From: Amir Goldstein <amir73il@gmail.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Josef Bacik <josef@toxicpanda.com>,
kernel-team@fb.com, linux-fsdevel@vger.kernel.org, jack@suse.cz,
brauner@kernel.org, linux-xfs@vger.kernel.org,
linux-btrfs@vger.kernel.org, linux-mm@kvack.org,
linux-ext4@vger.kernel.org
Subject: Re: [PATCH v7 07/18] fsnotify: generate pre-content permission event on open
Date: Wed, 13 Nov 2024 00:40:52 +0100 [thread overview]
Message-ID: <CAOQ4uxgakk8pW39JkjL1Up-dGZtTDn06QAQvX8p0fVZksCzA9Q@mail.gmail.com> (raw)
In-Reply-To: <CAHk-=wgNFNYinkWCUvT2UnH2E2K_qPexEPgrm-xgr68YXnEQ_g@mail.gmail.com>
On Tue, Nov 12, 2024 at 8:54 PM Linus Torvalds
<torvalds@linux-foundation.org> wrote:
>
> On Tue, 12 Nov 2024 at 09:56, Josef Bacik <josef@toxicpanda.com> wrote:
> >
> > + /*
> > + * This permission hook is different than fsnotify_open_perm() hook.
> > + * This is a pre-content hook that is called without sb_writers held
> > + * and after the file was truncated.
> > + */
> > + return fsnotify_file_area_perm(file, MAY_OPEN, &file->f_pos, 0);
> > }
>
> I still object to this all.
>
> You can't say "permission denied" after you've already truncated the
> file. It's not a sane model. I complained about that earlier, it seems
> that complaint was missed in the other complaints.
>
Not missed.
I answered here:
https://lore.kernel.org/linux-fsdevel/CAOQ4uxg0k4bGz6zOKS+Qt5BjEqDdUhvgG+5pLBPqSCcnQdffig@mail.gmail.com/
Starting with "...I understand why it seems stupid..."
Nevertheless, we can also drop this patch for now,
I don't think the post-open is a must-have hook for HSM.
> Also, this whole "This permission hook is different than
> fsnotify_open_perm() hook" statement is purely because
> fsnotify_open_perm() itself was broken and called from the wrong place
> as mentioned in the other email.
>
You wrote it should be called "in the open path" - that is ambiguous.
pre-content hook must be called without sb_writers held, so current
(in linux-next) location of fsnotify_open_perm() is not good in case of
O_CREATE flag, so I am not sure where a good location is.
Easier is to drop this patch.
> Fix *THAT* first, then unify the two places that should *not* be
> different into one single "this is the fsnotify_open" code. And that
> place explicitly sets that FMODE_NOTIFY_PERM bit, and makes sure that
> it does *not* set it for FMODE_NONOTIFY or FMODE_PATH cases.
>
> And then please work on making sure that that isn't called unless
> actually required.
>
> The actual real "pre-content permission events" should then ONLY test
> the FMODE_NOTIFY_PERM bit. Nothing else. None of this "re-use the
> existing fsnotify_file() logic" stuff. Noe extra tests, no extra
> logic.
>
> Don't make me jump through filve layers of inline functions that all
> test different 'mask' bits, just to verify that the open / read /
> write paths don't do something stupid.
>
> IOW, make it straightforward and obvious what you are doing, and make
> it very clear that you're not pointlessly testing things like
> FMODE_NONOTIFY when the *ONLY* thing that should be tested is whether
> FMODE_NOTIFY_PERM is set.
>
> Please.
Yes. Clear.
Thanks for taking the time to look closer.
and thanks for the feedback,
Amir.
next prev parent reply other threads:[~2024-11-12 23:41 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-12 17:55 [PATCH v7 00/18] fanotify: add pre-content hooks Josef Bacik
2024-11-12 17:55 ` [PATCH v7 01/18] fsnotify: opt-in for permission events at file_open_perm() time Josef Bacik
2024-11-12 19:45 ` Linus Torvalds
2024-11-12 22:37 ` Amir Goldstein
2024-11-12 17:55 ` [PATCH v7 02/18] fanotify: don't skip extra event info if no info_mode is set Josef Bacik
2024-11-12 17:55 ` [PATCH v7 03/18] fanotify: rename a misnamed constant Josef Bacik
2024-11-12 17:55 ` [PATCH v7 04/18] fanotify: reserve event bit of deprecated FAN_DIR_MODIFY Josef Bacik
2024-11-12 17:55 ` [PATCH v7 05/18] fsnotify: introduce pre-content permission events Josef Bacik
2024-11-12 20:12 ` Linus Torvalds
2024-11-12 23:06 ` Amir Goldstein
2024-11-12 23:48 ` Linus Torvalds
2024-11-13 0:05 ` Amir Goldstein
2024-11-13 16:57 ` Linus Torvalds
2024-11-13 18:49 ` Amir Goldstein
2024-11-14 15:01 ` Jan Kara
2024-11-14 17:22 ` Amir Goldstein
2024-11-13 0:12 ` Al Viro
2024-11-13 0:23 ` Linus Torvalds
2024-11-13 0:38 ` Linus Torvalds
2024-11-13 1:19 ` Al Viro
2024-11-13 4:30 ` Al Viro
2024-11-13 8:50 ` Amir Goldstein
2024-11-13 14:36 ` Amir Goldstein
2024-11-13 20:31 ` Al Viro
2024-11-13 10:10 ` Christian Brauner
2024-11-20 11:09 ` Christian Brauner
2024-11-20 11:36 ` Amir Goldstein
2024-11-13 19:11 ` Amir Goldstein
2024-11-13 21:22 ` Linus Torvalds
2024-11-13 22:35 ` Amir Goldstein
2024-11-13 23:07 ` Linus Torvalds
2024-11-12 17:55 ` [PATCH v7 06/18] fsnotify: pass optional file access range in pre-content event Josef Bacik
2024-11-12 17:55 ` [PATCH v7 07/18] fsnotify: generate pre-content permission event on open Josef Bacik
2024-11-12 19:54 ` Linus Torvalds
2024-11-12 23:40 ` Amir Goldstein [this message]
2024-11-13 0:58 ` Linus Torvalds
2024-11-13 10:12 ` Amir Goldstein
2024-11-12 17:55 ` [PATCH v7 08/18] fsnotify: generate pre-content permission event on truncate Josef Bacik
2024-11-12 17:55 ` [PATCH v7 09/18] fanotify: introduce FAN_PRE_ACCESS permission event Josef Bacik
2024-11-15 11:28 ` Amir Goldstein
2024-11-15 11:47 ` Jan Kara
2024-11-12 17:55 ` [PATCH v7 10/18] fanotify: report file range info with pre-content events Josef Bacik
2024-11-12 17:55 ` [PATCH v7 11/18] fanotify: allow to set errno in FAN_DENY permission response Josef Bacik
2024-11-12 17:55 ` [PATCH v7 12/18] fanotify: add a helper to check for pre content events Josef Bacik
2024-11-13 18:33 ` Amir Goldstein
2024-11-12 17:55 ` [PATCH v7 13/18] fanotify: disable readahead if we have pre-content watches Josef Bacik
2024-11-12 17:55 ` [PATCH v7 14/18] mm: don't allow huge faults for files with pre content watches Josef Bacik
2024-11-12 17:55 ` [PATCH v7 15/18] fsnotify: generate pre-content permission event on page fault Josef Bacik
2024-11-12 17:55 ` [PATCH v7 16/18] xfs: add pre-content fsnotify hook for write faults Josef Bacik
2024-11-12 17:55 ` [PATCH v7 17/18] btrfs: disable defrag on pre-content watched files Josef Bacik
2024-11-12 17:55 ` [PATCH v7 18/18] fs: enable pre-content events on supported file systems Josef Bacik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAOQ4uxgakk8pW39JkjL1Up-dGZtTDn06QAQvX8p0fVZksCzA9Q@mail.gmail.com \
--to=amir73il@gmail.com \
--cc=brauner@kernel.org \
--cc=jack@suse.cz \
--cc=josef@toxicpanda.com \
--cc=kernel-team@fb.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-xfs@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox