldstein <amir73il@gmail.com> > > Similar to FAN_ACCESS_PERM permission event, but it is only allowed with > class FAN_CLASS_PRE_CONTENT and only allowed on regular files and dirs. > > Unlike FAN_ACCESS_PERM, it is safe to write to the file being accessed > in the context of the event handler. > > This pre-content event is meant to be used by hierarchical storage > managers that want to fill the content of files on first read access. > > Signed-off-by: Amir Goldstein <amir73il@gmail.com> > --- > fs/notify/fanotify/fanotify.c | 3 ++- > fs/notify/fanotify/fanotify_user.c | 22 +++++++++++++++++++--- > include/linux/fanotify.h | 14 ++++++++++---- > include/uapi/linux/fanotify.h | 2 ++ > 4 files changed, 33 insertions(+), 8 deletions(-) > > diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c > index 2e6ba94ec405..da6c3c1c7edf 100644 > --- a/fs/notify/fanotify/fanotify.c > +++ b/fs/notify/fanotify/fanotify.c > @@ -916,8 +916,9 @@ static int fanotify_handle_event(struct fsnotify_group *group, u32 mask, > BUILD_BUG_ON(FAN_OPEN_EXEC_PERM != FS_OPEN_EXEC_PERM); > BUILD_BUG_ON(FAN_FS_ERROR != FS_ERROR); > BUILD_BUG_ON(FAN_RENAME != FS_RENAME); > + BUILD_BUG_ON(FAN_PRE_ACCESS != FS_PRE_ACCESS); > > - BUILD_BUG_ON(HWEIGHT32(ALL_FANOTIFY_EVENT_BITS) != 21); > + BUILD_BUG_ON(HWEIGHT32(ALL_FANOTIFY_EVENT_BITS) != 22); > > mask = fanotify_group_event_mask(group, iter_info, &match_mask, > mask, data, data_type, dir); > diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c > index 9cc4a9ac1515..2ec0cc9c85cf 100644 > --- a/fs/notify/fanotify/fanotify_user.c > +++ b/fs/notify/fanotify/fanotify_user.c > @@ -1633,11 +1633,23 @@ static int fanotify_events_supported(struct fsnotify_group *group, > unsigned int flags) > { > unsigned int mark_type = flags & FANOTIFY_MARK_TYPE_BITS; > + bool is_dir = d_is_dir(path->dentry); > /* Strict validation of events in non-dir inode mask with v5.17+ APIs */ > bool strict_dir_events = FAN_GROUP_FLAG(group, FAN_REPORT_TARGET_FID) || > (mask & FAN_RENAME) || > (flags & FAN_MARK_IGNORE); > > + /* > + * Filesystems need to opt-into pre-content evnets (a.k.a HSM) > + * and they are only supported on regular files and directories. > + */ > + if (mask & FANOTIFY_PRE_CONTENT_EVENTS) { > + if (!(path->mnt->mnt_sb->s_iflags & SB_I_ALLOW_HSM)) > + return -EINVAL; Should we make this return -EOPNOTSUPP? This way the LTP test could report the accurate message "FAN_PRE_ACCESS not supported in kernel" vs. "FAN_PRE_ACCESS not supported on XXX filesystem" Thanks, Amir.
On Fri 15-11-24 12:28:01, Amir Goldstein wrote: > On Tue, Nov 12, 2024 at 6:56 PM Josef Bacik <josef@toxicpanda.com> wrote: > > > > From: Amir Goldstein <amir73il@gmail.com> > > > > Similar to FAN_ACCESS_PERM permission event, but it is only allowed with > > class FAN_CLASS_PRE_CONTENT and only allowed on regular files and dirs. > > > > Unlike FAN_ACCESS_PERM, it is safe to write to the file being accessed > > in the context of the event handler. > > > > This pre-content event is meant to be used by hierarchical storage > > managers that want to fill the content of files on first read access. > > > > Signed-off-by: Amir Goldstein <amir73il@gmail.com> > > --- > > fs/notify/fanotify/fanotify.c | 3 ++- > > fs/notify/fanotify/fanotify_user.c | 22 +++++++++++++++++++--- > > include/linux/fanotify.h | 14 ++++++++++---- > > include/uapi/linux/fanotify.h | 2 ++ > > 4 files changed, 33 insertions(+), 8 deletions(-) > > > > diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c > > index 2e6ba94ec405..da6c3c1c7edf 100644 > > --- a/fs/notify/fanotify/fanotify.c > > +++ b/fs/notify/fanotify/fanotify.c > > @@ -916,8 +916,9 @@ static int fanotify_handle_event(struct fsnotify_group *group, u32 mask, > > BUILD_BUG_ON(FAN_OPEN_EXEC_PERM != FS_OPEN_EXEC_PERM); > > BUILD_BUG_ON(FAN_FS_ERROR != FS_ERROR); > > BUILD_BUG_ON(FAN_RENAME != FS_RENAME); > > + BUILD_BUG_ON(FAN_PRE_ACCESS != FS_PRE_ACCESS); > > > > - BUILD_BUG_ON(HWEIGHT32(ALL_FANOTIFY_EVENT_BITS) != 21); > > + BUILD_BUG_ON(HWEIGHT32(ALL_FANOTIFY_EVENT_BITS) != 22); > > > > mask = fanotify_group_event_mask(group, iter_info, &match_mask, > > mask, data, data_type, dir); > > diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c > > index 9cc4a9ac1515..2ec0cc9c85cf 100644 > > --- a/fs/notify/fanotify/fanotify_user.c > > +++ b/fs/notify/fanotify/fanotify_user.c > > @@ -1633,11 +1633,23 @@ static int fanotify_events_supported(struct fsnotify_group *group, > > unsigned int flags) > > { > > unsigned int mark_type = flags & FANOTIFY_MARK_TYPE_BITS; > > + bool is_dir = d_is_dir(path->dentry); > > /* Strict validation of events in non-dir inode mask with v5.17+ APIs */ > > bool strict_dir_events = FAN_GROUP_FLAG(group, FAN_REPORT_TARGET_FID) || > > (mask & FAN_RENAME) || > > (flags & FAN_MARK_IGNORE); > > > > + /* > > + * Filesystems need to opt-into pre-content evnets (a.k.a HSM) > > + * and they are only supported on regular files and directories. > > + */ > > + if (mask & FANOTIFY_PRE_CONTENT_EVENTS) { > > + if (!(path->mnt->mnt_sb->s_iflags & SB_I_ALLOW_HSM)) > > + return -EINVAL; > > Should we make this return -EOPNOTSUPP? I see no reason not to do that so go ahead. Honza
diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c index 2e6ba94ec405..da6c3c1c7edf 100644 --- a/fs/notify/fanotify/fanotify.c +++ b/fs/notify/fanotify/fanotify.c @@ -916,8 +916,9 @@ static int fanotify_handle_event(struct fsnotify_group *group, u32 mask, BUILD_BUG_ON(FAN_OPEN_EXEC_PERM != FS_OPEN_EXEC_PERM); BUILD_BUG_ON(FAN_FS_ERROR != FS_ERROR); BUILD_BUG_ON(FAN_RENAME != FS_RENAME); + BUILD_BUG_ON(FAN_PRE_ACCESS != FS_PRE_ACCESS); - BUILD_BUG_ON(HWEIGHT32(ALL_FANOTIFY_EVENT_BITS) != 21); + BUILD_BUG_ON(HWEIGHT32(ALL_FANOTIFY_EVENT_BITS) != 22); mask = fanotify_group_event_mask(group, iter_info, &match_mask, mask, data, data_type, dir); diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c index 9cc4a9ac1515..2ec0cc9c85cf 100644 --- a/fs/notify/fanotify/fanotify_user.c +++ b/fs/notify/fanotify/fanotify_user.c @@ -1633,11 +1633,23 @@ static int fanotify_events_supported(struct fsnotify_group *group, unsigned int flags) { unsigned int mark_type = flags & FANOTIFY_MARK_TYPE_BITS; + bool is_dir = d_is_dir(path->dentry); /* Strict validation of events in non-dir inode mask with v5.17+ APIs */ bool strict_dir_events = FAN_GROUP_FLAG(group, FAN_REPORT_TARGET_FID) || (mask & FAN_RENAME) || (flags & FAN_MARK_IGNORE); + /* + * Filesystems need to opt-into pre-content evnets (a.k.a HSM) + * and they are only supported on regular files and directories. + */ + if (mask & FANOTIFY_PRE_CONTENT_EVENTS) { + if (!(path->mnt->mnt_sb->s_iflags & SB_I_ALLOW_HSM)) + return -EINVAL; + if (!is_dir && !d_is_reg(path->dentry)) + return -EINVAL; + } + /* * Some filesystems such as 'proc' acquire unusual locks when opening * files. For them fanotify permission events have high chances of @@ -1670,7 +1682,7 @@ static int fanotify_events_supported(struct fsnotify_group *group, * but because we always allowed it, error only when using new APIs. */ if (strict_dir_events && mark_type == FAN_MARK_INODE && - !d_is_dir(path->dentry) && (mask & FANOTIFY_DIRONLY_EVENT_BITS)) + !is_dir && (mask & FANOTIFY_DIRONLY_EVENT_BITS)) return -ENOTDIR; return 0; @@ -1771,10 +1783,14 @@ static int do_fanotify_mark(int fanotify_fd, unsigned int flags, __u64 mask, return -EPERM; /* - * Permission events require minimum priority FAN_CLASS_CONTENT. + * Permission events are not allowed for FAN_CLASS_NOTIF. + * Pre-content permission events are not allowed for FAN_CLASS_CONTENT. */ if (mask & FANOTIFY_PERM_EVENTS && - group->priority < FSNOTIFY_PRIO_CONTENT) + group->priority == FSNOTIFY_PRIO_NORMAL) + return -EINVAL; + else if (mask & FANOTIFY_PRE_CONTENT_EVENTS && + group->priority == FSNOTIFY_PRIO_CONTENT) return -EINVAL; if (mask & FAN_FS_ERROR && diff --git a/include/linux/fanotify.h b/include/linux/fanotify.h index 89ff45bd6f01..c747af064d2c 100644 --- a/include/linux/fanotify.h +++ b/include/linux/fanotify.h @@ -89,6 +89,16 @@ #define FANOTIFY_DIRENT_EVENTS (FAN_MOVE | FAN_CREATE | FAN_DELETE | \ FAN_RENAME) +/* Content events can be used to inspect file content */ +#define FANOTIFY_CONTENT_PERM_EVENTS (FAN_OPEN_PERM | FAN_OPEN_EXEC_PERM | \ + FAN_ACCESS_PERM) +/* Pre-content events can be used to fill file content */ +#define FANOTIFY_PRE_CONTENT_EVENTS (FAN_PRE_ACCESS) + +/* Events that require a permission response from user */ +#define FANOTIFY_PERM_EVENTS (FANOTIFY_CONTENT_PERM_EVENTS | \ + FANOTIFY_PRE_CONTENT_EVENTS) + /* Events that can be reported with event->fd */ #define FANOTIFY_FD_EVENTS (FANOTIFY_PATH_EVENTS | FANOTIFY_PERM_EVENTS) @@ -104,10 +114,6 @@ FANOTIFY_INODE_EVENTS | \ FANOTIFY_ERROR_EVENTS) -/* Events that require a permission response from user */ -#define FANOTIFY_PERM_EVENTS (FAN_OPEN_PERM | FAN_ACCESS_PERM | \ - FAN_OPEN_EXEC_PERM) - /* Extra flags that may be reported with event or control handling of events */ #define FANOTIFY_EVENT_FLAGS (FAN_EVENT_ON_CHILD | FAN_ONDIR) diff --git a/include/uapi/linux/fanotify.h b/include/uapi/linux/fanotify.h index 79072b6894f2..7596168c80eb 100644 --- a/include/uapi/linux/fanotify.h +++ b/include/uapi/linux/fanotify.h @@ -27,6 +27,8 @@ #define FAN_OPEN_EXEC_PERM 0x00040000 /* File open/exec in perm check */ /* #define FAN_DIR_MODIFY 0x00080000 */ /* Deprecated (reserved) */ +#define FAN_PRE_ACCESS 0x00100000 /* Pre-content access hook */ + #define FAN_EVENT_ON_CHILD 0x08000000 /* Interested in child events */ #define FAN_RENAME 0x10000000 /* File was renamed */