From: Josef Bacik <josef@toxicpanda.com>
To: kernel-team@fb.com, linux-fsdevel@vger.kernel.org, jack@suse.cz,
amir73il@gmail.com, brauner@kernel.org,
torvalds@linux-foundation.org, linux-xfs@vger.kernel.org,
linux-btrfs@vger.kernel.org, linux-mm@kvack.org,
linux-ext4@vger.kernel.org
Subject: [PATCH v7 08/18] fsnotify: generate pre-content permission event on truncate
Date: Tue, 12 Nov 2024 12:55:23 -0500 [thread overview]
Message-ID: <d6648e7f56169468216a3a8155815613de412371.1731433903.git.josef@toxicpanda.com> (raw)
In-Reply-To: <cover.1731433903.git.josef@toxicpanda.com>
From: Amir Goldstein <amir73il@gmail.com>
Generate FS_PRE_ACCESS event before truncate, without sb_writers held.
Move the security hooks also before sb_start_write() to conform with
other security hooks (e.g. in write, fallocate).
The event will have a range info of the page surrounding the new size
to provide an opportunity to fill the conetnt at the end of file before
truncating to non-page aligned size.
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
---
fs/open.c | 31 +++++++++++++++++++++----------
include/linux/fsnotify.h | 32 ++++++++++++++++++++++----------
2 files changed, 43 insertions(+), 20 deletions(-)
diff --git a/fs/open.c b/fs/open.c
index e6911101fe71..e75456cda440 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -81,14 +81,18 @@ long vfs_truncate(const struct path *path, loff_t length)
if (!S_ISREG(inode->i_mode))
return -EINVAL;
- error = mnt_want_write(path->mnt);
- if (error)
- goto out;
-
idmap = mnt_idmap(path->mnt);
error = inode_permission(idmap, inode, MAY_WRITE);
if (error)
- goto mnt_drop_write_and_out;
+ return error;
+
+ error = fsnotify_truncate_perm(path, length);
+ if (error)
+ return error;
+
+ error = mnt_want_write(path->mnt);
+ if (error)
+ return error;
error = -EPERM;
if (IS_APPEND(inode))
@@ -114,7 +118,7 @@ long vfs_truncate(const struct path *path, loff_t length)
put_write_access(inode);
mnt_drop_write_and_out:
mnt_drop_write(path->mnt);
-out:
+
return error;
}
EXPORT_SYMBOL_GPL(vfs_truncate);
@@ -175,11 +179,18 @@ long do_ftruncate(struct file *file, loff_t length, int small)
/* Check IS_APPEND on real upper inode */
if (IS_APPEND(file_inode(file)))
return -EPERM;
- sb_start_write(inode->i_sb);
+
error = security_file_truncate(file);
- if (!error)
- error = do_truncate(file_mnt_idmap(file), dentry, length,
- ATTR_MTIME | ATTR_CTIME, file);
+ if (error)
+ return error;
+
+ error = fsnotify_truncate_perm(&file->f_path, length);
+ if (error)
+ return error;
+
+ sb_start_write(inode->i_sb);
+ error = do_truncate(file_mnt_idmap(file), dentry, length,
+ ATTR_MTIME | ATTR_CTIME, file);
sb_end_write(inode->i_sb);
return error;
diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
index 2d1c13df112c..f1ef072a3b2f 100644
--- a/include/linux/fsnotify.h
+++ b/include/linux/fsnotify.h
@@ -154,17 +154,14 @@ static inline int fsnotify_file(struct file *file, __u32 mask)
}
#ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS
-static inline int fsnotify_pre_content(const struct file *file,
+static inline int fsnotify_pre_content(const struct path *path,
const loff_t *ppos, size_t count)
{
- struct inode *inode = file_inode(file);
+ struct inode *inode = d_inode(path->dentry);
struct file_range range;
const void *data;
int data_type;
- if (!fsnotify_file_watchable(file, FS_PRE_ACCESS))
- return 0;
-
/*
* Pre-content events are only reported for regular files and dirs
* if there are any pre-content event watchers on this sb.
@@ -177,18 +174,17 @@ static inline int fsnotify_pre_content(const struct file *file,
/* Report page aligned range only when pos is known */
if (ppos) {
- range.path = &file->f_path;
+ range.path = path;
range.pos = PAGE_ALIGN_DOWN(*ppos);
range.count = PAGE_ALIGN(*ppos + count) - range.pos;
data = ⦥
data_type = FSNOTIFY_EVENT_FILE_RANGE;
} else {
- data = &file->f_path;
+ data = path;
data_type = FSNOTIFY_EVENT_PATH;
}
- return fsnotify_parent(file->f_path.dentry, FS_PRE_ACCESS,
- data, data_type);
+ return fsnotify_parent(path->dentry, FS_PRE_ACCESS, data, data_type);
}
/*
@@ -206,11 +202,14 @@ static inline int fsnotify_file_area_perm(struct file *file, int perm_mask,
*/
lockdep_assert_once(file_write_not_started(file));
+ if (!fsnotify_file_watchable(file, FS_PRE_ACCESS | FS_ACCESS_PERM))
+ return 0;
+
/*
* read()/write and other types of access generate pre-content events.
*/
if (perm_mask & (MAY_READ | MAY_WRITE | MAY_ACCESS | MAY_OPEN)) {
- int ret = fsnotify_pre_content(file, ppos, count);
+ int ret = fsnotify_pre_content(&file->f_path, ppos, count);
if (ret)
return ret;
@@ -226,6 +225,14 @@ static inline int fsnotify_file_area_perm(struct file *file, int perm_mask,
return fsnotify_file(file, FS_ACCESS_PERM);
}
+/*
+ * fsnotify_truncate_perm - permission hook before file truncate
+ */
+static inline int fsnotify_truncate_perm(const struct path *path, loff_t length)
+{
+ return fsnotify_pre_content(path, &length, 0);
+}
+
/*
* fsnotify_file_perm - permission hook before file access (unknown range)
*/
@@ -254,6 +261,11 @@ static inline int fsnotify_file_area_perm(struct file *file, int perm_mask,
return 0;
}
+static inline int fsnotify_truncate_perm(const struct path *path, loff_t length)
+{
+ return 0;
+}
+
static inline int fsnotify_file_perm(struct file *file, int perm_mask)
{
return 0;
--
2.43.0
next prev parent reply other threads:[~2024-11-12 18:04 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-12 17:55 [PATCH v7 00/18] fanotify: add pre-content hooks Josef Bacik
2024-11-12 17:55 ` [PATCH v7 01/18] fsnotify: opt-in for permission events at file_open_perm() time Josef Bacik
2024-11-12 19:45 ` Linus Torvalds
2024-11-12 22:37 ` Amir Goldstein
2024-11-12 17:55 ` [PATCH v7 02/18] fanotify: don't skip extra event info if no info_mode is set Josef Bacik
2024-11-12 17:55 ` [PATCH v7 03/18] fanotify: rename a misnamed constant Josef Bacik
2024-11-12 17:55 ` [PATCH v7 04/18] fanotify: reserve event bit of deprecated FAN_DIR_MODIFY Josef Bacik
2024-11-12 17:55 ` [PATCH v7 05/18] fsnotify: introduce pre-content permission events Josef Bacik
2024-11-12 20:12 ` Linus Torvalds
2024-11-12 23:06 ` Amir Goldstein
2024-11-12 23:48 ` Linus Torvalds
2024-11-13 0:05 ` Amir Goldstein
2024-11-13 16:57 ` Linus Torvalds
2024-11-13 18:49 ` Amir Goldstein
2024-11-14 15:01 ` Jan Kara
2024-11-14 17:22 ` Amir Goldstein
2024-11-13 0:12 ` Al Viro
2024-11-13 0:23 ` Linus Torvalds
2024-11-13 0:38 ` Linus Torvalds
2024-11-13 1:19 ` Al Viro
2024-11-13 4:30 ` Al Viro
2024-11-13 8:50 ` Amir Goldstein
2024-11-13 14:36 ` Amir Goldstein
2024-11-13 20:31 ` Al Viro
2024-11-13 10:10 ` Christian Brauner
2024-11-20 11:09 ` Christian Brauner
2024-11-20 11:36 ` Amir Goldstein
2024-11-13 19:11 ` Amir Goldstein
2024-11-13 21:22 ` Linus Torvalds
2024-11-13 22:35 ` Amir Goldstein
2024-11-13 23:07 ` Linus Torvalds
2024-11-12 17:55 ` [PATCH v7 06/18] fsnotify: pass optional file access range in pre-content event Josef Bacik
2024-11-12 17:55 ` [PATCH v7 07/18] fsnotify: generate pre-content permission event on open Josef Bacik
2024-11-12 19:54 ` Linus Torvalds
2024-11-12 23:40 ` Amir Goldstein
2024-11-13 0:58 ` Linus Torvalds
2024-11-13 10:12 ` Amir Goldstein
2024-11-12 17:55 ` Josef Bacik [this message]
2024-11-12 17:55 ` [PATCH v7 09/18] fanotify: introduce FAN_PRE_ACCESS permission event Josef Bacik
2024-11-15 11:28 ` Amir Goldstein
2024-11-15 11:47 ` Jan Kara
2024-11-12 17:55 ` [PATCH v7 10/18] fanotify: report file range info with pre-content events Josef Bacik
2024-11-12 17:55 ` [PATCH v7 11/18] fanotify: allow to set errno in FAN_DENY permission response Josef Bacik
2024-11-12 17:55 ` [PATCH v7 12/18] fanotify: add a helper to check for pre content events Josef Bacik
2024-11-13 18:33 ` Amir Goldstein
2024-11-12 17:55 ` [PATCH v7 13/18] fanotify: disable readahead if we have pre-content watches Josef Bacik
2024-11-12 17:55 ` [PATCH v7 14/18] mm: don't allow huge faults for files with pre content watches Josef Bacik
2024-11-12 17:55 ` [PATCH v7 15/18] fsnotify: generate pre-content permission event on page fault Josef Bacik
2024-11-12 17:55 ` [PATCH v7 16/18] xfs: add pre-content fsnotify hook for write faults Josef Bacik
2024-11-12 17:55 ` [PATCH v7 17/18] btrfs: disable defrag on pre-content watched files Josef Bacik
2024-11-12 17:55 ` [PATCH v7 18/18] fs: enable pre-content events on supported file systems Josef Bacik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d6648e7f56169468216a3a8155815613de412371.1731433903.git.josef@toxicpanda.com \
--to=josef@toxicpanda.com \
--cc=amir73il@gmail.com \
--cc=brauner@kernel.org \
--cc=jack@suse.cz \
--cc=kernel-team@fb.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-xfs@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox