From: Josef Bacik <josef@toxicpanda.com>
To: kernel-team@fb.com, linux-fsdevel@vger.kernel.org, jack@suse.cz,
amir73il@gmail.com, brauner@kernel.org,
torvalds@linux-foundation.org, linux-xfs@vger.kernel.org,
linux-btrfs@vger.kernel.org, linux-mm@kvack.org,
linux-ext4@vger.kernel.org
Subject: [PATCH v6 07/17] fsnotify: generate pre-content permission event on truncate
Date: Mon, 11 Nov 2024 15:17:56 -0500 [thread overview]
Message-ID: <95769c056a65cbc2d6ca6aa1fb66918acbe5ad0e.1731355931.git.josef@toxicpanda.com> (raw)
In-Reply-To: <cover.1731355931.git.josef@toxicpanda.com>
From: Amir Goldstein <amir73il@gmail.com>
Generate FS_PRE_ACCESS event before truncate, without sb_writers held.
Move the security hooks also before sb_start_write() to conform with
other security hooks (e.g. in write, fallocate).
The event will have a range info of the page surrounding the new size
to provide an opportunity to fill the conetnt at the end of file before
truncating to non-page aligned size.
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
---
fs/open.c | 31 +++++++++++++++++++++----------
include/linux/fsnotify.h | 32 ++++++++++++++++++++++----------
2 files changed, 43 insertions(+), 20 deletions(-)
diff --git a/fs/open.c b/fs/open.c
index c822f88d4c1d..51103ba339d0 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -81,14 +81,18 @@ long vfs_truncate(const struct path *path, loff_t length)
if (!S_ISREG(inode->i_mode))
return -EINVAL;
- error = mnt_want_write(path->mnt);
- if (error)
- goto out;
-
idmap = mnt_idmap(path->mnt);
error = inode_permission(idmap, inode, MAY_WRITE);
if (error)
- goto mnt_drop_write_and_out;
+ return error;
+
+ error = fsnotify_truncate_perm(path, length);
+ if (error)
+ return error;
+
+ error = mnt_want_write(path->mnt);
+ if (error)
+ return error;
error = -EPERM;
if (IS_APPEND(inode))
@@ -114,7 +118,7 @@ long vfs_truncate(const struct path *path, loff_t length)
put_write_access(inode);
mnt_drop_write_and_out:
mnt_drop_write(path->mnt);
-out:
+
return error;
}
EXPORT_SYMBOL_GPL(vfs_truncate);
@@ -175,11 +179,18 @@ long do_ftruncate(struct file *file, loff_t length, int small)
/* Check IS_APPEND on real upper inode */
if (IS_APPEND(file_inode(file)))
return -EPERM;
- sb_start_write(inode->i_sb);
+
error = security_file_truncate(file);
- if (!error)
- error = do_truncate(file_mnt_idmap(file), dentry, length,
- ATTR_MTIME | ATTR_CTIME, file);
+ if (error)
+ return error;
+
+ error = fsnotify_truncate_perm(&file->f_path, length);
+ if (error)
+ return error;
+
+ sb_start_write(inode->i_sb);
+ error = do_truncate(file_mnt_idmap(file), dentry, length,
+ ATTR_MTIME | ATTR_CTIME, file);
sb_end_write(inode->i_sb);
return error;
diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
index 1e87a54b88b6..fbcdddb9601a 100644
--- a/include/linux/fsnotify.h
+++ b/include/linux/fsnotify.h
@@ -132,17 +132,14 @@ static inline int fsnotify_file(struct file *file, __u32 mask)
}
#ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS
-static inline int fsnotify_pre_content(const struct file *file,
+static inline int fsnotify_pre_content(const struct path *path,
const loff_t *ppos, size_t count)
{
- struct inode *inode = file_inode(file);
+ struct inode *inode = d_inode(path->dentry);
struct file_range range;
const void *data;
int data_type;
- if (file->f_mode & FMODE_NONOTIFY)
- return 0;
-
/*
* Pre-content events are only reported for regular files and dirs
* if there are any pre-content event watchers on this sb.
@@ -155,18 +152,17 @@ static inline int fsnotify_pre_content(const struct file *file,
/* Report page aligned range only when pos is known */
if (ppos) {
- range.path = &file->f_path;
+ range.path = path;
range.pos = PAGE_ALIGN_DOWN(*ppos);
range.count = PAGE_ALIGN(*ppos + count) - range.pos;
data = ⦥
data_type = FSNOTIFY_EVENT_FILE_RANGE;
} else {
- data = &file->f_path;
+ data = path;
data_type = FSNOTIFY_EVENT_PATH;
}
- return fsnotify_parent(file->f_path.dentry, FS_PRE_ACCESS,
- data, data_type);
+ return fsnotify_parent(path->dentry, FS_PRE_ACCESS, data, data_type);
}
/*
@@ -184,11 +180,14 @@ static inline int fsnotify_file_area_perm(struct file *file, int perm_mask,
*/
lockdep_assert_once(file_write_not_started(file));
+ if (file->f_mode & FMODE_NONOTIFY)
+ return 0;
+
/*
* read()/write and other types of access generate pre-content events.
*/
if (perm_mask & (MAY_READ | MAY_WRITE | MAY_ACCESS | MAY_OPEN)) {
- int ret = fsnotify_pre_content(file, ppos, count);
+ int ret = fsnotify_pre_content(&file->f_path, ppos, count);
if (ret)
return ret;
@@ -204,6 +203,14 @@ static inline int fsnotify_file_area_perm(struct file *file, int perm_mask,
return fsnotify_file(file, FS_ACCESS_PERM);
}
+/*
+ * fsnotify_truncate_perm - permission hook before file truncate
+ */
+static inline int fsnotify_truncate_perm(const struct path *path, loff_t length)
+{
+ return fsnotify_pre_content(path, &length, 0);
+}
+
/*
* fsnotify_file_perm - permission hook before file access (unknown range)
*/
@@ -235,6 +242,11 @@ static inline int fsnotify_file_area_perm(struct file *file, int perm_mask,
return 0;
}
+static inline int fsnotify_truncate_perm(const struct path *path, loff_t length)
+{
+ return 0;
+}
+
static inline int fsnotify_file_perm(struct file *file, int perm_mask)
{
return 0;
--
2.43.0
next prev parent reply other threads:[~2024-11-11 20:19 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-11 20:17 [PATCH v6 00/17] fanotify: add pre-content hooks Josef Bacik
2024-11-11 20:17 ` [PATCH v6 01/17] fanotify: don't skip extra event info if no info_mode is set Josef Bacik
2024-11-11 20:17 ` [PATCH v6 02/17] fanotify: rename a misnamed constant Josef Bacik
2024-11-11 20:17 ` [PATCH v6 03/17] fanotify: reserve event bit of deprecated FAN_DIR_MODIFY Josef Bacik
2024-11-11 20:17 ` [PATCH v6 04/17] fsnotify: introduce pre-content permission events Josef Bacik
2024-11-11 20:17 ` [PATCH v6 05/17] fsnotify: pass optional file access range in pre-content event Josef Bacik
2024-11-11 20:17 ` [PATCH v6 06/17] fsnotify: generate pre-content permission event on open Josef Bacik
2024-11-11 21:51 ` Linus Torvalds
2024-11-11 22:46 ` Josef Bacik
2024-11-11 23:22 ` Linus Torvalds
2024-11-11 23:39 ` Linus Torvalds
2024-11-11 23:59 ` Amir Goldstein
2024-11-12 0:37 ` Linus Torvalds
2024-11-12 8:11 ` Amir Goldstein
2024-11-12 13:54 ` Jan Kara
2024-11-12 14:42 ` Amir Goldstein
2024-11-12 14:28 ` Jan Kara
2024-11-12 15:24 ` Josef Bacik
2024-11-12 17:27 ` Linus Torvalds
2024-11-11 23:36 ` Amir Goldstein
2024-11-11 20:17 ` Josef Bacik [this message]
2024-11-11 20:17 ` [PATCH v6 08/17] fanotify: introduce FAN_PRE_ACCESS permission event Josef Bacik
2024-11-11 20:17 ` [PATCH v6 09/17] fanotify: report file range info with pre-content events Josef Bacik
2024-11-11 20:17 ` [PATCH v6 10/17] fanotify: allow to set errno in FAN_DENY permission response Josef Bacik
2024-11-11 20:18 ` [PATCH v6 11/17] fanotify: add a helper to check for pre content events Josef Bacik
2024-11-11 20:18 ` [PATCH v6 12/17] fanotify: disable readahead if we have pre-content watches Josef Bacik
2024-11-11 20:18 ` [PATCH v6 13/17] mm: don't allow huge faults for files with pre content watches Josef Bacik
2024-11-11 20:18 ` [PATCH v6 14/17] fsnotify: generate pre-content permission event on page fault Josef Bacik
2024-11-11 20:18 ` [PATCH v6 15/17] xfs: add pre-content fsnotify hook for write faults Josef Bacik
2024-11-11 20:18 ` [PATCH v6 16/17] btrfs: disable defrag on pre-content watched files Josef Bacik
2024-11-11 20:18 ` [PATCH v6 17/17] fs: enable pre-content events on supported file systems Josef Bacik
2024-11-11 20:27 ` [PATCH v6 00/17] fanotify: add pre-content hooks Amir Goldstein
2024-11-11 21:55 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=95769c056a65cbc2d6ca6aa1fb66918acbe5ad0e.1731355931.git.josef@toxicpanda.com \
--to=josef@toxicpanda.com \
--cc=amir73il@gmail.com \
--cc=brauner@kernel.org \
--cc=jack@suse.cz \
--cc=kernel-team@fb.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-xfs@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox