On Tue, Oct 16, 2018 at 01:58:32PM +0200, Jan Kara wrote:
> On Thu 11-10-18 21:42:23, Matthew Bobrowski wrote:
> > A new event type FAN_OPEN_EXEC has been defined so that users have the
> > ability to receive events specifically when a file has been opened with
> > the intent to be executed.
>
> Can we perhaps expand this a bit to clarify that this means execve(),
> execve_at(), and uselib() syscalls? Then the sentence below could just
> clarify that feature is implemented by fanotify_open() generating
> FAN_OPEN_EXEC event if __FMODE_EXEC is set within file->f_flags. Thanks!
Updated.
I will include these updates within the new patch series I'm going to post
through.
> > The FAN_OPEN_EXEC flag is set within the fsnotify_open() hook only if a
> > file has the __FMODE_EXEC bit set within file->f_flags.
> >
> > Signed-off-by: Matthew Bobrowski <mbobrowski@xxxxxxxxxxxxxx>
> > ---
> > fs/notify/fanotify/fanotify.c | 3 ++-
> > fs/notify/fsnotify.c | 2 +-
> > include/linux/fanotify.h | 2 +-
> > include/linux/fsnotify.h | 2 ++
> > include/linux/fsnotify_backend.h | 7 +++++--
> > include/uapi/linux/fanotify.h | 1 +
> > 6 files changed, 12 insertions(+), 5 deletions(-)
> >
> > diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c
> > index 2c57186caa2e..b3e92302ed84 100644
> > --- a/fs/notify/fanotify/fanotify.c
> > +++ b/fs/notify/fanotify/fanotify.c
> > @@ -207,8 +207,9 @@ static int fanotify_handle_event(struct fsnotify_group *group,
> > BUILD_BUG_ON(FAN_OPEN_PERM != FS_OPEN_PERM);
> > BUILD_BUG_ON(FAN_ACCESS_PERM != FS_ACCESS_PERM);
> > BUILD_BUG_ON(FAN_ONDIR != FS_ISDIR);
> > + BUILD_BUG_ON(FAN_OPEN_EXEC != FS_OPEN_EXEC);
> >
> > - BUILD_BUG_ON(HWEIGHT32(ALL_FANOTIFY_EVENT_BITS) != 10);
> > + BUILD_BUG_ON(HWEIGHT32(ALL_FANOTIFY_EVENT_BITS) != 11);
> >
> > if (!fanotify_should_send_event(iter_info, mask, data, data_type))
> > return 0;
> > diff --git a/fs/notify/fsnotify.c b/fs/notify/fsnotify.c
> > index a0ad06285450..051e5fc0dba1 100644
> > --- a/fs/notify/fsnotify.c
> > +++ b/fs/notify/fsnotify.c
> > @@ -402,7 +402,7 @@ static __init int fsnotify_init(void)
> > {
> > int ret;
> >
> > - BUILD_BUG_ON(HWEIGHT32(ALL_FSNOTIFY_BITS) != 23);
> > + BUILD_BUG_ON(HWEIGHT32(ALL_FSNOTIFY_BITS) != 24);
> >
> > ret = init_srcu_struct(&fsnotify_mark_srcu);
> > if (ret)
> > diff --git a/include/linux/fanotify.h b/include/linux/fanotify.h
> > index 05b696b4856b..0e07d23b6c17 100644
> > --- a/include/linux/fanotify.h
> > +++ b/include/linux/fanotify.h
> > @@ -39,7 +39,7 @@
> >
> > /* Events that user can request to be notified on */
> > #define FANOTIFY_EVENTS (FAN_ACCESS | FAN_MODIFY | \
> > - FAN_CLOSE | FAN_OPEN)
> > + FAN_CLOSE | FAN_OPEN | FAN_OPEN_EXEC)
> >
> > /* Events that require a permission response from user */
> > #define FANOTIFY_PERM_EVENTS (FAN_OPEN_PERM | FAN_ACCESS_PERM)
> > diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
> > index fd1ce10553bf..1fe5ac93b252 100644
> > --- a/include/linux/fsnotify.h
> > +++ b/include/linux/fsnotify.h
> > @@ -215,6 +215,8 @@ static inline void fsnotify_open(struct file *file)
> >
> > if (S_ISDIR(inode->i_mode))
> > mask |= FS_ISDIR;
> > + if (file->f_flags & __FMODE_EXEC)
> > + mask |= FS_OPEN_EXEC;
> >
> > fsnotify_parent(path, NULL, mask);
> > fsnotify(inode, mask, path, FSNOTIFY_EVENT_PATH, NULL, 0);
> > diff --git a/include/linux/fsnotify_backend.h b/include/linux/fsnotify_backend.h
> > index 135b973e44d1..329ac6684326 100644
> > --- a/include/linux/fsnotify_backend.h
> > +++ b/include/linux/fsnotify_backend.h
> > @@ -38,6 +38,7 @@
> > #define FS_DELETE 0x00000200 /* Subfile was deleted */
> > #define FS_DELETE_SELF 0x00000400 /* Self was deleted */
> > #define FS_MOVE_SELF 0x00000800 /* Self was moved */
> > +#define FS_OPEN_EXEC 0x00001000 /* File was opened for exec */
> >
> > #define FS_UNMOUNT 0x00002000 /* inode on umount fs */
> > #define FS_Q_OVERFLOW 0x00004000 /* Event queued overflowed */
> > @@ -62,7 +63,8 @@
> > #define FS_EVENTS_POSS_ON_CHILD (FS_ACCESS | FS_MODIFY | FS_ATTRIB |\
> > FS_CLOSE_WRITE | FS_CLOSE_NOWRITE | FS_OPEN |\
> > FS_MOVED_FROM | FS_MOVED_TO | FS_CREATE |\
> > - FS_DELETE | FS_OPEN_PERM | FS_ACCESS_PERM)
> > + FS_DELETE | FS_OPEN_PERM | FS_ACCESS_PERM |\
> > + FS_OPEN_EXEC)
> >
> > #define FS_MOVE (FS_MOVED_FROM | FS_MOVED_TO)
> >
> > @@ -74,7 +76,8 @@
> > FS_MOVED_FROM | FS_MOVED_TO | FS_CREATE | \
> > FS_DELETE | FS_DELETE_SELF | FS_MOVE_SELF | \
> > FS_UNMOUNT | FS_Q_OVERFLOW | FS_IN_IGNORED | \
> > - FS_OPEN_PERM | FS_ACCESS_PERM | FS_DN_RENAME)
> > + FS_OPEN_PERM | FS_ACCESS_PERM | FS_DN_RENAME |\
> > + FS_OPEN_EXEC)
> >
> > /* Extra flags that may be reported with event or control handling of events */
> > #define ALL_FSNOTIFY_FLAGS (FS_EXCL_UNLINK | FS_ISDIR | FS_IN_ONESHOT | \
> > diff --git a/include/uapi/linux/fanotify.h b/include/uapi/linux/fanotify.h
> > index 00b2304ed124..da278f11ab29 100644
> > --- a/include/uapi/linux/fanotify.h
> > +++ b/include/uapi/linux/fanotify.h
> > @@ -10,6 +10,7 @@
> > #define FAN_CLOSE_WRITE 0x00000008 /* Writtable file closed */
> > #define FAN_CLOSE_NOWRITE 0x00000010 /* Unwrittable file closed */
> > #define FAN_OPEN 0x00000020 /* File was opened */
> > +#define FAN_OPEN_EXEC 0x00001000 /* File was opened for exec */
> >
> > #define FAN_Q_OVERFLOW 0x00004000 /* Event queued overflowed */
> >
> > --
> > 2.17.2
> >
> --
> Jan Kara <jack@xxxxxxxx>
> SUSE Labs, CR
