From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7ACD5D597B3 for ; Tue, 12 Nov 2024 22:37:38 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C465E6B00AD; Tue, 12 Nov 2024 17:37:37 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id BF5F26B00AE; Tue, 12 Nov 2024 17:37:37 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A97326B00AF; Tue, 12 Nov 2024 17:37:37 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 8D4A66B00AD for ; Tue, 12 Nov 2024 17:37:37 -0500 (EST) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 39E7380650 for ; Tue, 12 Nov 2024 22:37:37 +0000 (UTC) X-FDA: 82778903214.20.8170BCD Received: from mail-qt1-f178.google.com (mail-qt1-f178.google.com [209.85.160.178]) by imf01.hostedemail.com (Postfix) with ESMTP id 9C3BC40005 for ; Tue, 12 Nov 2024 22:37:02 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=O4d6dmhB; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf01.hostedemail.com: domain of amir73il@gmail.com designates 209.85.160.178 as permitted sender) smtp.mailfrom=amir73il@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1731450926; a=rsa-sha256; cv=none; b=3GHcabc83dEFKVqaVZVapxMDOfZCs4LF2iKR6sX/M/+1CSLFXDLI2MnQqWLsxtzaVasDXx swXCbS/tzP7DGnbezD/tWbdO41Zb5Nw+4IrgXODt7k11CHbX9/0rczjXM99+MkaaBewG1K QSnjoZWjJPt22jSE51OGqEO+9Il9nhA= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=O4d6dmhB; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf01.hostedemail.com: domain of amir73il@gmail.com designates 209.85.160.178 as permitted sender) smtp.mailfrom=amir73il@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1731450926; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=JsJ4qi0tKyd0z6dgveSDFEC/C40H7WEHG7mL/4zFsfM=; b=R4nLw4CvI8o8ezWYY/+aIiJ7mCJkcRaD/hMcR5aCsmKSsj+ZkZlEOO7YFGn9WADVU+ctg6 RAnUk0N7tAaHs43ORtGD/hXykwUFrVU0FzhXHZZUDxsLiIHFep1uAb4ZLq2TyQIkZexY0x lFKsgEBhkm4DRfnH+DIsuOh5BuwelU4= Received: by mail-qt1-f178.google.com with SMTP id d75a77b69052e-460ab1bc2aeso41740591cf.3 for ; Tue, 12 Nov 2024 14:37:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1731451054; x=1732055854; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=JsJ4qi0tKyd0z6dgveSDFEC/C40H7WEHG7mL/4zFsfM=; b=O4d6dmhBzO+WsNqcawGPK6HYzd2oL7fLX76ViA4RYv2iiRmuDQJjyv3haQeTraJ1vt dE/0D74mJG56AgsuAAcbYUWyEj/xYbdb6aopcYcR1ZZehW9Go6wNertYp5uT4aYcCiv+ 1s36+apgGb2cCh75zt7PYmAmB7uEwEz3+sIZ01co/TjBZSSoHGXVgGv1tDZjhS8Jx5GY KmAgqsjIDz60Na20csTJCcvIT7lQJHbRi0ZZW88q/6N5/geuz/rLQ5JbRNxiKsAHVuT7 IsSUKB079NOqLOyo8B7oZTlAVAM2/zbSjImYta2ldXNBxXbzXgwRVTDvhmTs/RS5lmGG 4MKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731451054; x=1732055854; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JsJ4qi0tKyd0z6dgveSDFEC/C40H7WEHG7mL/4zFsfM=; b=JTerOn/jMxlNiGuIJOyGd00XkpW6M9yS2MIBTt5009iL+qjzvm/uhiRLDYEF0i9ygm sM/T8I8HHuhk0B0uR5AT0LBAxca9xTeuwugFg2cAvXkbAqxoWr1I0+cWTWOyz37EhAe4 Or5H5aAvapUvu03JHkwcsMsrgIyU1bDiLqqfFhJXlYcCRG5hEcDvJ6K8tTK4hqAk+5p4 RtjEz9WhfJWx3rlifHipSlAM6UJD3EOc3Weai4RspIDefsXy5+aNjMx1LL60FhZX/6Yj F/OMDIydwgXM2MiUiz71z86zGUM/KLgrTbdxx9KnNxj27s48XVPBgQ/xASvDFQ5++TJA wbug== X-Forwarded-Encrypted: i=1; AJvYcCWbOybL1Oqha8MR6vExpveEvNGEzzKgGfY2/GjlbsPZBQowD9kBix9UR+clpktMeSWzFRtY0fmBAg==@kvack.org X-Gm-Message-State: AOJu0Yy/zgBFO4uWtmqz5iLKNljh7TD7QgLfvd+pTp3zv2ky7S9p4O6K /+xlQuWmL0yyTfJgrLFCoTfu032xQxngh7XCGGFUHc16bcQu37Dk55W1w8SSdZkiNzK3DNo2fBB wiSlEopDCwJt26qewJfqo1OlNQks= X-Google-Smtp-Source: AGHT+IET/tFAIWy1NMuNPLTnj95HbAr/sGehV2uRf9hScSchtuK/dDofnhh+PiANipLY45hJp1UT5T5IJchyMZUuD0U= X-Received: by 2002:a05:622a:4c08:b0:45f:3b3:49e6 with SMTP id d75a77b69052e-463093ef010mr274250321cf.41.1731451054504; Tue, 12 Nov 2024 14:37:34 -0800 (PST) MIME-Version: 1.0 References: <8c8e9452d153a1918470cbe52a8eb6505c675911.1731433903.git.josef@toxicpanda.com> In-Reply-To: From: Amir Goldstein Date: Tue, 12 Nov 2024 23:37:23 +0100 Message-ID: Subject: Re: [PATCH v7 01/18] fsnotify: opt-in for permission events at file_open_perm() time To: Linus Torvalds Cc: Josef Bacik , kernel-team@fb.com, linux-fsdevel@vger.kernel.org, jack@suse.cz, brauner@kernel.org, linux-xfs@vger.kernel.org, linux-btrfs@vger.kernel.org, linux-mm@kvack.org, linux-ext4@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 9C3BC40005 X-Stat-Signature: djcznyqxbiaa8qiy358qf47ryynz1dr4 X-Rspam-User: X-Rspamd-Server: rspam05 X-HE-Tag: 1731451022-38728 X-HE-Meta: U2FsdGVkX1+Q2C/RoOXqaPDSR/nl3c4xWzQoQubwieDiMfM0K4CDH5ASVzBb/p14hP0y//2aZOknTRfPdjqSf7upMFFn0KCTLzUe//0YkmgpiM3UhiT+uRxIEnyrL2pyp7l8mCuO1SqrluYyq78iGni0QtI/L+mut8HNmEQ63aJKSsgfzPBk8M9SqVMB82ULFzErcSjCfDQy4e0c7lrPUXVnExXwCYJp7T01l3WilXHX7A03nOW6nS2bqyHAQUkxULybIcqMACJ7QyDPflmfMbllxvQM/Pv7/vsnX5VgtAccD9UDD+KsRUYaoUEHQtnJjJVK3hNgnhWn914l9lxbOcnj78mgheAKKlH2/CUbflxVt3APuFoFhYQogJpi/MlDbXjvyM8AhMEgHPFJcyYW22Q7dyFHWvtXitNr7qmkwfNmJ+l0CiNHscBE6OtCG8S1ffmVBOHqE+6/WqFWOLuK8o79uQ6Sjx7iYOx+Vx3i/FFyJ7KvUkRY5Ap5t31WqlI0DGKlPiIajqAmKoiONDaIlTlmMsuvSNz1vbZ/HQSt90PYn2CiA2tlbT/vEMJPwTQheOX7nr2g4UTc83UzU1gYgcPLkN/3gSON2MjX4KoXnWwDqAZ7zNVuEl3sIJE1BaVsRrp7RUh0w6spktEY/BeAYIDMlf9uUnQBF8X4RJ/z9ywCMKsPAndVkO+xPrIWYiqUJoAIm4eXQo7Mezm5wg8fTKIgQg8aPZleMih1AaMVO8V0Pp2sWXyz8NX5Zp0SfQVMyN7oDa1oi5yA+YfCMlbrnTsHfE+AZfBLd6ifUdLZL1fg1Hc/srfyfny8MPw7rv7MxPCy+oeUZuf6WTcTALUKNqjYU5puZ+CVuLEDZuiHWdRjoy5EpVeeLbfwcOzGVcToc3CjYRq8V2UgTCIk+61yj6sLIyBY6YhpT7XDkVdbvnpcJko7hyYVnJLFf7f8ZyMfqzUU9wL1Z5situ1H5H3 w+ZL9Gb4 NQR3Yv/BlUlANE71O79BgsVPJDrBcslh5txvXwcIjyz7NpJbahiWKU8Zl9dAhtJ4HkitB3w6fKrRKjUNJGhLbnuLCDjfISKWcUhpzXj7YMiFGEgf7r/obnIYiI06736tNJWPvPIVfYqrLReqyc6gv0azmw1DJhjSz7EochW+N8ukyGCPUXzkZem5zXIY2PCRd6E3rJFO42QaC8N7FwokRSyOxANFoddMYq9hRcz2LE2QvrKzqlG1cVRngNq6KzDU915DLKIWaMqQwZHZwIqAufz/X/LeGCnis1c9wr3T4WiNR2dvNTQ5MZlFlHp2XGhLI7eSTRqiQ+NAgiqulO9cNvM2HzAszP4vtkA8ZD1W/dbGO7Du3OmmuIN09yoyuI3EPeZ/yzZydEfmMYlfXYI6KHBD70uVmYmoCh3VFVNlvJ4tNxJELJAmowTsNmwAWpSSlR7ogIk7hgMVZCB9emD7DHI2X9ROw6JnP5iFHqbHVWA1+VzU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.041680, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Nov 12, 2024 at 8:46=E2=80=AFPM Linus Torvalds wrote: > > On Tue, 12 Nov 2024 at 09:56, Josef Bacik wrote: > > > > @@ -119,14 +118,37 @@ static inline int fsnotify_file(struct file *file= , __u32 mask) > > * handle creation / destruction events and not "real" file eve= nts. > > */ > > if (file->f_mode & (FMODE_NONOTIFY | FMODE_PATH)) > > + return false; > > + > > + /* Permission events require that watches are set before FS_OPE= N_PERM */ > > + if (mask & ALL_FSNOTIFY_PERM_EVENTS & ~FS_OPEN_PERM && > > + !(file->f_mode & FMODE_NOTIFY_PERM)) > > + return false; > > This still all looks very strange. > > As far as I can tell, there is exactly one user of FS_OPEN_PERM in > 'mask', and that's fsnotify_open_perm(). Which is called in exactly > one place: security_file_open(), which is the wrong place to call it > anyway and is the only place where fsnotify is called from the > security layer. > > In fact, that looks like an active bug: if you enable FSNOTIFY, but > you *don't* enable CONFIG_SECURITY, the whole fsnotify_open_perm() > will never be called at all. > > And I just verified that yes, you can very much generate such a config. > See: 1cda52f1b461 fsnotify, lsm: Decouple fsnotify from lsm in linux-next. This patch set is based on the fs-next branch. > So the whole FS_OPEN_PERM thing looks like a special case, called from > a (broken) special place, and now polluting this "fsnotify_file()" > logic for no actual reason and making it all look unnecessarily messy. > > I'd suggest that the whole fsnotify_open_perm() simply be moved to > where it *should* be - in the open path - and not make a bad and > broken attempt at hiding inside the security layer, and not use this > "fsnotify_file()" logic at all. > > The open-time logic is different. It shouldn't even attempt - badly - > to look like it's the same thing as some regular file access. > OK, we can move setting the FMODE_NOTIFY_PERM to the open path. I have considered that it may be better to unhide it, but wasn't sure. Thanks, Amir.