From: Henry Wilson <henry.wilson@xxxxxxxxxxx>
inotify: Add flag IN_EXCL_ADD for inotify_add_watch()
The flag IN_EXCL_ADD is introduced as a flag for inotiy_add_watch() which
prevents inotify from modifying any existing watches when invoked. If the
pathname specified in the call has a watched inode associated with it and
IN_EXCL_ADD is specified, fail with an errno of EEXIST.
RATIONALE
In the current implementation, there is no way to prevent inotify_add_watch()
from modifying existing watch descriptors. Even if the caller keeps a record of
all watch descriptors collected, this is only sufficient to detect that an
existing watch descriptor may have been modified.
The assumption that a particular path will map to the same inode over multiple
calls to inotify_add_watch() cannot be made as files can be renamed or deleted.
It is also not possible to assume that two distinct paths do no map to the same
inode, due to hard-links or a dereferenced symbolic link. Further uses of
inotify_add_watch() to revert the change may cause other watch descriptors to
be modified or created, merely compunding the problem. There is currently no
system call such as inotify_modify_watch() to explicity modify a watch
descriptor, which would be able to revert unwanted changes. Thus the caller
cannot guarantee to be able to revert any changes to existing watch decriptors.
Additionally the caller cannot assume that the events that are associated with a
watch descriptor are within the set requested, as any future calls to
inotify_add_watch() may unintentionally modify a watch descriptor's mask. Thus
it cannot currently be guaranteed that a watch descriptor will only generate
events which have been requested. The program must filter events which come
through its watch descriptor to within its expected range.
Signed-off-by: Henry Wilson <henry.wilson@xxxxxxxxxxx>
---
EXTENSIONS
A new system call inotify_modify_watch(fd, wd, mask) would be useful to modify
an existing watch directly to avoid similar problems when modifying a watch
descriptor's mask
ADDITIONS TO MANPAGES
inotify(7)
IN_EXCL_ADD
Only watch pathname if it refers to an inode that is not already being watched
by this inotify instance.
inotify_add_watch(2)
EEXIST
pathname references an existing watch descriptor and IN_EXCL_ADD was
specified.
CHANGELOG
v2: updated inotify_user_init() to the increased size of INOTIFY_ALL_BITS
v3: renamed IN_ONLY_CREATE to IN_EXCL_ADD
additional rational for the change introduced to commit
---
fs/notify/inotify/inotify_user.c | 5 ++++-
include/linux/inotify.h | 2 +-
include/uapi/linux/inotify.h | 1 +
3 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c
index ef32f3657958..bbe6fbc4fee6 100644
--- a/fs/notify/inotify/inotify_user.c
+++ b/fs/notify/inotify/inotify_user.c
@@ -506,6 +506,7 @@ static int inotify_update_existing_watch(struct fsnotify_group *group,
__u32 old_mask, new_mask;
__u32 mask;
int add = (arg & IN_MASK_ADD);
+ int create = (arg & IN_EXCL_ADD);
int ret;
mask = inotify_arg_to_mask(arg);
@@ -513,6 +514,8 @@ static int inotify_update_existing_watch(struct fsnotify_group *group,
fsn_mark = fsnotify_find_mark(&inode->i_fsnotify_marks, group);
if (!fsn_mark)
return -ENOENT;
+ else if (create)
+ return -EEXIST;
i_mark = container_of(fsn_mark, struct inotify_inode_mark, fsn_mark);
@@ -802,7 +805,7 @@ static int __init inotify_user_setup(void)
BUILD_BUG_ON(IN_ISDIR != FS_ISDIR);
BUILD_BUG_ON(IN_ONESHOT != FS_IN_ONESHOT);
- BUG_ON(hweight32(ALL_INOTIFY_BITS) != 21);
+ BUG_ON(hweight32(ALL_INOTIFY_BITS) != 22);
inotify_inode_mark_cachep = KMEM_CACHE(inotify_inode_mark, SLAB_PANIC);
diff --git a/include/linux/inotify.h b/include/linux/inotify.h
index 44f9ffe72c87..ab423272540c 100644
--- a/include/linux/inotify.h
+++ b/include/linux/inotify.h
@@ -18,6 +18,6 @@ extern struct ctl_table inotify_table[]; /* for sysctl */
IN_DELETE_SELF | IN_MOVE_SELF | IN_UNMOUNT | \
IN_Q_OVERFLOW | IN_IGNORED | IN_ONLYDIR | \
IN_DONT_FOLLOW | IN_EXCL_UNLINK | IN_MASK_ADD | \
- IN_ISDIR | IN_ONESHOT)
+ IN_EXCL_ADD | IN_ISDIR | IN_ONESHOT)
#endif /* _LINUX_INOTIFY_H */
diff --git a/include/uapi/linux/inotify.h b/include/uapi/linux/inotify.h
index 4800bf2a531d..7601540aa38a 100644
--- a/include/uapi/linux/inotify.h
+++ b/include/uapi/linux/inotify.h
@@ -53,6 +53,7 @@ struct inotify_event {
#define IN_ONLYDIR 0x01000000 /* only watch the path if it is a directory */
#define IN_DONT_FOLLOW 0x02000000 /* don't follow a sym link */
#define IN_EXCL_UNLINK 0x04000000 /* exclude events on unlinked objects */
+#define IN_EXCL_ADD 0x10000000 /* only create watches */
#define IN_MASK_ADD 0x20000000 /* add to the mask of an already existing watch */
#define IN_ISDIR 0x40000000 /* event occurred against dir */
#define IN_ONESHOT 0x80000000 /* only send event once */
--
2.17.0
