Re: [PATCH 00/15] Tidy up file permission hooks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Nov 18, 2023 at 8:59 AM Amir Goldstein <amir73il@xxxxxxxxx> wrote:
>
> On Fri, Nov 17, 2023 at 9:44 PM Josef Bacik <josef@xxxxxxxxxxxxxx> wrote:
> >
> > On Tue, Nov 14, 2023 at 05:32:39PM +0200, Amir Goldstein wrote:
> > > Hi Christian,
> > >
> > > I realize you won't have time to review this week, but wanted to get
> > > this series out for review for a wider audience soon.
> > >
> > > During my work on fanotify "pre content" events [1], Jan and I noticed
> > > some inconsistencies in the call sites of security_file_permission()
> > > hooks inside rw_verify_area() and remap_verify_area().
> > >
> > > The majority of call sites are before file_start_write(), which is how
> > > we want them to be for fanotify "pre content" events.
> > >
> > > For splice code, there are many duplicate calls to rw_verify_area()
> > > for the entire range as well as for partial ranges inside iterator.
> > >
> > > This cleanup series, mostly following Jan's suggestions, moves all
> > > the security_file_permission() hooks before file_start_write() and
> > > eliminates duplicate permission hook calls in the same call chain.
> > >
> > > The last 3 patches are helpers that I used in fanotify patches to
> > > assert that permission hooks are called with expected locking scope.
> > >
> > > My hope is to get this work reviewed and staged in the vfs tree
> > > for the 6.8 cycle, so that I can send Jan fanotify patches for
> > > "pre content" events based on a stable branch in the vfs tree.
> > >
> > > Thanks,
> > > Amir.
> >
> > Amir,
> >
> > The last 3 patches didn't make it onto lore for some reason, so I can't review
> > the last 3.  Thanks,
> >
>
> Sorry for the mishap.
> The entire series was re-posted shortly after to fsdevel:
> https://lore.kernel.org/linux-fsdevel/20231114153321.1716028-1-amir73il@xxxxxxxxx/
>
> > You can add
> > Reviewed-by: Josef Bacik <josef@xxxxxxxxxxxxxx>
> > to patches 1-11.
>

Christian,

Here is a status update on this patch set.

1. Patches 1-11 reviewed by Josef -
    if you can take a look and see they look fine before v2 that would be great
2. Patch 3 ACKed by Chuck [1]
3. Patch 9 should be preceded by this prep patch [2]
    that was ACKed by coda maintainer
4. Patch 12 is self NACKed by me. I am testing an alternative patch
5. Patches 13-15 (start_write assert helpers) have not been reviewed -
    they were posted to fsdevel [3] I'll appreciate if you or someone
could take a look

Once I get your feedback on patched 1-11,13-15
I can post v2 with the patch 9 prep patch and the alternative fix for patch 12.

Thanks,
Amir.

[1] https://lore.kernel.org/linux-unionfs/ZVObiRlwcKgT0e53@xxxxxxxxxxxxxxxxxxxxxx/
[2] https://lore.kernel.org/linux-fsdevel/20231120095110.2199218-1-amir73il@xxxxxxxxx/
[3] https://lore.kernel.org/linux-fsdevel/20231114153321.1716028-1-amir73il@xxxxxxxxx/





[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux