On Fri, Apr 23, 2021 at 2:06 AM Matthew Bobrowski <repnop@xxxxxxxxxx> wrote: > > On Wed, Apr 21, 2021 at 10:04:49AM +0200, Jan Kara wrote: > > On Tue 20-04-21 12:36:59, Matthew Bobrowski wrote: > > > On Mon, Apr 19, 2021 at 05:02:33PM +0200, Christian Brauner wrote: > > > > A general question about struct fanotify_event_metadata and its > > > > extensibility model: > > > > looking through the code it seems that this struct is read via > > > > fanotify_rad(). So the user is expected to supply a buffer with at least > > > > > > > > #define FAN_EVENT_METADATA_LEN (sizeof(struct fanotify_event_metadata)) > > > > > > > > bytes. In addition you can return the info to the user about how many > > > > bytes the kernel has written from fanotify_read(). > > > > > > > > So afaict extending fanotify_event_metadata should be _fairly_ > > > > straightforward, right? It would essentially the complement to > > > > copy_struct_from_user() which Aleksa and I added (1 or 2 years ago) > > > > which deals with user->kernel and you're dealing with kernel->user: > > > > - If the user supplied a buffer smaller than the minimum known struct > > > > size -> reject. > > > > - If the user supplied a buffer < smaller than what the current kernel > > > > supports -> copy only what userspace knows about, and return the size > > > > userspace knows about. > > > > - If the user supplied a buffer that is larger than what the current > > > > kernel knows about -> copy only what the kernel knows about, zero the > > > > rest, and return the kernel size. > > > > > > > > Extension should then be fairly straightforward (64bit aligned > > > > increments)? > > > > > > You'd think that it's fairly straightforward, but I have a feeling > > > that the whole fanotify_event_metadata extensibility discussion and > > > the current limitation to do so revolves around whether it can be > > > achieved in a way which can guarantee that no userspace applications > > > would break. I think the answer to this is that there's no guarantee > > > because of <<reasons>>, so the decision to extend fanotify's feature > > > set was done via other means i.e. introduction of additional > > > structures. > > > > There's no real problem extending fanotify_event_metadata. We already have > > multiple extended version of that structure in use (see e.g. FAN_REPORT_FID > > flag and its effect, extended versions of the structure in > > include/uapi/linux/fanotify.h). The key for backward compatibility is to > > create extended struct only when explicitely requested by a flag when > > creating notification group - and that would be the case here - > > FAN_REPORT_PIDFD or how you called it. It is just that extending the > > structure means adding 8 bytes to each event and parsing extended structure > > is more cumbersome than just fetching s32 from a well known location. > > > > On the other hand extended structure is self-describing (i.e., you can tell > > the meaning of all the fields just from the event you receive) while > > reusing 'pid' field means that you have to know how the notification group > > was created (whether FAN_REPORT_PIDFD was used or not) to be able to > > interpret the contents of the event. Actually I think the self-describing > > feature of fanotify event stream is useful (e.g. when application manages > > multiple fanotify groups or when fanotify group descriptors are passed > > among processes) so now I'm more leaning towards using the extended > > structure instead of reusing 'pid' as Christian suggests. I'm sorry for the > > confusion. > > This approach makes sense to me. > > Jan/Amir, just to be clear, we've agreed to go ahead with the extended > struct approach whereby specifying the FAN_REPORT_PIDFD flag will > result in an event which includes an additional struct > (i.e. fanotify_event_info_pid) alongside the generic existing struct fanotify_event_info_pidfd? > fanotify_event_metadata (also ensuring that pid has been > provided). Events will be provided to userspace applications just like > when specifying FAN_REPORT_FID, correct? > Yes. Thanks, Amir.
