From patchwork Tue Nov 12 17:55:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13872789 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C45E0D42BBE for ; Tue, 12 Nov 2024 18:04:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3E8086B0099; Tue, 12 Nov 2024 13:04:42 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 368BB6B009F; Tue, 12 Nov 2024 13:04:42 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1E16C6B00CC; Tue, 12 Nov 2024 13:04:42 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id EF55F6B0099 for ; Tue, 12 Nov 2024 13:04:41 -0500 (EST) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 93920140538 for ; Tue, 12 Nov 2024 18:04:41 +0000 (UTC) X-FDA: 82778216766.25.212E658 Received: from mail-yb1-f173.google.com (mail-yb1-f173.google.com [209.85.219.173]) by imf15.hostedemail.com (Postfix) with ESMTP id AA09EA0040 for ; Tue, 12 Nov 2024 18:03:56 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=toxicpanda-com.20230601.gappssmtp.com header.s=20230601 header.b=R6bMdMQN; dmarc=none; spf=none (imf15.hostedemail.com: domain of josef@toxicpanda.com has no SPF policy when checking 209.85.219.173) smtp.mailfrom=josef@toxicpanda.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1731434617; a=rsa-sha256; cv=none; b=7hCK2leK+SqJcj9v/YaEaw5UqTNZ3/LDygIkDyHumi2LL8ZWW/rRI04fijmiasX6MSSF/Z MIsNMqWc7zYc9ZgvLhDDG7YdFMEEQR/Kq2TRGzFbDkMhZ/bh8wmmMU/3yluDcAW55ZvUA7 m6S4O/9Z3TmOh/jGGnU1nS0XiIVOCXA= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=toxicpanda-com.20230601.gappssmtp.com header.s=20230601 header.b=R6bMdMQN; dmarc=none; spf=none (imf15.hostedemail.com: domain of josef@toxicpanda.com has no SPF policy when checking 209.85.219.173) smtp.mailfrom=josef@toxicpanda.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1731434617; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=yR+WXWwndS2FLusUnFYSuykN6wegDmBuVaa7pQ21cd8=; b=rFlzxXvjW1OTooJFtXsSsbfDWvRvC7jdQeI78xMkiyPsxotyjuuRnl4BJVb0kVq/6rUoP6 rP+VPyZPltOPP975AvAi3FjYrjN8YuH4fEGNRaAl4H71L9PAeuS6zWWYziJIauyZYyqHJ/ bZJdxdcBZcjR6nNQK3KWieG5taXHN7o= Received: by mail-yb1-f173.google.com with SMTP id 3f1490d57ef6-e30d1d97d20so5300564276.2 for ; Tue, 12 Nov 2024 10:04:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1731434678; x=1732039478; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=yR+WXWwndS2FLusUnFYSuykN6wegDmBuVaa7pQ21cd8=; b=R6bMdMQNRH1uqfnQ+kH6bZJ8/wVhysItGM4LB0Km/BZg60wtZhJV5rTSz5TxQ8fH1H l85+KaxUi15oArqhI9UAJHOd8tnn66QpUSJD7Elq9m3Gp9H2GM135bNDQMCwUl3jGiKh oKTDbuyFq4zN9JE/bnqTvE65Vf18PbQkz4s8XZMAVdlkNcM1ueDgOjtPK3FZFIPtKzPo 1gwJuMmgs7Xqqd+YOl1FMopbdjgf3wIHRytT2TdmtJvMOnKn2Sae6JBo8oMrToA69R6z m/ZJohcLv5vgyRwmh7wB5YYr6EsWKGLR8WSCWMb3rv4KAi/k86kpDUbbTTbqdOUdaQ2h J8Qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731434678; x=1732039478; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yR+WXWwndS2FLusUnFYSuykN6wegDmBuVaa7pQ21cd8=; b=faXmUNSCi15DdkkBokPlxa08rHi2zuCkuVSEx2DDu8o8tGhcfGqnlRifq8FJDp0xzK 1cmmXMoYqZyVFgbxq/JRmXnFsSRQWMYCvdpGcp2ev8PBIWonodO+1zGhUnr3VJY7X4vI LFhEoIYAFQuYxAjWw8lDvn648llaAYHQF3IRwPNK4aDCe4e43irhE1PiJPXAqYsn4/+R aGkCFoePRKQr+k8GXbqTjNRpKQHfC0Dco7H0YZuBZzaNL/g9Tdzm3J+Gfq9ecTL0v5zL kcGj1QRXMo9yYl+IREHhfFd3eVXF4tPcDOl4fAFybt0rSz6MS1HNJt4UGSRl87hgbqQU gZmQ== X-Forwarded-Encrypted: i=1; AJvYcCXcVCMs9ofCl4RgkoR4lG5ISLbGEzrNjxyQYNu+y9Ee0PNA/OYh9aglDsyBVHEebeTJgzxMczbC4g==@kvack.org X-Gm-Message-State: AOJu0YweJMKsAR2oNthO/NX659WmZRvRUNiVVxpafzsuK+e4VztwkNOu 7djJXZSeykxX9PRWpWSnJuscil7/hPmVHY06JBeUllmocWTLFj+mUMJJetTGPQ5NZrHmao2e6R6 u X-Google-Smtp-Source: AGHT+IGcFROfyre2Kv1qsuv7MLwuajuAadQn7xHj4Uh/jaGY8cm7A7E77btl+nKFPaxtN+kqNmxpKw== X-Received: by 2002:a05:690c:6e0a:b0:6e7:e5d6:64cc with SMTP id 00721157ae682-6eadddbd36bmr177209777b3.20.1731434200953; Tue, 12 Nov 2024 09:56:40 -0800 (PST) Received: from localhost (syn-076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id 00721157ae682-6eace8f1d2csm26433717b3.42.2024.11.12.09.56.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Nov 2024 09:56:40 -0800 (PST) From: Josef Bacik To: kernel-team@fb.com, linux-fsdevel@vger.kernel.org, jack@suse.cz, amir73il@gmail.com, brauner@kernel.org, torvalds@linux-foundation.org, linux-xfs@vger.kernel.org, linux-btrfs@vger.kernel.org, linux-mm@kvack.org, linux-ext4@vger.kernel.org Subject: [PATCH v7 08/18] fsnotify: generate pre-content permission event on truncate Date: Tue, 12 Nov 2024 12:55:23 -0500 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 X-Rspam-User: X-Rspamd-Queue-Id: AA09EA0040 X-Rspamd-Server: rspam01 X-Stat-Signature: agy9he9fhc3jzwhy7iszect8gffpk771 X-HE-Tag: 1731434636-902162 X-HE-Meta: U2FsdGVkX1/njTTlTvaQR0tpNxxzEE3LoDGh7rpLnNDRN8DO3cbjBzHuEodADI1kJZ3ndY8CWI8rnUOgcntDS9UUT7zcTOBTNHNC3OqV+oHCsJ2a8paEKTNHFWgGKucdMQlPfDKOaLaT2yovFTz/4o8jOnux/xW996i4sc1oIwFtI3cfJkcbwKlmzIE7BsJ8vR6/s/rICJQHMC85aa/USmJiy6HRVbD9UDhr41RhJNREimckComtP++aEGtiT12ROOjE1/zgVIliuJU8zH80cTGgRudN3seTmQFuVERzVF15khlQNGkH6d73UQJSFaibBEO1hxEi6U2abRYNir5T57cfBVMHx/jgHjIZvVn5OcGbScLiRHVwk4TOEdZWirf/qHEdr+Uq7qdpTg0WmHF+1Vh3YUYGeBO6RTEplIrQvYdqlypR+bnws5TO5fbTP8oFDLnQYqvZe50ro6sJxPLQ3vd6glYTnkMO0zW0A0fKWkD/PaSppvolBdBwCdWRi43dCRFP5FgCQrE25Y9aUZIKQXnl0kGiqi0NiWiz1HyHfPgDoNHHOvsiPq3yzFuYlyUjZG/Hx//xPRo/2X3CV/LO5jcX8HPpDq7by4V79dzI0P3bqe/qlgSwDrnOobCizme6ep7ETo/p4lr+7Ay37X3Huszg+QhPnUw/dOo+LlSfvxaZ2UNaJW+MjfoNjxM4xvhvq1iL2DLVWi89459O6GxKVy4bXXr5TYxa0/I+tmynwijfV4nUZFVa/OLbKyzrSOILblxQLlkVoE+rmyd9RsluDQeIc1yh1q9EAxs1+7i8j84Rf4+Rrb4wv9zrWZyw0oKJsmoZ+t2x0TPPUD+Hbp4sOup5RMKVOLODnzgSAatJuirEbO3FWbU5j9ICcMK2RBlUiGNxgVi0jQWR8flqqFK+otHCuLPKrIwcY7YT1kUlRfsRtmQlfUeqGw4vrAAJjGmsmDqkZwqo+p8SKq+GKfZ XbrTeK2n CmVe1jG6gx+PaJysQpsRqJ5M0Q4xB8JtmWQ4WU80TB93nGwFFk98C1HZl69cMViSs/lOqzW5hGbN4PpI42Zxk42+t6I6qwSIRFqvOEFP9i3/xHlEi1ndIdQ/+/+jMxmu9Qc1On7cIAULnH6T8sWlxCt4JH7tW95X1XycQ5orngNUUVpUtHKIcMJkySwTUktzFV2Mcj3b/xqS/EIXnIyzGuAZduFmrSq8CSct9ptbIVZMR81Z+YaAhz2YOsEtiF+SbNZtuLrYaA57oZ6/qZMInP+LeIuV4c5NpuitefVLbstqVFKPH7ldGR/GMhaQMiCTfcunagUTxW/9Pz1IqUTl0RHLyN7RGelFLHuo1XOnATa1et5klTPp4fBPGQD4omtFiyyezvZaSsaIDNiipHC3JeZ92lVP2lP8p92fkfdprg7HYv9BN6Lkjj6uo9F6KHW50/pBVw3HrwACb9vw= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Amir Goldstein Generate FS_PRE_ACCESS event before truncate, without sb_writers held. Move the security hooks also before sb_start_write() to conform with other security hooks (e.g. in write, fallocate). The event will have a range info of the page surrounding the new size to provide an opportunity to fill the conetnt at the end of file before truncating to non-page aligned size. Signed-off-by: Amir Goldstein --- fs/open.c | 31 +++++++++++++++++++++---------- include/linux/fsnotify.h | 32 ++++++++++++++++++++++---------- 2 files changed, 43 insertions(+), 20 deletions(-) diff --git a/fs/open.c b/fs/open.c index e6911101fe71..e75456cda440 100644 --- a/fs/open.c +++ b/fs/open.c @@ -81,14 +81,18 @@ long vfs_truncate(const struct path *path, loff_t length) if (!S_ISREG(inode->i_mode)) return -EINVAL; - error = mnt_want_write(path->mnt); - if (error) - goto out; - idmap = mnt_idmap(path->mnt); error = inode_permission(idmap, inode, MAY_WRITE); if (error) - goto mnt_drop_write_and_out; + return error; + + error = fsnotify_truncate_perm(path, length); + if (error) + return error; + + error = mnt_want_write(path->mnt); + if (error) + return error; error = -EPERM; if (IS_APPEND(inode)) @@ -114,7 +118,7 @@ long vfs_truncate(const struct path *path, loff_t length) put_write_access(inode); mnt_drop_write_and_out: mnt_drop_write(path->mnt); -out: + return error; } EXPORT_SYMBOL_GPL(vfs_truncate); @@ -175,11 +179,18 @@ long do_ftruncate(struct file *file, loff_t length, int small) /* Check IS_APPEND on real upper inode */ if (IS_APPEND(file_inode(file))) return -EPERM; - sb_start_write(inode->i_sb); + error = security_file_truncate(file); - if (!error) - error = do_truncate(file_mnt_idmap(file), dentry, length, - ATTR_MTIME | ATTR_CTIME, file); + if (error) + return error; + + error = fsnotify_truncate_perm(&file->f_path, length); + if (error) + return error; + + sb_start_write(inode->i_sb); + error = do_truncate(file_mnt_idmap(file), dentry, length, + ATTR_MTIME | ATTR_CTIME, file); sb_end_write(inode->i_sb); return error; diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h index 2d1c13df112c..f1ef072a3b2f 100644 --- a/include/linux/fsnotify.h +++ b/include/linux/fsnotify.h @@ -154,17 +154,14 @@ static inline int fsnotify_file(struct file *file, __u32 mask) } #ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS -static inline int fsnotify_pre_content(const struct file *file, +static inline int fsnotify_pre_content(const struct path *path, const loff_t *ppos, size_t count) { - struct inode *inode = file_inode(file); + struct inode *inode = d_inode(path->dentry); struct file_range range; const void *data; int data_type; - if (!fsnotify_file_watchable(file, FS_PRE_ACCESS)) - return 0; - /* * Pre-content events are only reported for regular files and dirs * if there are any pre-content event watchers on this sb. @@ -177,18 +174,17 @@ static inline int fsnotify_pre_content(const struct file *file, /* Report page aligned range only when pos is known */ if (ppos) { - range.path = &file->f_path; + range.path = path; range.pos = PAGE_ALIGN_DOWN(*ppos); range.count = PAGE_ALIGN(*ppos + count) - range.pos; data = ⦥ data_type = FSNOTIFY_EVENT_FILE_RANGE; } else { - data = &file->f_path; + data = path; data_type = FSNOTIFY_EVENT_PATH; } - return fsnotify_parent(file->f_path.dentry, FS_PRE_ACCESS, - data, data_type); + return fsnotify_parent(path->dentry, FS_PRE_ACCESS, data, data_type); } /* @@ -206,11 +202,14 @@ static inline int fsnotify_file_area_perm(struct file *file, int perm_mask, */ lockdep_assert_once(file_write_not_started(file)); + if (!fsnotify_file_watchable(file, FS_PRE_ACCESS | FS_ACCESS_PERM)) + return 0; + /* * read()/write and other types of access generate pre-content events. */ if (perm_mask & (MAY_READ | MAY_WRITE | MAY_ACCESS | MAY_OPEN)) { - int ret = fsnotify_pre_content(file, ppos, count); + int ret = fsnotify_pre_content(&file->f_path, ppos, count); if (ret) return ret; @@ -226,6 +225,14 @@ static inline int fsnotify_file_area_perm(struct file *file, int perm_mask, return fsnotify_file(file, FS_ACCESS_PERM); } +/* + * fsnotify_truncate_perm - permission hook before file truncate + */ +static inline int fsnotify_truncate_perm(const struct path *path, loff_t length) +{ + return fsnotify_pre_content(path, &length, 0); +} + /* * fsnotify_file_perm - permission hook before file access (unknown range) */ @@ -254,6 +261,11 @@ static inline int fsnotify_file_area_perm(struct file *file, int perm_mask, return 0; } +static inline int fsnotify_truncate_perm(const struct path *path, loff_t length) +{ + return 0; +} + static inline int fsnotify_file_perm(struct file *file, int perm_mask) { return 0;