From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A515AD42B82
	for <linux-mm@archiver.kernel.org>; Tue, 12 Nov 2024 13:55:07 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id EB2EB8D0002; Tue, 12 Nov 2024 08:55:06 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id E3D018D0001; Tue, 12 Nov 2024 08:55:06 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id C8E8D8D0002; Tue, 12 Nov 2024 08:55:06 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16])
	by kanga.kvack.org (Postfix) with ESMTP id A51818D0001
	for <linux-mm@kvack.org>; Tue, 12 Nov 2024 08:55:06 -0500 (EST)
Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay02.hostedemail.com (Postfix) with ESMTP id 1B07512018E
	for <linux-mm@kvack.org>; Tue, 12 Nov 2024 13:55:06 +0000 (UTC)
X-FDA: 82777588572.04.EEF0AA3
Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130])
	by imf02.hostedemail.com (Postfix) with ESMTP id AD2EF80013
	for <linux-mm@kvack.org>; Tue, 12 Nov 2024 13:53:44 +0000 (UTC)
Authentication-Results: imf02.hostedemail.com;
	dkim=pass header.d=suse.cz header.s=susede2_rsa header.b="Ap/VuOj/";
	dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=X7ZlUU4O;
	dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=cpMNzLWX;
	dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=BhEUIMbj;
	dmarc=none;
	spf=pass (imf02.hostedemail.com: domain of jack@suse.cz designates 195.135.223.130 as permitted sender) smtp.mailfrom=jack@suse.cz
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1731419641; a=rsa-sha256;
	cv=none;
	b=Fg4q1yfvnXmqQdKtAYks7+AsapGmJbgY5ivlltt1xgQYSgB/I0W9sPmgk5twnhT2s6EqX2
	i+oqWrHdl7jBPqQSDWsjYtnUXTyyWiD1xKSq/1uVyRa0BncvzoZNM7n2zOLZPJq/btZhMN
	I5vVKJsU697YT9tQFrIJWw/SGz3Muu4=
ARC-Authentication-Results: i=1;
	imf02.hostedemail.com;
	dkim=pass header.d=suse.cz header.s=susede2_rsa header.b="Ap/VuOj/";
	dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=X7ZlUU4O;
	dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=cpMNzLWX;
	dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=BhEUIMbj;
	dmarc=none;
	spf=pass (imf02.hostedemail.com: domain of jack@suse.cz designates 195.135.223.130 as permitted sender) smtp.mailfrom=jack@suse.cz
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1731419641;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=GggHjq6mlfXdpXhy6vku+7SxFDasBwrmkZtO3QYAPpA=;
	b=NbgKUkdXpvrtDJhGbJX09hlgYttwb0CcsLkKwXDV1T6QJuq7kYom0cNuWZOiB6PSte2eeM
	b2iqNgSA9OwWz54e3MCMOa2f3Akjsjo+5NqnGOtNzg2D/tv4+7Il+kCa9dNQ5pwSifLi5L
	wsl/4BSNIijmH9THaAHVc4A8neR1bjo=
Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp-out1.suse.de (Postfix) with ESMTPS id D38172128F;
	Tue, 12 Nov 2024 13:55:01 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa;
	t=1731419702; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=GggHjq6mlfXdpXhy6vku+7SxFDasBwrmkZtO3QYAPpA=;
	b=Ap/VuOj/uPqqu0YJCo/upxhvpT1gL65rnquNlS9fK9Oxw+ekiHvA5S7YFlk17/ISyH8r28
	BmzB+RIY2r87L4UT6C8MCAdT1/IXUrqwdVf8UBdzMwHojzxmwNwaK7qpxGJ90/9ZIIU5qI
	MDukUePOxM78VoAt7M7u43Fx82eobo0=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz;
	s=susede2_ed25519; t=1731419702;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=GggHjq6mlfXdpXhy6vku+7SxFDasBwrmkZtO3QYAPpA=;
	b=X7ZlUU4O8aIis5H8gO1MMPYtKX4e99qPEvZZhgO0TbP+b3NnUo5tMjqNHySYa3O5SJFtFF
	jB50zv3wLh8V6cAw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa;
	t=1731419701; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=GggHjq6mlfXdpXhy6vku+7SxFDasBwrmkZtO3QYAPpA=;
	b=cpMNzLWX7mSb5R3J+LFyZ7KuTODAbuhad69ifHlpyyzMrEe/aM+ayo7u/842jYPPtSSWi8
	DGavQWBKqhvPHWc5V7rnDC1BvFQpfEeKbim10wrf4uzTLAX+m6g9lAuBvBugRG/JbW8Eef
	+Lep4cyhpZlV3LsFRPkgRb4BADH7EXk=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz;
	s=susede2_ed25519; t=1731419701;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=GggHjq6mlfXdpXhy6vku+7SxFDasBwrmkZtO3QYAPpA=;
	b=BhEUIMbjOckf909sxr4ypQWrcGmWwOTExK8ce3kk5E9zGpOa3SC4kc1T0ZBylBYcheq2um
	Jl7OpQjrBZza5vDg==
Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id C77BC13721;
	Tue, 12 Nov 2024 13:55:01 +0000 (UTC)
Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])
	by imap1.dmz-prg2.suse.org with ESMTPSA
	id Jgi6MDVeM2dpcgAAD6G6ig
	(envelope-from <jack@suse.cz>); Tue, 12 Nov 2024 13:55:01 +0000
Received: by quack3.suse.cz (Postfix, from userid 1000)
	id 72D0DA08D0; Tue, 12 Nov 2024 14:54:57 +0100 (CET)
Date: Tue, 12 Nov 2024 14:54:57 +0100
From: Jan Kara <jack@suse.cz>
To: Amir Goldstein <amir73il@gmail.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
	Josef Bacik <josef@toxicpanda.com>, kernel-team@fb.com,
	linux-fsdevel@vger.kernel.org, jack@suse.cz, brauner@kernel.org,
	linux-xfs@vger.kernel.org, linux-btrfs@vger.kernel.org,
	linux-mm@kvack.org, linux-ext4@vger.kernel.org
Subject: Re: [PATCH v6 06/17] fsnotify: generate pre-content permission event
 on open
Message-ID: <20241112135457.zxzhtoe537gapkmu@quack3>
References: <cover.1731355931.git.josef@toxicpanda.com>
 <b509ec78c045d67d4d7e31976eba4b708b238b66.1731355931.git.josef@toxicpanda.com>
 <CAHk-=wh4BEjbfaO93hiZs3YXoNmV=YkWT4=OOhuxM3vD2S-1iA@mail.gmail.com>
 <CAEzrpqdtSAoS+p4i0EzWFr0Nrpw1Q2hphatV7Sk4VM49=L3kGw@mail.gmail.com>
 <CAHk-=wj8L=mtcRTi=NECHMGfZQgXOp_uix1YVh04fEmrKaMnXA@mail.gmail.com>
 <CAOQ4uxgxtQhe_3mj5SwH9568xEFsxtNqexLfw9Wx_53LPmyD=Q@mail.gmail.com>
 <CAHk-=wgUV27XF8g23=aWNJecRbn8fCDDW2=10y9yJ122+d8JrA@mail.gmail.com>
 <CAOQ4uxh7aT+EvWYMa9v=SyRjfdh4Je_FmS0+TNqonHE5Z+_TPw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CAOQ4uxh7aT+EvWYMa9v=SyRjfdh4Je_FmS0+TNqonHE5Z+_TPw@mail.gmail.com>
X-Rspam-User: 
X-Rspamd-Queue-Id: AD2EF80013
X-Rspamd-Server: rspam11
X-Stat-Signature: mjb8sjfe1rjrfr8593ypy54de3ddu8o1
X-HE-Tag: 1731419624-840257
X-HE-Meta: U2FsdGVkX186w8aY5UOvrEi0jbPPaEa0k0p8qPlKXdJMcxBd5CeFqiJb4FFAOAlzm2b++uP7u6FV9m8FxoIaiJqEhVtkUHqeR7jPsw/TgKR1mpujExU11iTpJ6RZUEBTv0kS6OxGpUF9lkLm7p9NHaqhmC6zOCGYa15OUTVeBNParAC/tlqc7q7UzJ05AUh0y3LU9t82soZAc/IPTGpwmEq0B/MxXQMUn+VjoB6XE+Z55chPb/fch6dexUXFpXp6XlIB2iTiM1J5mX1Iu/wC5q+Ka5uo/Wqw7DP9tc2SkGLcu+eaHq1/NCsXjfmSA3bCIIfRaJJFmIW3czDzSFjjKzsbfCXOxkx1e8oMmD81WQk5MURMEbAxJ38nKZeibspBazY0t/btR3xqa+t4Tq91fqWU/cnqABARL2A/HArbzVNtmT1Ku45+ovwiMA0LAbdCIdwkNTuCt5LeCGNVD/oqne7kHQF1NX0aBvZBmeCTiJJwe4Qyr+rOH51xdS2xOHm+mXw6X+WhUePuYT5jDmy8JvBdvjCva6uazaL7y1uCWKLM1mazYczrb1csv+oODJQSd4iGmrNpqbN2PCMX5HChyIKynP6VUuvt7enbeXtYLhwHt5P81aoswfR3SW2pzpDqSB81ewH0nbgS5sUIbv4HWo9QKeS8F+/c0SSZiqy/sLbptF+9n7P+4HG/smg7hoBAsrJVCy6clfM5fLcU7qO322UoIK2acnoSW2S+bKu+YmHbsBQmu+6sBrdOT4lPndzGxM28tOHnCjeGomq34M1+uLM7B0IpZKuP231xjb9anj53oMBFeyTleyNfHcQBPMNAYKrQEyzrZp5iVuKicMsTzlncFX+ORkbX12meJDmolVjA7olk/fnjlwyWkmkgZJ1l8bSKBWlIE7G8nCcg1JPSqRD4FGHXE+0mVxbMUGlNQIu1VsnO4JZTmacR+pWbrlBr6WgSMf9v/be2Dt/sQzv
 e24hIe54
 qwMzGo7b9+mZskrr/RkSZN2r2TLjzYrkIBG2vgx59RgcTRw+qzPaWNwiydtwZcIV0Yr7IPMisZbu0axyfFeVJ2wx7JHVHCN4Tc9+sJPbAs6u7NUoU8uIgX1WHFlUigu6pSds4DBRJUV2d26qklTa2ihmvKSy1z9tYlYAaigNakIT8zZGTmROmhbOHz3kuXahhEYrKU3H164LyOhPo/V652uX8bRcRs8vj9SUagEQmkUgN4dfgEXbkAEh0+D9InNkygnv7wSu5UX7j3Ru6ODLVpgLmLIXDSpYt7G0vNBzuymPfeDqLQra9JTwsbZjKPJ22FjVvS9jCHPWbOeGT4rsgh0+m0Cls2LODhHAHv/Wk6jn0vM/OV0EurTaS1xayV7lg4zt5Q+1MROUWR1PDAIVlSrV2oZww9UBfUjgZ7UxKTdSwEhcf2CVm0q9u1FLB6Nry8snR
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Tue 12-11-24 09:11:32, Amir Goldstein wrote:
> On Tue, Nov 12, 2024 at 1:37 AM Linus Torvalds
> <torvalds@linux-foundation.org> wrote:
> > On Mon, 11 Nov 2024 at 16:00, Amir Goldstein <amir73il@gmail.com> wrote:
> > >
> > > I think that's a good idea for pre-content events, because it's fine
> > > to say that if the sb/mount was not watched by a pre-content event listener
> > > at the time of file open, then we do not care.
> >
> > Right.
> >
> > > The problem is that legacy inotify/fanotify watches can be added after
> > > file is open, so that is allegedly why this optimization was not done for
> > > fsnotify hooks in the past.
> >
> > So honestly, even if the legacy fsnotify hooks can't look at the file
> > flag, they could damn well look at an inode flag.
> 
> Legacy fanotify has a mount watch (FAN_MARK_MOUNT),
> which is the common way for Anti-malware to set watches on
> filesystems, so I am not sure what you are saying.
> 
> > And I'm not even convinced that we couldn't fix them to just look at a
> > file flag, and say "tough luck, somebody opened that file before you
> > started watching, you don't get to see what they did".
> 
> That would specifically break tail -f (for inotify) and probably many other
> tools, but as long as we also look at the inode flags (i_fsnotify_mask)
> and the dentry flags (DCACHE_FSNOTIFY_PARENT_WATCHED),
> then I think we may be able to get away with changing the semantics
> for open files on a fanotify mount watch.

Yes, I agree we cannot afford to generate FS_MODIFY event only if the mark
was placed after file open. There's too much stuff in userspace depending
on this since this behavior dates back to inotify interface sometime in
2010 or so.

> Specifically, I would really like to eliminate completely the cost of
> FAN_ACCESS_PERM event, which could be gated on file flag, because
> this is only for security/Anti-malware and I don't think this event is
> practically
> useful and it sure does not need to guarantee permission events to mount
> watchers on already open files.

For traditional fanotify permission events I agree generating them only if
the mark was placed before open is likely fine but we'll have to try and
see whether something breaks. For the new pre-content events I like the
per-file flag as Linus suggested. That should indeed save us some cache
misses in some fast paths.

								Honza
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR