From patchwork Tue Nov 12 17:55:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13872727 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6FC6FD42BBA for ; Tue, 12 Nov 2024 17:56:33 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 695F16B009C; Tue, 12 Nov 2024 12:56:32 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 5F8E56B00FA; Tue, 12 Nov 2024 12:56:32 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 44A856B00F9; Tue, 12 Nov 2024 12:56:32 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 2771A6B009C for ; Tue, 12 Nov 2024 12:56:32 -0500 (EST) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id BFE19A013B for ; Tue, 12 Nov 2024 17:56:31 +0000 (UTC) X-FDA: 82778197026.11.A48ACC3 Received: from mail-yb1-f170.google.com (mail-yb1-f170.google.com [209.85.219.170]) by imf18.hostedemail.com (Postfix) with ESMTP id 5FC691C0021 for ; Tue, 12 Nov 2024 17:56:11 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=toxicpanda-com.20230601.gappssmtp.com header.s=20230601 header.b=qgeyXOY3; dmarc=none; spf=none (imf18.hostedemail.com: domain of josef@toxicpanda.com has no SPF policy when checking 209.85.219.170) smtp.mailfrom=josef@toxicpanda.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1731434013; a=rsa-sha256; cv=none; b=Fv+J6luScIjNK8nQyqsOOlUggEzD2ShjCZmyqR2owKBAejkIfDL+QZdT3Lcgkh+Xe82Qv/ 8W6v1FUhPutguMRZrmwa4Nq/+DGLDUiwQtBAgDYO80ZHD2dUQyyEf9MEq/RX7CnTIH58Bm RbJusRO+KPPucmgi9mGLN4+kVWrjvQ8= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=toxicpanda-com.20230601.gappssmtp.com header.s=20230601 header.b=qgeyXOY3; dmarc=none; spf=none (imf18.hostedemail.com: domain of josef@toxicpanda.com has no SPF policy when checking 209.85.219.170) smtp.mailfrom=josef@toxicpanda.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1731434013; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=mq4eCWj3WcSxvhXcUvd/jAH4xfodB1FzV8Pinzx/1+k=; b=xEta52s3WFdsJeJb3R3onBf9efk1MsHFKlpXYVXi296pwfpn9zDSSFnwZoPqVajSBbIFh9 4oljYPKR1JO6I5PfuDGK87lb6H+FhwUybn4tT7joYmhvtkTSznFxLAaR7jEOQqpFfkQtq5 Lh5BmNAiKcdQhWhcPOjmI4TWRKvgyts= Received: by mail-yb1-f170.google.com with SMTP id 3f1490d57ef6-e30d212b6b1so5575395276.0 for ; Tue, 12 Nov 2024 09:56:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1731434189; x=1732038989; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=mq4eCWj3WcSxvhXcUvd/jAH4xfodB1FzV8Pinzx/1+k=; b=qgeyXOY3PGjE+35JBg5sG3slSk8U+tor2e31bykNIx+rYCaEIyKVnp5rd6Eo4ML7OR orLiklGcphQgTy29ygFrjQdI79bqGxy+AqXk0cFU74YAOvhNhRiJP7Twb4GEy8e/zKX6 B9oFQwKWExbNq+qCmFcKxNmhit/MYHU7d+gqoShkSKU03PhAVvBYMxMn0RIBnbShsMtp dtoZzu8q2/4eouxaKcZLBhRZ+IOaqLQk2SzT5vlC/9JTtt+/u8njRDK2tAO/jqk+XTWb mr/PSjNx7gXGVCrQ21aavYriAvUzlvXZQglNsCcOcM3MVsLvbbsII8kBsB+P+HIogWV2 GnTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731434189; x=1732038989; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mq4eCWj3WcSxvhXcUvd/jAH4xfodB1FzV8Pinzx/1+k=; b=VtfcnelEyeeNTCsFiR1lZz+1x4SkC90Fdso1XAIZZvq0aiXFGDYMiSF5DHUngUmPQ0 7wCIu5mReYzvfPRUfUGdljmN8nZo5NTrTdEgpxA7VPsQWZ5uqdcVnw0UUoPC1OxM2ugo 2pAQyAYCZEJtjveImyqRDAH3x0FmV93035GeGKOLuXGOuXKbmmwbJviE/CJ/ggQDKMyf 3mLghYGItP+B/QeWqaluFUD3c5aflNiH8uqpBOGGx75WCrHxulrYaApw7st+LlSV24WI e0BLxJOLmkqUS6lYa/ETtVnhBZnK4mbSPoLH9JJ12DVY6Gehu0dJ2tqlUpDrhUi9sFsa VD9Q== X-Forwarded-Encrypted: i=1; AJvYcCXzNs4s6Po9CkmVOejtzCOF7bet3YgWwqx/iZVXftqQaUekPwysymgQo9H9mKcvGqPRzGuTOsoQFA==@kvack.org X-Gm-Message-State: AOJu0Ywizt+CWUmQAvay+T9zuir7RW/1KCe8Mm2ACbn+vNJK4Ig9WpHf kc33Z6iAhZiyIpOXX5jCQysMrk9RnSXHDH7IibPysTZxLFql7qmZoadqJuLvsvI= X-Google-Smtp-Source: AGHT+IFBKT6JokrQIp6S+zAuePqtp2Pbd6mVXpN9BpEETDu72cZLQs4+EA2DJXpbqyUYUXFat/YoBg== X-Received: by 2002:a05:6902:2890:b0:e30:bbf9:993 with SMTP id 3f1490d57ef6-e337f861472mr15084106276.20.1731434189089; Tue, 12 Nov 2024 09:56:29 -0800 (PST) Received: from localhost (syn-076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id 3f1490d57ef6-e336ef20671sm2885707276.20.2024.11.12.09.56.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Nov 2024 09:56:28 -0800 (PST) From: Josef Bacik To: kernel-team@fb.com, linux-fsdevel@vger.kernel.org, jack@suse.cz, amir73il@gmail.com, brauner@kernel.org, torvalds@linux-foundation.org, linux-xfs@vger.kernel.org, linux-btrfs@vger.kernel.org, linux-mm@kvack.org, linux-ext4@vger.kernel.org Subject: [PATCH v7 01/18] fsnotify: opt-in for permission events at file_open_perm() time Date: Tue, 12 Nov 2024 12:55:16 -0500 Message-ID: <8c8e9452d153a1918470cbe52a8eb6505c675911.1731433903.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 X-Stat-Signature: gbjoz7a8qjg965ijked41c78pkkexwnp X-Rspamd-Queue-Id: 5FC691C0021 X-Rspamd-Server: rspam08 X-Rspam-User: X-HE-Tag: 1731434171-858579 X-HE-Meta: U2FsdGVkX18tycvEnkWQXJEPaXJFYhQ25QvjlovrkaRb4I77DVAUpRuiSy7RfI1rhA9ZIDz5i/gm7W/12lKcLv3SF26tlYEkG+hA1MsucqCn30eCSYkC3gsgWD6deLvMyU6uYqQYN+5TwFw6ScAW/uJebgoXbQtWce+TH+DlKW9gcUKG9pbnTuQsc2pAvF53q8BPaoAtX3w3s+5YprGXL5DU+dlion3Pr+Z9s0dbZpLy5lbFH/vfQEv8x43Nj4CJh6ZyPeddEGghGt8Lrv1cO5x+DSl7/gW9r+tecuI9palt+xXsYw+2OR75rGHXt9cpjfZ240MnGAX/y4Ixm/9Mpgit8vg0HUCdnd1D+RNhfnsqapJvrG9tGHshHolcrR+MVEwRPr1rCRWehtmBrfApXp90aNnu6GztKCPHs9jCM1x5qdHo1vXJl/yWCZkJSc3V+0vXMkxIl/lI7rMA0A+vwZGBCMnifuCghlXHB9dQuI7xeV5F7Zk1TdZUPBWZf/LdX/gBZ3EjUm/KFHYxuKyvuX9MDXiPY0zViUKmR98WMqTfUPDvAHdug0yZPa1dnGZ/6DBZ0fFaHRCnzjYTizy3Z6g77Mej+V1U947LwfxaPsGQKtRjYbGzf8zZWdnGUu2hjPlg5fpIIrj2pAyIYxW/8alMg6dYfrkxMvKBCkEybh35OFvHm/d6m3CQ77aEcUbNXU4ZKEIBKuxFaNaePLWUqiLPVozIaX01I7JiFoB0OKkitinR8Q5SR24OUJpj2rijAw6sFQ34f9JTJAvYb5wKRkI5OQ1ZQst2YkZzi0ptvEJX3KMilcMnazP7gW8sB6Nyo36KfNZhbFxwSqbD6LheALaQJ+FJamhEw1XTlVesvP7pU7ZACcIfHEaC6gcWDvMD9jS98/QcMxN3ra0bjT+rMuekkz+0p/4n3CXw3rROy6RXbR2+vmN+cDrBZ1ZA3utget/W7yIBPlSHIYThhp0 SKf3aZm+ feBIkhOSc8rMNscja5r3taK2sXR3LxoIzYEu5exS/BCIMciXrrt8ekKLt4R5mt1Od4K1smAwJH26W/frI7PJ9RRrkrYtgHKT/XiNQiq+jVKQZMlLziiX7nh/fRx4AkT3qjrZRxw99BEbHllP3fvz8/x6xVEZKre5KvBqmTqLigQcrnOEKiV6TFAjXyXGPVbO2U1DXjDylcZKpS3hu3J5vAAVCoYmjV2vu/J3JY8723TeXMZFcFu4o6BPtxvayFitvNqlEJQUJ9sqxfhFbC5o+fNJeWL5rUAh8+Y66NzMU6j1Cgus4E2Gf2DimLj3KGAH2kjlpCHsesMXk2mxhc0BKFla6GdqM4kDrQJsBCmFmgVi7os5+WqEc0jUpNVhvgZeGZdXSdzdk6k3/wj8tB/ZJruhvh102nya6PhdmpJ/Kk0llZXkYSOL3/pysqGFlBqm9pnFysSVK3QmUlcqaU0OFUMUoIQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Amir Goldstein Legacy inotify/fanotify listeners can add watches for events on inode, parent or mount and expect to get events (e.g. FS_MODIFY) on files that were already open at the time of setting up the watches. fanotify permission events are typically used by Anti-malware sofware, that is watching the entire mount and it is not common to have more that one Anti-malware engine installed on a system. To reduce the overhead of the fsnotify_file_perm() hooks on every file access, relax the semantics of the legacy FAN_OPEN_PERM event to generate events only if there were *any* permission event listeners on the filesystem at the time that the file was open. The new semantics, implemented with the opt-in FMODE_NOTIFY_PERM flag are also going to apply to the new fanotify pre-content event in order to reduce the cost of the pre-content event vfs hooks. Suggested-by: Linus Torvalds Link: https://lore.kernel.org/linux-fsdevel/CAHk-=wj8L=mtcRTi=NECHMGfZQgXOp_uix1YVh04fEmrKaMnXA@mail.gmail.com/ Signed-off-by: Amir Goldstein --- include/linux/fs.h | 3 ++- include/linux/fsnotify.h | 47 ++++++++++++++++++++++++++++------------ 2 files changed, 35 insertions(+), 15 deletions(-) diff --git a/include/linux/fs.h b/include/linux/fs.h index 9c13222362f5..9b58e9887e4b 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -173,7 +173,8 @@ typedef int (dio_iodone_t)(struct kiocb *iocb, loff_t offset, #define FMODE_NOREUSE ((__force fmode_t)(1 << 23)) -/* FMODE_* bit 24 */ +/* File may generate fanotify access permission events */ +#define FMODE_NOTIFY_PERM ((__force fmode_t)(1 << 24)) /* File is embedded in backing_file object */ #define FMODE_BACKING ((__force fmode_t)(1 << 25)) diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h index 278620e063ab..f0fd3dcae654 100644 --- a/include/linux/fsnotify.h +++ b/include/linux/fsnotify.h @@ -108,10 +108,9 @@ static inline void fsnotify_dentry(struct dentry *dentry, __u32 mask) fsnotify_parent(dentry, mask, dentry, FSNOTIFY_EVENT_DENTRY); } -static inline int fsnotify_file(struct file *file, __u32 mask) +/* Should events be generated on this open file regardless of watches? */ +static inline bool fsnotify_file_watchable(struct file *file, __u32 mask) { - const struct path *path; - /* * FMODE_NONOTIFY are fds generated by fanotify itself which should not * generate new events. We also don't want to generate events for @@ -119,14 +118,37 @@ static inline int fsnotify_file(struct file *file, __u32 mask) * handle creation / destruction events and not "real" file events. */ if (file->f_mode & (FMODE_NONOTIFY | FMODE_PATH)) + return false; + + /* Permission events require that watches are set before FS_OPEN_PERM */ + if (mask & ALL_FSNOTIFY_PERM_EVENTS & ~FS_OPEN_PERM && + !(file->f_mode & FMODE_NOTIFY_PERM)) + return false; + + return true; +} + +static inline int fsnotify_file(struct file *file, __u32 mask) +{ + const struct path *path; + + if (!fsnotify_file_watchable(file, mask)) return 0; path = &file->f_path; - /* Permission events require group prio >= FSNOTIFY_PRIO_CONTENT */ - if (mask & ALL_FSNOTIFY_PERM_EVENTS && - !fsnotify_sb_has_priority_watchers(path->dentry->d_sb, - FSNOTIFY_PRIO_CONTENT)) - return 0; + /* + * Permission events require group prio >= FSNOTIFY_PRIO_CONTENT. + * Unless permission event watchers exist at FS_OPEN_PERM time, + * operations on file will not be generating any permission events. + */ + if (mask & ALL_FSNOTIFY_PERM_EVENTS) { + if (!fsnotify_sb_has_priority_watchers(path->dentry->d_sb, + FSNOTIFY_PRIO_CONTENT)) + return 0; + + if (mask & FS_OPEN_PERM) + file->f_mode |= FMODE_NOTIFY_PERM; + } return fsnotify_parent(path->dentry, mask, path, FSNOTIFY_EVENT_PATH); } @@ -166,15 +188,12 @@ static inline int fsnotify_file_perm(struct file *file, int perm_mask) */ static inline int fsnotify_open_perm(struct file *file) { - int ret; + int ret = fsnotify_file(file, FS_OPEN_PERM); - if (file->f_flags & __FMODE_EXEC) { + if (!ret && file->f_flags & __FMODE_EXEC) ret = fsnotify_file(file, FS_OPEN_EXEC_PERM); - if (ret) - return ret; - } - return fsnotify_file(file, FS_OPEN_PERM); + return ret; } #else