From patchwork Fri Nov 15 15:30:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13876446 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0F161D68BC8 for ; Fri, 15 Nov 2024 15:31:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8720D6B0099; Fri, 15 Nov 2024 10:31:39 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 7FB226B009A; Fri, 15 Nov 2024 10:31:39 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6750E6B009B; Fri, 15 Nov 2024 10:31:39 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 46BC66B0099 for ; Fri, 15 Nov 2024 10:31:39 -0500 (EST) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 0C9371418E7 for ; Fri, 15 Nov 2024 15:31:39 +0000 (UTC) X-FDA: 82788716556.09.6967C74 Received: from mail-yw1-f182.google.com (mail-yw1-f182.google.com [209.85.128.182]) by imf08.hostedemail.com (Postfix) with ESMTP id E27E416001D for ; Fri, 15 Nov 2024 15:31:06 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=toxicpanda-com.20230601.gappssmtp.com header.s=20230601 header.b=CtSXebim; dmarc=none; spf=none (imf08.hostedemail.com: domain of josef@toxicpanda.com has no SPF policy when checking 209.85.128.182) smtp.mailfrom=josef@toxicpanda.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1731684565; a=rsa-sha256; cv=none; b=bQduX9X7dTD9H+bmDNlj3rtaBhEvT8PHSvir8B4lddClsfTwYdsVDxe0Dw2kEDZR0RMPrn Sq6sQ1mnfYxgGTOztQeub7X747wpko/KflMrIaW+XQI0J/SjuxoA1xB9kacB1xUQEdy/Mo jrmVTrDp4UD5LYjB+n0UhPWgR2ktdpY= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=toxicpanda-com.20230601.gappssmtp.com header.s=20230601 header.b=CtSXebim; dmarc=none; spf=none (imf08.hostedemail.com: domain of josef@toxicpanda.com has no SPF policy when checking 209.85.128.182) smtp.mailfrom=josef@toxicpanda.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1731684565; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=fc94RDUI6NSDstxP0CCSGWYRtQ6KzVO9XtXkr+KxT+s=; b=Qr0WfjH98g0gdAt0qh3f9fglg9o//R1sLm1js6lv7HAtI7rERo83GcCmmvju1zr0CHl43Q aXJfg1Dwu3PnLTY/e5waZAuPRyMfI4RbLhOyqI4/+17bscyUE/Rh8gLc8vXjbGzPGDSEQz rXH4jDHF+c3Rur4SQWiOFakdLEQ8i2M= Received: by mail-yw1-f182.google.com with SMTP id 00721157ae682-6e377e4aea3so16029237b3.3 for ; Fri, 15 Nov 2024 07:31:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1731684696; x=1732289496; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=fc94RDUI6NSDstxP0CCSGWYRtQ6KzVO9XtXkr+KxT+s=; b=CtSXebimwf4rz2FISjlAgQKaxf7BhkDFtfHgoq2DPbaBX3CpadboGbYpqpM2vvcOYp gWpRMhhkjuVwbWf7LahIqM/RgAFSjgg06LRg2pmpaUnI89RDBN4Qt0EAKzTInwPrpszc CkttiFxbNrkM/SJ7nBzhZhQy85nu9DgR9a17fCJrqXRV2nS2yCAnSYOnEPMJm3bW2dlB RtdIFIKjBqeRcDpkbw+GtrSubhh0Touf+gITEfnjTrNMiPu70N1TZWCbdav81PBMRgAD ZkSfRWEr3RNRFs9WQCKKOZC+eolPjo3fCTwh0ljW4aoan9gXMLSdhokx0xrCMDJcutIM q91A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731684696; x=1732289496; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fc94RDUI6NSDstxP0CCSGWYRtQ6KzVO9XtXkr+KxT+s=; b=B3UMF65CUkaMZtZLLgR6/w6+Mm5rf4YzgS5urkl2HWugDLqjHkR2NX8qk5N+TVhlcy JGZcXrPNpIsE9qjv7x+62CHlhR5FuavkXwSf3MzoVIufziLHwTw5GppL0NEtmmoJix4y rfaGjsRkHWclI9/o3T2pXPwwpnyDvaoQOePwjomKgGsmn2e664dSQz+13iz7KgQPyp8+ DC/oaXYEDD3fc36XD+ZoAI/QkRp9tL2LcdWnUSXWiH6q6wxFZ98l6008s2D4990fCQs0 UjwgI+H80mDxA/Rw0xtQQgO/RhyW568abhJZzi4DOEBouSv9yofGKsd753BqE18Dd+dV 9Qrw== X-Forwarded-Encrypted: i=1; AJvYcCXfQ+lgowT/kD2xiQsjPP1939R0NonjfaPZ5pawcHW2cN7tO9W9TpjC/eVoxOH7TCxS7D5LNf8+uw==@kvack.org X-Gm-Message-State: AOJu0YyRV4sWWJATg8DLJ6mENq6ccKPBVyGG8qW94Q+V6hRV15gfk7Hr 8EnsNgJfVxvrnROHcBKE4ticAhtnEpTPECBwswDSH1tfuC54dbf9DwiZinAjjYQ= X-Google-Smtp-Source: AGHT+IF/6XDeCM5HdGyZ+bKpb7CwsA0grIiF+sgXOFU/Ezrvf0/YQwsV5K3Q/P9oh37dfkgoQYNabg== X-Received: by 2002:a05:690c:610f:b0:6e3:31e8:7155 with SMTP id 00721157ae682-6ee55ef7f91mr39398227b3.40.1731684696301; Fri, 15 Nov 2024 07:31:36 -0800 (PST) Received: from localhost (syn-076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id 00721157ae682-6ee6dfe1a17sm202557b3.64.2024.11.15.07.31.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Nov 2024 07:31:35 -0800 (PST) From: Josef Bacik To: kernel-team@fb.com, linux-fsdevel@vger.kernel.org, jack@suse.cz, amir73il@gmail.com, brauner@kernel.org, torvalds@linux-foundation.org, viro@zeniv.linux.org.uk, linux-xfs@vger.kernel.org, linux-btrfs@vger.kernel.org, linux-mm@kvack.org, linux-ext4@vger.kernel.org Subject: [PATCH v8 09/19] fsnotify: generate pre-content permission event on truncate Date: Fri, 15 Nov 2024 10:30:22 -0500 Message-ID: <23af8201db6ac2efdea94f09ab067d81ba5de7a7.1731684329.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 X-Rspamd-Queue-Id: E27E416001D X-Stat-Signature: oc79sozctktn546owyuqpxcpbtcd81tt X-Rspam-User: X-Rspamd-Server: rspam05 X-HE-Tag: 1731684666-196685 X-HE-Meta: U2FsdGVkX1/DZdFYpX0iAIDi++lOKpVV+Bwurq7VdnA+qiVARQ6/7ly9bXkvRM3xagIgW5auOiI+tJtiUGbM0y0jwZUPTQcCtov0ggwp5nO4s1eiLH9x2QhY2wkEiCO5wmli2RwugD+FhNgcd3OjsKGu2GVmT27FDZItLs+ISoLlW2ZtJG1Km8Fgr9U/Ujce4fOzSyYODiGd0Fb/eikJFBtlh3u7umvNtt0VgygHzV0goC9/D9orHfubhp0ZOkuZAhz6fToeegt9lIlaxYwN13mJJCBpnvw9l0T5/aR8cw91XBcJMZhhlew1pJImUdWM1v2LW2YCjVH7BoGg5gvFm8Yur7dtQt3QElsv4kiMXJVfbBMotAuSr9BSuMAyoKVasfauyFay0+EMyf7y1DG+CqX6de0zG33EGqJ7JEiMyyQuN7olLundr35Q2HpjZbK6IlnIogR0uLLC3qPJpqSduCNqvAmsTrVTXQb6aunGWKag9YkG44soVBNzS/HsBwNFKkd5hpC8AjPm4IF4ZvZ4usOXNv8cISEW/qpxIk9Ru2KohmjGNQUvCtZO2NAx4ejYAova6zZ8GgTpTM8GcKUklzllPBX22DcJb42t2tQmKd6sH7K82bxhnpX2pGI2XFgn4vlc5hUt9r0yXGgkARLbW9prAVxXhUeNuT4oKKcM6Ouz+ub26AuB2e1B8UYeUaaYY6oTZkc2wWE9Mr5p9nU3y+mYlhmjpmIs7FHrqUxNDUfIWc+3RGk2s0GYu7rwvulz5eMnPInVgKlhR4TV/ZUWjtE4CFf23MWd6acpNkVwGoMxkB8hrHqkKfFg+k5td4FAZmxF1hycQd0VZ1FaWJivKJUlu/f6/orR8kUxE2ibZ+4dv16fs0Sm0Hw2HvofgBH1NLhW0qloPk7e0S9qzvVR8TXJeCI0jnXrpIbaxg9BRwk4ZF/y2m0RLsg1Zs3LK43XAseNAGyzqX8ZzXvKAWl Ni49w0p4 HHRHh/Cjh9Tq8ftNOafnmr/V4+09W3kK+442NVQP7imGy5IuD1bCAbZVTTahCmeXH6+wTc+/QIofm37+Tl7n3jbBSnUebxJArStARBl4kvSe1Ce+NMAAUUnyuZ7aN59JdBe6nrNCbIjmdJHE72BjpUTDXlXU/deVOblhyjJVdokw7YF3F2QrIi97JfWNxLjRRV/4x3SpKWdTOgXA2k4Z1DsasovO4zk0541ULCZeMm5s8xvTnRFiXI3efWEafACUP9WDGQaIQfg9Vmw96YNLovociNurlNPaZhbwvJulSscKz86DHO+s8I8MsareaDoD/d7xE71TExDc8hgT8eiCzUEAuHQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000001, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Amir Goldstein Generate FS_PRE_ACCESS event before truncate, without sb_writers held. Move the security hooks also before sb_start_write() to conform with other security hooks (e.g. in write, fallocate). The event will have a range info of the page surrounding the new size to provide an opportunity to fill the conetnt at the end of file before truncating to non-page aligned size. Signed-off-by: Amir Goldstein --- fs/open.c | 31 +++++++++++++++++++++---------- include/linux/fsnotify.h | 20 ++++++++++++++++++++ 2 files changed, 41 insertions(+), 10 deletions(-) diff --git a/fs/open.c b/fs/open.c index 1a9483872e1f..d11d373dca80 100644 --- a/fs/open.c +++ b/fs/open.c @@ -81,14 +81,18 @@ long vfs_truncate(const struct path *path, loff_t length) if (!S_ISREG(inode->i_mode)) return -EINVAL; - error = mnt_want_write(path->mnt); - if (error) - goto out; - idmap = mnt_idmap(path->mnt); error = inode_permission(idmap, inode, MAY_WRITE); if (error) - goto mnt_drop_write_and_out; + return error; + + error = fsnotify_truncate_perm(path, length); + if (error) + return error; + + error = mnt_want_write(path->mnt); + if (error) + return error; error = -EPERM; if (IS_APPEND(inode)) @@ -114,7 +118,7 @@ long vfs_truncate(const struct path *path, loff_t length) put_write_access(inode); mnt_drop_write_and_out: mnt_drop_write(path->mnt); -out: + return error; } EXPORT_SYMBOL_GPL(vfs_truncate); @@ -175,11 +179,18 @@ long do_ftruncate(struct file *file, loff_t length, int small) /* Check IS_APPEND on real upper inode */ if (IS_APPEND(file_inode(file))) return -EPERM; - sb_start_write(inode->i_sb); + error = security_file_truncate(file); - if (!error) - error = do_truncate(file_mnt_idmap(file), dentry, length, - ATTR_MTIME | ATTR_CTIME, file); + if (error) + return error; + + error = fsnotify_truncate_perm(&file->f_path, length); + if (error) + return error; + + sb_start_write(inode->i_sb); + error = do_truncate(file_mnt_idmap(file), dentry, length, + ATTR_MTIME | ATTR_CTIME, file); sb_end_write(inode->i_sb); return error; diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h index ce189b4778a5..08893429a818 100644 --- a/include/linux/fsnotify.h +++ b/include/linux/fsnotify.h @@ -217,6 +217,21 @@ static inline int fsnotify_file_area_perm(struct file *file, int perm_mask, return fsnotify_path(&file->f_path, FS_ACCESS_PERM); } +/* + * fsnotify_truncate_perm - permission hook before file truncate + */ +static inline int fsnotify_truncate_perm(const struct path *path, loff_t length) +{ + struct inode *inode = d_inode(path->dentry); + + if (!(inode->i_sb->s_iflags & SB_I_ALLOW_HSM) || + !fsnotify_sb_has_priority_watchers(inode->i_sb, + FSNOTIFY_PRIO_PRE_CONTENT)) + return 0; + + return fsnotify_pre_content(path, &length, 0); +} + /* * fsnotify_file_perm - permission hook before file access (unknown range) */ @@ -255,6 +270,11 @@ static inline int fsnotify_file_area_perm(struct file *file, int perm_mask, return 0; } +static inline int fsnotify_truncate_perm(const struct path *path, loff_t length) +{ + return 0; +} + static inline int fsnotify_file_perm(struct file *file, int perm_mask) { return 0;