From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 305E3D6ACC0 for ; Wed, 27 Nov 2024 12:18:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 95C3A6B0083; Wed, 27 Nov 2024 07:18:43 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 90D736B0088; Wed, 27 Nov 2024 07:18:43 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7ABF46B0089; Wed, 27 Nov 2024 07:18:43 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 56CA66B0083 for ; Wed, 27 Nov 2024 07:18:43 -0500 (EST) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id D8D79AE962 for ; Wed, 27 Nov 2024 12:18:42 +0000 (UTC) X-FDA: 82831778232.03.396E9E1 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) by imf23.hostedemail.com (Postfix) with ESMTP id 8C78714000B for ; Wed, 27 Nov 2024 12:18:36 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=mCi2BhMv; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=wCI1ikWb; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=mCi2BhMv; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=wCI1ikWb; spf=pass (imf23.hostedemail.com: domain of jack@suse.cz designates 195.135.223.130 as permitted sender) smtp.mailfrom=jack@suse.cz; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1732709918; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=voCgKDDA1xuyfqTQdPx+hNfd7T9ftf5pcBbgUJ2Qs28=; b=k6y4zMhODnL2/FiErYtZZ9XL1HDSpv2EGd7BDvBPzTpQTQGnnNrH3MUQfo94W+ll+U4AZB 5DOh5bN3tJf8EsHksS6iKHXVd5YVMBc+S9E7FnVA0zmQW/ucRpGIAqJ+rQvks8sp1kNjqD kQjLZ+X4ukcEjDGULxma0CwQmTUtktU= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=mCi2BhMv; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=wCI1ikWb; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=mCi2BhMv; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=wCI1ikWb; spf=pass (imf23.hostedemail.com: domain of jack@suse.cz designates 195.135.223.130 as permitted sender) smtp.mailfrom=jack@suse.cz; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1732709918; a=rsa-sha256; cv=none; b=dNozvkHNXI4RVbjqyriplKGymMrtCl9OuLgTmn+QFcWwC+zMhsohSw3zcI7cFWcivgW0ao jwF3y+FgvuvCNvv4+p0NlmvbAvecrR+3cb/x0a5jlHnI54uqSTZOaNE6ueOV9CKjh2vYT8 WKazfCQwlQpPX7bTPzouiuO8eSlsXbk= Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 7E61B2117E; Wed, 27 Nov 2024 12:18:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1732709918; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=voCgKDDA1xuyfqTQdPx+hNfd7T9ftf5pcBbgUJ2Qs28=; b=mCi2BhMvAJAzz8O8+uS7sent3QV4AAsp+vgRWyJGES+nu6OsmV73Equpoz+1Zd+/Np/0wR FmjKoEvxVjx7N6p7jlhRgJ0otSzalRCXPllKzKmg3tmpM4puZoL4SsH+zCD7D3xQpYmqax 4rhEqeyl0JteJEJOyUI5GKE98do9Noc= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1732709918; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=voCgKDDA1xuyfqTQdPx+hNfd7T9ftf5pcBbgUJ2Qs28=; b=wCI1ikWb2w5i4KSIF5Wl4Y08yAWtFR7KmIDSbsN7CWfUgUwGnVLmfOSnebqnr6c98r6dET l8xsXiRZri66RKBA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1732709918; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=voCgKDDA1xuyfqTQdPx+hNfd7T9ftf5pcBbgUJ2Qs28=; b=mCi2BhMvAJAzz8O8+uS7sent3QV4AAsp+vgRWyJGES+nu6OsmV73Equpoz+1Zd+/Np/0wR FmjKoEvxVjx7N6p7jlhRgJ0otSzalRCXPllKzKmg3tmpM4puZoL4SsH+zCD7D3xQpYmqax 4rhEqeyl0JteJEJOyUI5GKE98do9Noc= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1732709918; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=voCgKDDA1xuyfqTQdPx+hNfd7T9ftf5pcBbgUJ2Qs28=; b=wCI1ikWb2w5i4KSIF5Wl4Y08yAWtFR7KmIDSbsN7CWfUgUwGnVLmfOSnebqnr6c98r6dET l8xsXiRZri66RKBA== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 6123C139AA; Wed, 27 Nov 2024 12:18:38 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id ZUiwFx4OR2fRbgAAD6G6ig (envelope-from ); Wed, 27 Nov 2024 12:18:38 +0000 Received: by quack3.suse.cz (Postfix, from userid 1000) id 1249FA08D6; Wed, 27 Nov 2024 13:18:38 +0100 (CET) Date: Wed, 27 Nov 2024 13:18:38 +0100 From: Jan Kara To: Amir Goldstein Cc: Jan Kara , Josef Bacik , kernel-team@fb.com, linux-fsdevel@vger.kernel.org, brauner@kernel.org, torvalds@linux-foundation.org, viro@zeniv.linux.org.uk, linux-xfs@vger.kernel.org, linux-btrfs@vger.kernel.org, linux-mm@kvack.org, linux-ext4@vger.kernel.org Subject: Re: [PATCH v8 10/19] fanotify: introduce FAN_PRE_ACCESS permission event Message-ID: <20241127121838.3fmhjx26cfxcegro@quack3> References: <20241121104428.wtlrfhadcvipkjia@quack3> <20241121163618.ubz7zplrnh66aajw@quack3> <20241122124215.3k3udv5o6eys6ffy@quack3> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Rspamd-Action: no action X-Rspamd-Queue-Id: 8C78714000B X-Stat-Signature: 8c6gcb1en6iguusk5umef99torynikkn X-Rspam-User: X-Rspamd-Server: rspam11 X-HE-Tag: 1732709916-253761 X-HE-Meta: U2FsdGVkX1++ii3T9/R+w81QzVixbcAJSfmp7IHQHst4wxJCHIXjB6A6wHxWiG/ORUv3l9nVvkxqmQUPRPYlX1mEIeggBE8+Ki/kdN6FHhIe1vzYKjoObmZbLO8uLN+ynoQwfFl2a7SAOGjVbsW4MuFIHY098V8ViTZ/I6waGyqWm7vl4q0FUqdV2KbAUNQGCaFIHE4gN+eBg0VudxZKayX5kA/l9jblix8cvSVWTiFvhLMLO7/+cHinFpB8Zs8N1GZ+t8m27tTkr58iQHOLNkeFPPN39MSZenQOJw+7JPMYC6vgQEN97+Cs3x6ya3WXj+ZKTc6g3ygm5Vw51quzGhdVbJ/ZsWnNx5rqY/oEdPQl0etr4mqjc/1aB6hj7QPNrKwEtZX/sJLGQp4K7ZTeewjr2NhjhrNlJ37QLD7KpSeo8rccC0K+6XDf24Liy3WdUqTwpFmURqL8IJAjNTVwQOc2rd3SrR8OJezeawKsmnsd4Ukyow7mVCxF2OBFb+OqUIc/at6vceuEC5nGmFL2kXvW3KzIJOK6XsGAP+GTPH4M1DDumiWAb8hCvzD3vG9tYyJfBIR6flpEGG+V7P/cJF++tV/jG5ll/BiJBGjBovDEtlx083UQ1tXKO/9lPbFZVl0LcAN3VHVNnr3Cm17sCDWBg2AXfybREw/Kq+UXy0SITko8vePWJQq3SVxVzF75alWf8DLnuzNsZ1h3/t1sik15KIN7ZsmqSZiBwg4DGDDOpLTshJa5lq1tPUSJipAh34RwILtJ2QUsQi2G36Hu/wvIDGtID+uBjQgPH8wYL68ZOQ9ZuAD2DUmX5FAxMlUBWndhxvAdoBFRDm3/TwzmUvhyj+NWAihX+SXWtflwUDG72q97W/kKPXLGSWY7KNPXRFI2jTTyoF/fh+Yn+u3qJofvtuCSHyhJjQy4aI0TnhW4CkFyl+kJJUqz/S3eC+8AxPKDYFjtpuejwrM1G/K JfI6fBxh jrkzsCo7MVRohYcuHjk1/ekleDD+uh7eRbp25fp8gauxap5Rml13ITJhF+YyzWPvdAwO7L6PLTw4+XxmbIuUglwkrg9VSWuXH82kmOAQV2hKOfr79gBDdP8cNqD335x0meAHcfhdIXWTNWHL+ivYJsM9rIPeEUBZFG7oJtR2M87S169zk4WSPZfqFdSjYr6Yfvuu0WvxhVCpynGM/LyH2jdts0ahkoLh7gopvzpg1gp+e1cnCbmc8tOcrJ4+Jqg/UIR2bphgVnj10HCdNYdp8FBtDmxpu6N5eNa+vdStmUgHZtmqmHXz51PTQ3weHzUn0KTyNpbKAgOc6e+4e+4AO57Wd1la8m7tejsAKHPIkeY/rZoG3BjCezfkdxz9b7+lNi3KQmiIz4ekzdUR6IoE6QstuFG/yTgqhs3WxXgaY97hg4e8ljFfMxN9OGA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri 22-11-24 14:51:23, Amir Goldstein wrote: > On Fri, Nov 22, 2024 at 1:42 PM Jan Kara wrote: > > > > On Thu 21-11-24 19:37:43, Amir Goldstein wrote: > > > On Thu, Nov 21, 2024 at 7:31 PM Amir Goldstein wrote: > > > > On Thu, Nov 21, 2024 at 5:36 PM Jan Kara wrote: > > > > > On Thu 21-11-24 15:18:36, Amir Goldstein wrote: > > > > > > On Thu, Nov 21, 2024 at 11:44 AM Jan Kara wrote: > > > > > > and also always emitted ACCESS_PERM. > > > > > > > > > > I know that and it's one of those mostly useless events AFAICT. > > > > > > > > > > > my POC is using that PRE_ACCESS to populate > > > > > > directories on-demand, although the functionality is incomplete without the > > > > > > "populate on lookup" event. > > > > > > > > > > Exactly. Without "populate on lookup" doing "populate on readdir" is ok for > > > > > a demo but not really usable in practice because you can get spurious > > > > > ENOENT from a lookup. > > > > > > > > > > > > avoid the mistake of original fanotify which had some events available on > > > > > > > directories but they did nothing and then you have to ponder hard whether > > > > > > > you're going to break userspace if you actually start emitting them... > > > > > > > > > > > > But in any case, the FAN_ONDIR built-in filter is applicable to PRE_ACCESS. > > > > > > > > > > Well, I'm not so concerned about filtering out uninteresting events. I'm > > > > > more concerned about emitting the event now and figuring out later that we > > > > > need to emit it in different places or with some other info when actual > > > > > production users appear. > > > > > > > > > > But I've realized we must allow pre-content marks to be placed on dirs so > > > > > that such marks can be placed on parents watching children. What we'd need > > > > > to forbid is a combination of FAN_ONDIR and FAN_PRE_ACCESS, wouldn't we? > > > > > > > > Yes, I think that can work well for now. > > > > > > > > > > Only it does not require only check at API time that both flags are not > > > set, because FAN_ONDIR can be set earlier and then FAN_PRE_ACCESS > > > can be added later and vice versa, so need to do this in > > > fanotify_may_update_existing_mark() AFAICT. > > > > I have now something like: > > > > @@ -1356,7 +1356,7 @@ static int fanotify_group_init_error_pool(struct fsnotify_group *group) > > } > > > > static int fanotify_may_update_existing_mark(struct fsnotify_mark *fsn_mark, > > - unsigned int fan_flags) > > + __u32 mask, unsigned int fan_flags) > > { > > /* > > * Non evictable mark cannot be downgraded to evictable mark. > > @@ -1383,6 +1383,11 @@ static int fanotify_may_update_existing_mark(struct fsnotify_mark *fsn_mark, > > fsn_mark->flags & FSNOTIFY_MARK_FLAG_IGNORED_SURV_MODIFY) > > return -EEXIST; > > > > + /* For now pre-content events are not generated for directories */ > > + mask |= fsn_mark->mask; > > + if (mask & FANOTIFY_PRE_CONTENT_EVENTS && mask & FAN_ONDIR) > > + return -EEXIST; > > + > > EEXIST is going to be confusing if there was never any mark. > Either return -EINVAL here or also check this condition on the added mask > itself before calling fanotify_add_mark() and return -EINVAL there. > > I prefer two distinct errors, but probably one is also good enough. That's actually a good point. My previous change allowed setting FAN_PRE_ACCESS | FAN_ONDIR on a new mark because that doesn't get to fanotify_may_update_existing_mark(). So I now have: diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c index 0919ea735f4a..38a46865408e 100644 --- a/fs/notify/fanotify/fanotify_user.c +++ b/fs/notify/fanotify/fanotify_user.c @@ -1356,7 +1356,7 @@ static int fanotify_group_init_error_pool(struct fsnotify_group *group) } static int fanotify_may_update_existing_mark(struct fsnotify_mark *fsn_mark, - unsigned int fan_flags) + __u32 mask, unsigned int fan_flags) { /* * Non evictable mark cannot be downgraded to evictable mark. @@ -1383,6 +1383,11 @@ static int fanotify_may_update_existing_mark(struct fsnotify_mark *fsn_mark, fsn_mark->flags & FSNOTIFY_MARK_FLAG_IGNORED_SURV_MODIFY) return -EEXIST; + /* For now pre-content events are not generated for directories */ + mask |= fsn_mark->mask; + if (mask & FANOTIFY_PRE_CONTENT_EVENTS && mask & FAN_ONDIR) + return -EEXIST; + return 0; } @@ -1409,7 +1414,7 @@ static int fanotify_add_mark(struct fsnotify_group *group, /* * Check if requested mark flags conflict with an existing mark flags. */ - ret = fanotify_may_update_existing_mark(fsn_mark, fan_flags); + ret = fanotify_may_update_existing_mark(fsn_mark, mask, fan_flags); if (ret) goto out; @@ -1905,6 +1910,10 @@ static int do_fanotify_mark(int fanotify_fd, unsigned int flags, __u64 mask, if (mask & FAN_RENAME && !(fid_mode & FAN_REPORT_NAME)) goto fput_and_out; + /* Pre-content events are not currently generated for directories. */ + if (mask & FANOTIFY_PRE_CONTENT_EVENTS && mask & FAN_ONDIR) + goto fput_and_out; + if (mark_cmd == FAN_MARK_FLUSH) { ret = 0; if (mark_type == FAN_MARK_MOUNT) -- 2.35.3 Honza -- Jan Kara SUSE Labs, CR