On Wed, Nov 22, 2023 at 02:26:59PM +0200, Amir Goldstein wrote: > Hi Christian, > > During my work on fanotify "pre content" events [1], Jan and I noticed > some inconsistencies in the call sites of security_file_permission() > hooks inside rw_verify_area() and remap_verify_area(). > > The majority of call sites are before file_start_write(), which is how > we want them to be for fanotify "pre content" events. > > For splice code, there are many duplicate calls to rw_verify_area() > for the entire range as well as for partial ranges inside iterator. > > This cleanup series, mostly following Jan's suggestions, moves all > the security_file_permission() hooks before file_start_write() and > eliminates duplicate permission hook calls in the same call chain. > > The last 3 patches are helpers that I used in fanotify patches to > assert that permission hooks are called with expected locking scope. > > Please stage this work on a stable branch in the vfs tree, so that > I will be able to send Jan fanotify patches for "pre content" events > based on the stable vfs branch. > You can add Reviewed-by: Josef Bacik <josef@xxxxxxxxxxxxxx> To the rest of the patches that don't already have my reviewed-by. Thanks, Josef
