From patchwork Thu Nov 21 11:22:08 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jan Kara <jack@suse.cz>
X-Patchwork-Id: 13881878
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1445BD6ED0A
	for <linux-mm@archiver.kernel.org>; Thu, 21 Nov 2024 11:22:58 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 4C3EA6B009D; Thu, 21 Nov 2024 06:22:32 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 427846B009A; Thu, 21 Nov 2024 06:22:32 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id D9C896B009C; Thu, 21 Nov 2024 06:22:31 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com
 [216.40.44.12])
	by kanga.kvack.org (Postfix) with ESMTP id 981356B0098
	for <linux-mm@kvack.org>; Thu, 21 Nov 2024 06:22:31 -0500 (EST)
Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay08.hostedemail.com (Postfix) with ESMTP id 4D1751408D2
	for <linux-mm@kvack.org>; Thu, 21 Nov 2024 11:22:31 +0000 (UTC)
X-FDA: 82809862548.24.BD9DE18
Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131])
	by imf30.hostedemail.com (Postfix) with ESMTP id 9ECB680012
	for <linux-mm@kvack.org>; Thu, 21 Nov 2024 11:20:49 +0000 (UTC)
Authentication-Results: imf30.hostedemail.com;
	dkim=none;
	dmarc=none;
	spf=pass (imf30.hostedemail.com: domain of jack@suse.cz designates
 195.135.223.131 as permitted sender) smtp.mailfrom=jack@suse.cz
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1732187963;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=2V7tsYsqblT0Jk2QwQR8AYBJzO43fONLqJAw5ucdF9Q=;
	b=EcSQzp8ZGcvRH9oSrA5pWAlwVoMfuxV2IPHHLKp9rhEfzVUCbOBepgGu2ZGr+XKkqbXr07
	GuK1h/lkn9JYjecIzDMfJOYL/5CxZUD+he0EnO3VGjXaH6qOvk9Efffqds2akHuBqeP3Y9
	d+OLwuvf0rKXUyJNMA1A6Ly/K1ikoAI=
ARC-Authentication-Results: i=1;
	imf30.hostedemail.com;
	dkim=none;
	dmarc=none;
	spf=pass (imf30.hostedemail.com: domain of jack@suse.cz designates
 195.135.223.131 as permitted sender) smtp.mailfrom=jack@suse.cz
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1732187963; a=rsa-sha256;
	cv=none;
	b=Lhu5cBq+Ctfxe3KULAm7ikY565u4VHlhlZ9w2nGsYHto5hEl7mEISgh2pGkyRKBMqGDc8G
	MLs83sfH+6360HIGJmIwIhj0qRaXYS6rpzinSl88DfeJjFsxSnpXe2yDABKjvjXn/1Cxmp
	Pm3oi0NZimBuBWLlf/LqwCNZmNUBd5g=
Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org
 [IPv6:2a07:de40:b281:104:10:150:64:97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-out2.suse.de (Postfix) with ESMTPS id 8DE2F1F7FE;
	Thu, 21 Nov 2024 11:22:24 +0000 (UTC)
Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 825C113AC9;
	Thu, 21 Nov 2024 11:22:24 +0000 (UTC)
Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])
	by imap1.dmz-prg2.suse.org with ESMTPSA
	id IL/SH/AXP2c8fwAAD6G6ig
	(envelope-from <jack@suse.cz>); Thu, 21 Nov 2024 11:22:24 +0000
Received: by quack3.suse.cz (Postfix, from userid 1000)
	id 126D1A0922; Thu, 21 Nov 2024 12:22:24 +0100 (CET)
From: Jan Kara <jack@suse.cz>
To: <linux-fsdevel@vger.kernel.org>
Cc: Amir Goldstein <amir73il@gmail.com>,
	Josef Bacik <josef@toxicpanda.com>,
	brauner@kernel.org,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Al Viro <viro@ZenIV.linux.org.uk>,
	linux-xfs@vger.kernel.org,
	linux-btrfs@vger.kernel.org,
	linux-ext4@vger.kernel.org,
	linux-mm@kvack.org,
	Jan Kara <jack@suse.cz>
Subject: [PATCH 09/19] fsnotify: generate pre-content permission event on
 truncate
Date: Thu, 21 Nov 2024 12:22:08 +0100
Message-Id: <20241121112218.8249-10-jack@suse.cz>
X-Mailer: git-send-email 2.35.3
In-Reply-To: <20241121112218.8249-1-jack@suse.cz>
References: <20241121112218.8249-1-jack@suse.cz>
MIME-Version: 1.0
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Rspamd-Action: no action
X-Rspamd-Server: rspam04
X-Rspamd-Queue-Id: 9ECB680012
X-Stat-Signature: i9ew7u5z69k5wye9ss7xsjfkknhtkjry
X-Rspam-User: 
X-HE-Tag: 1732188049-22445
X-HE-Meta: 
 U2FsdGVkX19Giyi3B+q8iC8e+5EKX/RuXM4RUzE7ynyFnfKPdFAySj9tcssiX+Sksj8Yxt7UyZt2thDJRFrt10OFjNdxSD6wQS83TkcdHAlSXnf5xnPmAfN9pB6CW+8zzedIla3u0lkfQvnesRsO/lPoDN8DRy9ieLAHXnxGqmisuOTbJG6fTjDds9rv3ET9bAcN9+Hjz3WpPwgG/pI6hg70PtNvu8LXBEdxJEz+g6/xo3JkDHysMnvfooJl5nCwmbmzgUMTmnGrQC8ydMVwmWoFPDqH6ZDemSZS5gzCw0b68QwlGU14DnYlfFT+jVUnTBC0bYBbTnG/Lxb5qMDkvmSWywwEFQBc3+DuQiZJtRGIuCkeh/0/L0TlOgbXaDBTakmrkU1PFOktqqHy10ti+D7MiCxy/3FGO65cJrEQ7aCrTBUq7qhJJznas7PC4pBwNeq3weCXeOBwHdD3KNPVxqfbiHi37Vzx+Diz4ayIpNAwS9jVR5sXXvjHWD3T/v6AQUQIFtCAGRwZLiWL1Fd7soLBjLQ1vnOeJRadBNt1rqDDpMHCkKhZzIoO0LywLXRvbBtgSOLEZe7lt22ZS7eaIWBHtrdTRC8ewkOKW5u5Jdaetc2bVxCUdeWNktJVhWbgPiAOw6hitvCVTA6+bXUSSzThCOyiADJ6a6nY+rfRtooNmbYIvq1xmf0+8DZddDIXlQzgBnV/DS1S2M217PCVPRs1MpOGgKFxnjyH5kElrD0vC4DWaCatwO4yPk+d+VddbXF8LVqlQG6IXRSZ3Nd1R29AO1z+jpjvDfEqz/t/tqnT0RIVwMG8E0QW2+SEwg/Dj4cQP/rAdj53jBVkR2r5JnTWrv0gXgtmwwGti8BTiNOioz460DxBxGUAUJEskpw/Y9ZdX2DNoS4U75iuvoqVmOeC6qqEkjjE/8hQsqiZHOkaltEeJcYw7JHIoJYy/FgrDeh04jAIYrU5IydYXyX
 Nz0swTEz
 HwBo4AHNMO0ZTimCPzlSg+ckqSLCXJ6E19gnmEYkVvJdomRP/0jn+kVok4T+frZwjxu4TS38EJsnWFujM+MbstdoxXQ0TttcVDqxdsZNdIC5lfAxnU5kK/TAji31G+9chZx/zp5lqC3uwHXxHt9NDk2D9EbU099H8boc+/xhhpu53hG9Xe1DDScxhb7Ll7EI6axV9Yhv9BswUtm3W8lMjcvUlFu6jDl83hbyz30paySPo23H0TmPOQ6SozDTGFDNPLuQTnhylqDhFCLJZa3/o7rIBiw==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

From: Amir Goldstein <amir73il@gmail.com>

Generate FS_PRE_ACCESS event before truncate, without sb_writers held.

Move the security hooks also before sb_start_write() to conform with
other security hooks (e.g. in write, fallocate).

The event will have a range info of the page surrounding the new size
to provide an opportunity to fill the conetnt at the end of file before
truncating to non-page aligned size.

Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://patch.msgid.link/23af8201db6ac2efdea94f09ab067d81ba5de7a7.1731684329.git.josef@toxicpanda.com
---
 fs/open.c                | 31 +++++++++++++++++++++----------
 include/linux/fsnotify.h | 20 ++++++++++++++++++++
 2 files changed, 41 insertions(+), 10 deletions(-)

diff --git a/fs/open.c b/fs/open.c
index 9b1fa59d52bf..f7bd176545f5 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -81,14 +81,18 @@ long vfs_truncate(const struct path *path, loff_t length)
 	if (!S_ISREG(inode->i_mode))
 		return -EINVAL;
 
-	error = mnt_want_write(path->mnt);
-	if (error)
-		goto out;
-
 	idmap = mnt_idmap(path->mnt);
 	error = inode_permission(idmap, inode, MAY_WRITE);
 	if (error)
-		goto mnt_drop_write_and_out;
+		return error;
+
+	error = fsnotify_truncate_perm(path, length);
+	if (error)
+		return error;
+
+	error = mnt_want_write(path->mnt);
+	if (error)
+		return error;
 
 	error = -EPERM;
 	if (IS_APPEND(inode))
@@ -114,7 +118,7 @@ long vfs_truncate(const struct path *path, loff_t length)
 	put_write_access(inode);
 mnt_drop_write_and_out:
 	mnt_drop_write(path->mnt);
-out:
+
 	return error;
 }
 EXPORT_SYMBOL_GPL(vfs_truncate);
@@ -175,11 +179,18 @@ long do_ftruncate(struct file *file, loff_t length, int small)
 	/* Check IS_APPEND on real upper inode */
 	if (IS_APPEND(file_inode(file)))
 		return -EPERM;
-	sb_start_write(inode->i_sb);
+
 	error = security_file_truncate(file);
-	if (!error)
-		error = do_truncate(file_mnt_idmap(file), dentry, length,
-				    ATTR_MTIME | ATTR_CTIME, file);
+	if (error)
+		return error;
+
+	error = fsnotify_truncate_perm(&file->f_path, length);
+	if (error)
+		return error;
+
+	sb_start_write(inode->i_sb);
+	error = do_truncate(file_mnt_idmap(file), dentry, length,
+			    ATTR_MTIME | ATTR_CTIME, file);
 	sb_end_write(inode->i_sb);
 
 	return error;
diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
index 87044acf8e79..1a9ef8f6784d 100644
--- a/include/linux/fsnotify.h
+++ b/include/linux/fsnotify.h
@@ -170,6 +170,21 @@ static inline int fsnotify_file_area_perm(struct file *file, int perm_mask,
 	return fsnotify_path(&file->f_path, FS_ACCESS_PERM);
 }
 
+/*
+ * fsnotify_truncate_perm - permission hook before file truncate
+ */
+static inline int fsnotify_truncate_perm(const struct path *path, loff_t length)
+{
+	struct inode *inode = d_inode(path->dentry);
+
+	if (!(inode->i_sb->s_iflags & SB_I_ALLOW_HSM) ||
+	    !fsnotify_sb_has_priority_watchers(inode->i_sb,
+					       FSNOTIFY_PRIO_PRE_CONTENT))
+		return 0;
+
+	return fsnotify_pre_content(path, &length, 0);
+}
+
 /*
  * fsnotify_file_perm - permission hook before file access (unknown range)
  */
@@ -208,6 +223,11 @@ static inline int fsnotify_file_area_perm(struct file *file, int perm_mask,
 	return 0;
 }
 
+static inline int fsnotify_truncate_perm(const struct path *path, loff_t length)
+{
+	return 0;
+}
+
 static inline int fsnotify_file_perm(struct file *file, int perm_mask)
 {
 	return 0;