On Tue, 18 May 2021 at 19:56, Amir Goldstein <amir73il@xxxxxxxxx> wrote:
>
> On Tue, May 18, 2021 at 5:43 PM Miklos Szeredi <miklos@xxxxxxxxxx> wrote:
> >
> > On Mon, 10 May 2021 at 18:32, Amir Goldstein <amir73il@xxxxxxxxx> wrote:
> > > My thinking was that we can change d_real() to provide the real path:
> > >
> > > static inline struct path d_real_path(struct path *path,
> > > const struct inode *inode)
> > > {
> > > struct realpath = {};
> > > if (!unlikely(dentry->d_flags & DCACHE_OP_REAL))
> > > return *path;
> > > dentry->d_op->d_real(path->dentry, inode, &realpath);
> > > return realpath;
> > > }
Real paths are internal, we can't pass them (as fd in permission
events) to userspace.
> > >
> > >
> > > Another option, instead of getting the realpath, just detect the
> > > mismatch of file_inode(file) != d_inode(path->dentry) in
> > > fanotify_file() and pass FSNOTIFY_EVENT_DENTRY data type
> > > with d_real() dentry to backend instead of FSNOTIFY_EVENT_PATH.
> > >
> > > For inotify it should be enough and for fanotify it is enough for
> > > FAN_REPORT_FID and legacy fanotify can report FAN_NOFD,
> > > so at least permission events listeners can identify the situation and
> > > be able to block access to unknown paths.
That sounds like a good short term solution.
>
> Is there a reason for the fake path besides the displayed path in
> /proc/self/maps?
I'm not aware of any.
>
> Does it make sense to keep one realfile with fake path for mmaped
> files along side a realfile with private/detached path used for all the
> other operations?
This should work, but it would add more open files, so needs some good
justifications.
> While at it, we can also cache both upper and lower realfiles in case
> file was copied up after open.
Right, although this doesn't seem to be an issue (it's a rare corner
case that is being cared for).
Thanks,
Miklos
