From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 90AD8D42BBF for ; Tue, 12 Nov 2024 19:46:19 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 228C76B009A; Tue, 12 Nov 2024 14:46:19 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 1D8766B00AD; Tue, 12 Nov 2024 14:46:19 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 053156B00AF; Tue, 12 Nov 2024 14:46:18 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id D99BE6B009A for ; Tue, 12 Nov 2024 14:46:18 -0500 (EST) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 9346C4059D for ; Tue, 12 Nov 2024 19:46:18 +0000 (UTC) X-FDA: 82778473134.10.0E9A860 Received: from mail-lf1-f45.google.com (mail-lf1-f45.google.com [209.85.167.45]) by imf03.hostedemail.com (Postfix) with ESMTP id 24AE12000A for ; Tue, 12 Nov 2024 19:45:56 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=google header.b=DQvUfaY6; spf=pass (imf03.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.167.45 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1731440583; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=JlJJ+zcJgVAM09bT3idZLHPWsiy7qwqX02nyVSrJZ4I=; b=a2pa17T5oQ5IE/J3mI2UooZcWDUXIHJXG2qDuSBxWRfw7B0JTBYj2PH4AdS4Mldy/kvWIe TcInvIbgQ8KUhmisjtatWT44UW2IzFCAN4JHEjgMAFc6N9h41ff5VIhlSGcUtfzlizAxF6 OjTt28aiMtmt7mCPQ80xDu2gYI564eI= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=google header.b=DQvUfaY6; spf=pass (imf03.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.167.45 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1731440583; a=rsa-sha256; cv=none; b=2ndBjLBzI9ukKTSgIL8/qMb+6/445KVjWrRYJxDBohw6eS5XD7whAcaEmby7uLSKGxndnD kYmyJ8rHlz/PrECZ0UAqjx1F/LAuehYPNkUG13HZiDePtRFfpyquRSKysqB8fi403aBend 2YNFre8HP6W2qVBJVwxVUkeqqaA9fzA= Received: by mail-lf1-f45.google.com with SMTP id 2adb3069b0e04-53d8c08cfc4so3484377e87.3 for ; Tue, 12 Nov 2024 11:46:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; t=1731440774; x=1732045574; darn=kvack.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=JlJJ+zcJgVAM09bT3idZLHPWsiy7qwqX02nyVSrJZ4I=; b=DQvUfaY6gRxAXBK7xoGrFYkjhthH7pVsMUhyqt99Le0EdANDgfyq6tpF0NATpAxdY/ abJVzhGfMNXkdsqN+PmKUdzMGGsmTjSpzoWLBTz2bANDCPDIlpCbrRvI+F36qeJ8ONj3 CPV4qTTR700vk5rA79KJUT4vxBGwoqMq/+rrI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731440774; x=1732045574; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=JlJJ+zcJgVAM09bT3idZLHPWsiy7qwqX02nyVSrJZ4I=; b=b5TrnMiFipnK7yrBuULDcMdMJFpWrpxgoqDX13DQf8O8ZakSXFulU+cjBn3LBTHFIf /TR+cEDSblB0GgIN5dBj0F7I8nz1ARaBlwqq3XPz/wSCSvZCcjwHiCF2x97yFiQJ/Ah6 VckfX76zk4I8tVbYxaHUrcl13XnsEygUnvS1S+RAjLTzltkDYFVTotiy2KGKd4/rJDmG qnlaVJdftUE1s1HcLZCwZUWkcmuhQjLhaNMyhZOXEqX6I6xABpnnT7PMlo136Q9DCVYN YrL57rKCzEnL52hIBpLgrSc14vnKtLRK8h2g12jkKD/bdFnqRvavSZhbaUwQadgPo87M v08Q== X-Forwarded-Encrypted: i=1; AJvYcCW1284EE5kkWYFjFEvNw60aPz02zd2mRX50JeReRB8KBITwbEnuh6fdpHOEh0Ib/loYSvTY99PoLA==@kvack.org X-Gm-Message-State: AOJu0YxUJ72ttsyCgTN93nG1Xvg6stkVb8g5394ezUKqoqMCnfH+K3fB jzyZwKGm8oBKiDplX0J1Fd15u7RHaJiSt4nSCoFSvZV5JO81Oh6D7kJCdjcFOjYbpfRn9M1OmdF KYggylQ== X-Google-Smtp-Source: AGHT+IFWvljmSexgQ7oQWo04F0JyecfkLNOnUhHixMCP7F5HFep1nYqd+fMLqlRjSnTUyUrFzrXaiQ== X-Received: by 2002:a05:6512:238c:b0:536:7a24:8e82 with SMTP id 2adb3069b0e04-53d862d31f3mr9287775e87.13.1731440774185; Tue, 12 Nov 2024 11:46:14 -0800 (PST) Received: from mail-lf1-f54.google.com (mail-lf1-f54.google.com. [209.85.167.54]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-53d82685ed0sm2003370e87.96.2024.11.12.11.46.12 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 12 Nov 2024 11:46:13 -0800 (PST) Received: by mail-lf1-f54.google.com with SMTP id 2adb3069b0e04-539fe76e802so6808023e87.1 for ; Tue, 12 Nov 2024 11:46:12 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCWunF7B3rWZ/EL8MZ6oWOZo3vBJHyIs1+AJ7U25NRWgo5OQMxzCC0LcfTCBZAzkmBP9Yejiq0Uu9Q==@kvack.org X-Received: by 2002:a05:6512:3d89:b0:539:d870:9a51 with SMTP id 2adb3069b0e04-53d86302f33mr8492323e87.48.1731440772062; Tue, 12 Nov 2024 11:46:12 -0800 (PST) MIME-Version: 1.0 References: <8c8e9452d153a1918470cbe52a8eb6505c675911.1731433903.git.josef@toxicpanda.com> In-Reply-To: <8c8e9452d153a1918470cbe52a8eb6505c675911.1731433903.git.josef@toxicpanda.com> From: Linus Torvalds Date: Tue, 12 Nov 2024 11:45:55 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v7 01/18] fsnotify: opt-in for permission events at file_open_perm() time To: Josef Bacik Cc: kernel-team@fb.com, linux-fsdevel@vger.kernel.org, jack@suse.cz, amir73il@gmail.com, brauner@kernel.org, linux-xfs@vger.kernel.org, linux-btrfs@vger.kernel.org, linux-mm@kvack.org, linux-ext4@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 24AE12000A X-Stat-Signature: pzkkawxk8njrsgo6pnzyomu4c9zht4f3 X-Rspam-User: X-HE-Tag: 1731440756-836113 X-HE-Meta: U2FsdGVkX18SHY/ksU5f+K0tPWOdoLKR+BP/tosPdtZK0bXrIJ3/SrEtwJ8mya/Q3fj1uUUcwWFBirvUo71E6cRl6AAObp4+kguY9fepvCHm/0j+sYNlzXe265oItsABuSjVwdfGZPzzY72+lWvIoSmfZ5lKzIwOiUs2D1MU5w9iuU44GzX0CCWwpMk97jM1c6xi/ZvSBmUEd6C8nbn7ZvaDXDCpvnJr+Rf1I49yfbRxZ70njwrXEHiHDuDffrIdCOssdoDFAWVQwPCWXxi4D3WHdewYg1f4OzJSfY/hh70Ip02bgC1f0PzmVCs6jboR1T2H1esHvAc9ssOiH7JvQ+zrZS3zBS22guI7vYDzlxiVG2TUZGZcGCsmf1sOzXEYwTCIopvwphIDAvo1hlDgRozTJWKN8uOY9PUJQntiWfGPT5AlcRa0NmC7kKIr2sB3ePfN7m7odi3T7ArnUQywrTaguWVwNpdovUUHNppJFNZYPoVkb9t1fWrRazj5cfqhV13LR3+IBLsJPQp4/klQ0EjnxF+5Ad5xWgo5N0eWn2xI6s734nUgtYMGjdc8whJC68lqkmAmEp8uFZpG78mf9TGwSl0Dad1B916Nv7ky8pRimcIgDwYEl0t7G7n1dAlNIFvOPBu83BEQRsM1hSIA9hUQJ+u5Ftp/xwImsu4wCzxrFQIVZd7RcP5/uAYZjqxR2+vGieT/uZ+/bEDAiDIQI6017a61J34DG1AHkn7uQnSoAj6y4FWUsLlM1wIvjgGmjC5j+a7NkdPontvL6UhJmUhp+IQ91brIiMf6BpRwx/2UhGG3n+M0IFWTFSopm37hDQrCGdxUvbP4yOs8wEtsooRrT/pgnounxdNX3fOZQAQt/4FHJrksIDsGdUp41jP+wibBsgd5HxiOh2pXbR2uTqXJC22kqs67+O+v3RgWPNx+l4HB/leX17FDh17ZrZdqiZ0oFDBKnYJAXGosiIQ XgA9o5qt sSB0VpEzx8pd/lerB9l8Amdhu44xy30e7yVVPigxqWMHYkpfCg11HwC/VTTcAGYtaLn2/3ekfT/6bYzhKwALhRk49LzlIRrr38tl3OhqPOlVirrvbMagQ6v19ac9xfNPWBp2axGAX0rVKWR8QZPpj+QkyMyNHp/UjEHq5BbmWtHB3Z7Hthkk3ZpqNchBHGTWUnebiOF984Ny/NY8ShLcCPo8tre6YNBKg2Gd5HYbsTG6nS4HQ9pkO5/3PrPiqcPovUq5dRdGAIyNm5vl08ZsS2mRtY+ScsNgtdN00YcHKUK5iLlDLR+6gM+pk2huKTS6Tn1u3LYqhj2rItjeWWR6Ne6i1aMC3kDnDEH5/cnXs4h1KTg3W58aFWEVd+Gy2SX34is+9Jn0pz7mcycSaEygUcWbp3xn6ob7xVHa4Tv3L9xR5A7C0OZgEeRYxcRx8PCZW6FZhYAh6n8UizJuYVjcKHMDFDv4vesnsjqNUbclD+jG2UnR7a/ApU9wjvmZ4cYBSovvFpPXMwlKInOI2UlOLI2b3JxzC9K+GewhInTmJqlhRyk5hH2HMuxRZKPN0rtyHitec0UXYNzAQ2PE= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000021, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, 12 Nov 2024 at 09:56, Josef Bacik wrote: > > @@ -119,14 +118,37 @@ static inline int fsnotify_file(struct file *file, __u32 mask) > * handle creation / destruction events and not "real" file events. > */ > if (file->f_mode & (FMODE_NONOTIFY | FMODE_PATH)) > + return false; > + > + /* Permission events require that watches are set before FS_OPEN_PERM */ > + if (mask & ALL_FSNOTIFY_PERM_EVENTS & ~FS_OPEN_PERM && > + !(file->f_mode & FMODE_NOTIFY_PERM)) > + return false; This still all looks very strange. As far as I can tell, there is exactly one user of FS_OPEN_PERM in 'mask', and that's fsnotify_open_perm(). Which is called in exactly one place: security_file_open(), which is the wrong place to call it anyway and is the only place where fsnotify is called from the security layer. In fact, that looks like an active bug: if you enable FSNOTIFY, but you *don't* enable CONFIG_SECURITY, the whole fsnotify_open_perm() will never be called at all. And I just verified that yes, you can very much generate such a config. So the whole FS_OPEN_PERM thing looks like a special case, called from a (broken) special place, and now polluting this "fsnotify_file()" logic for no actual reason and making it all look unnecessarily messy. I'd suggest that the whole fsnotify_open_perm() simply be moved to where it *should* be - in the open path - and not make a bad and broken attempt at hiding inside the security layer, and not use this "fsnotify_file()" logic at all. The open-time logic is different. It shouldn't even attempt - badly - to look like it's the same thing as some regular file access. Linus