[PATCH 09/19] fsnotify: generate pre-content permission event on truncate

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

From: Jan Kara <jack@suse.cz>
To: <linux-fsdevel@vger.kernel.org>
Cc: Amir Goldstein <amir73il@gmail.com>,
	Josef Bacik <josef@toxicpanda.com>,
	brauner@kernel.org,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Al Viro <viro@ZenIV.linux.org.uk>,
	linux-xfs@vger.kernel.org, linux-btrfs@vger.kernel.org,
	linux-ext4@vger.kernel.org, linux-mm@kvack.org,
	Jan Kara <jack@suse.cz>
Subject: [PATCH 09/19] fsnotify: generate pre-content permission event on truncate
Date: Thu, 21 Nov 2024 12:22:08 +0100	[thread overview]
Message-ID: <20241121112218.8249-10-jack@suse.cz> (raw)
In-Reply-To: <20241121112218.8249-1-jack@suse.cz>

From: Amir Goldstein <amir73il@gmail.com>

Generate FS_PRE_ACCESS event before truncate, without sb_writers held.

Move the security hooks also before sb_start_write() to conform with
other security hooks (e.g. in write, fallocate).

The event will have a range info of the page surrounding the new size
to provide an opportunity to fill the conetnt at the end of file before
truncating to non-page aligned size.

Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://patch.msgid.link/23af8201db6ac2efdea94f09ab067d81ba5de7a7.1731684329.git.josef@toxicpanda.com
---
 fs/open.c                | 31 +++++++++++++++++++++----------
 include/linux/fsnotify.h | 20 ++++++++++++++++++++
 2 files changed, 41 insertions(+), 10 deletions(-)

diff --git a/fs/open.c b/fs/open.c
index 9b1fa59d52bf..f7bd176545f5 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -81,14 +81,18 @@ long vfs_truncate(const struct path *path, loff_t length)
 	if (!S_ISREG(inode->i_mode))
 		return -EINVAL;
 
-	error = mnt_want_write(path->mnt);
-	if (error)
-		goto out;
-
 	idmap = mnt_idmap(path->mnt);
 	error = inode_permission(idmap, inode, MAY_WRITE);
 	if (error)
-		goto mnt_drop_write_and_out;
+		return error;
+
+	error = fsnotify_truncate_perm(path, length);
+	if (error)
+		return error;
+
+	error = mnt_want_write(path->mnt);
+	if (error)
+		return error;
 
 	error = -EPERM;
 	if (IS_APPEND(inode))
@@ -114,7 +118,7 @@ long vfs_truncate(const struct path *path, loff_t length)
 	put_write_access(inode);
 mnt_drop_write_and_out:
 	mnt_drop_write(path->mnt);
-out:
+
 	return error;
 }
 EXPORT_SYMBOL_GPL(vfs_truncate);
@@ -175,11 +179,18 @@ long do_ftruncate(struct file *file, loff_t length, int small)
 	/* Check IS_APPEND on real upper inode */
 	if (IS_APPEND(file_inode(file)))
 		return -EPERM;
-	sb_start_write(inode->i_sb);
+
 	error = security_file_truncate(file);
-	if (!error)
-		error = do_truncate(file_mnt_idmap(file), dentry, length,
-				    ATTR_MTIME | ATTR_CTIME, file);
+	if (error)
+		return error;
+
+	error = fsnotify_truncate_perm(&file->f_path, length);
+	if (error)
+		return error;
+
+	sb_start_write(inode->i_sb);
+	error = do_truncate(file_mnt_idmap(file), dentry, length,
+			    ATTR_MTIME | ATTR_CTIME, file);
 	sb_end_write(inode->i_sb);
 
 	return error;
diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
index 87044acf8e79..1a9ef8f6784d 100644
--- a/include/linux/fsnotify.h
+++ b/include/linux/fsnotify.h
@@ -170,6 +170,21 @@ static inline int fsnotify_file_area_perm(struct file *file, int perm_mask,
 	return fsnotify_path(&file->f_path, FS_ACCESS_PERM);
 }
 
+/*
+ * fsnotify_truncate_perm - permission hook before file truncate
+ */
+static inline int fsnotify_truncate_perm(const struct path *path, loff_t length)
+{
+	struct inode *inode = d_inode(path->dentry);
+
+	if (!(inode->i_sb->s_iflags & SB_I_ALLOW_HSM) ||
+	    !fsnotify_sb_has_priority_watchers(inode->i_sb,
+					       FSNOTIFY_PRIO_PRE_CONTENT))
+		return 0;
+
+	return fsnotify_pre_content(path, &length, 0);
+}
+
 /*
  * fsnotify_file_perm - permission hook before file access (unknown range)
  */
@@ -208,6 +223,11 @@ static inline int fsnotify_file_area_perm(struct file *file, int perm_mask,
 	return 0;
 }
 
+static inline int fsnotify_truncate_perm(const struct path *path, loff_t length)
+{
+	return 0;
+}
+
 static inline int fsnotify_file_perm(struct file *file, int perm_mask)
 {
 	return 0;
-- 
2.35.3

next prev parent reply	other threads:[~2024-11-21 11:22 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-11-21 11:21 [PATCH v9 00/19] fanotify: add pre-content hooks Jan Kara
2024-11-21 11:22 ` [PATCH 01/19] fs: get rid of __FMODE_NONOTIFY kludge Jan Kara
2024-11-21 11:22 ` [PATCH 02/19] fsnotify: opt-in for permission events at file open time Jan Kara
2024-11-21 11:22 ` [PATCH 03/19] fsnotify: check if file is actually being watched for pre-content events on open Jan Kara
2024-11-21 16:01   ` Amir Goldstein
2024-11-22 10:58     ` Jan Kara
2024-11-21 11:22 ` [PATCH 04/19] fanotify: don't skip extra event info if no info_mode is set Jan Kara
2024-11-21 11:22 ` [PATCH 05/19] fanotify: rename a misnamed constant Jan Kara
2024-11-21 11:22 ` [PATCH 06/19] fanotify: reserve event bit of deprecated FAN_DIR_MODIFY Jan Kara
2024-11-21 11:22 ` [PATCH 07/19] fsnotify: introduce pre-content permission events Jan Kara
2024-11-21 11:22 ` [PATCH 08/19] fsnotify: pass optional file access range in pre-content event Jan Kara
2024-11-21 11:22 ` Jan Kara [this message]
2024-11-21 11:22 ` [PATCH 10/19] fanotify: introduce FAN_PRE_ACCESS permission event Jan Kara
2024-11-21 11:22 ` [PATCH 11/19] fanotify: report file range info with pre-content events Jan Kara
2024-11-21 11:22 ` [PATCH 12/19] fanotify: allow to set errno in FAN_DENY permission response Jan Kara
2024-11-21 11:22 ` [PATCH 13/19] fanotify: disable readahead if we have pre-content watches Jan Kara
2024-11-21 11:22 ` [PATCH 14/19] mm: don't allow huge faults for files with pre content watches Jan Kara
2024-11-21 11:22 ` [PATCH 15/19] fsnotify: generate pre-content permission event on page fault Jan Kara
2024-11-21 11:22 ` [PATCH 16/19] xfs: add pre-content fsnotify hook for DAX faults Jan Kara
2024-11-21 11:22 ` [PATCH 17/19] btrfs: disable defrag on pre-content watched files Jan Kara
2024-11-21 11:22 ` [PATCH 18/19] ext4: add pre-content fsnotify hook for DAX faults Jan Kara
2024-11-21 11:22 ` [PATCH 19/19] fs: enable pre-content events on supported file systems Jan Kara
2024-11-21 16:06 ` [PATCH v9 00/19] fanotify: add pre-content hooks Amir Goldstein

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20241121112218.8249-10-jack@suse.cz \
    --to=jack@suse.cz \
    --cc=amir73il@gmail.com \
    --cc=brauner@kernel.org \
    --cc=josef@toxicpanda.com \
    --cc=linux-btrfs@vger.kernel.org \
    --cc=linux-ext4@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=linux-xfs@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@ZenIV.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox