On Tue 09-01-24 20:22:45, Amir Goldstein wrote: > The depency of FANOTIFY_ACCESS_PERMISSIONS on SECURITY made sure that > the fsnotify permission hooks were never called when SECURITY was > disabled. > > Moving the fsnotify permission hook out of the secutiy hook broke that > optimisation. > > Reported-and-tested-by: Jens Axboe <axboe@xxxxxxxxx> > Closes: https://lore.kernel.org/linux-fsdevel/53682ece-f0e7-48de-9a1c-879ee34b0449@xxxxxxxxx/ > Fixes: d9e5d31084b0 ("fsnotify: optionally pass access range in file permission hooks") > Signed-off-by: Amir Goldstein <amir73il@xxxxxxxxx> Originally I didn't notice this was directed to Christian but it makes sense since he merged the original patches. The fix looks good (modulo the typo fixes from Jens). Feel free to add: Reviewed-by: Jan Kara <jack@xxxxxxx> Honza > --- > include/linux/fsnotify.h | 19 +++++++++++++++++++ > 1 file changed, 19 insertions(+) > > diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h > index 11e6434b8e71..8300a5286988 100644 > --- a/include/linux/fsnotify.h > +++ b/include/linux/fsnotify.h > @@ -100,6 +100,7 @@ static inline int fsnotify_file(struct file *file, __u32 mask) > return fsnotify_parent(path->dentry, mask, path, FSNOTIFY_EVENT_PATH); > } > > +#ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS > /* > * fsnotify_file_area_perm - permission hook before access to file range > */ > @@ -145,6 +146,24 @@ static inline int fsnotify_open_perm(struct file *file) > return fsnotify_file(file, FS_OPEN_PERM); > } > > +#else > +static inline int fsnotify_file_area_perm(struct file *file, int perm_mask, > + const loff_t *ppos, size_t count) > +{ > + return 0; > +} > + > +static inline int fsnotify_file_perm(struct file *file, int perm_mask) > +{ > + return 0; > +} > + > +static inline int fsnotify_open_perm(struct file *file) > +{ > + return 0; > +} > +#endif > + > /* > * fsnotify_link_count - inode's link count changed > */ > -- > 2.34.1 > -- Jan Kara <jack@xxxxxxxx> SUSE Labs, CR
