On Thu 25-07-24 14:19:41, Josef Bacik wrote:
> From: Amir Goldstein <amir73il@xxxxxxxxx>
>
> Similar to FAN_ACCESS_PERM permission event, but it is only allowed with
> class FAN_CLASS_PRE_CONTENT and only allowed on regular files are dirs.
^^ and
> Unlike FAN_ACCESS_PERM, it is safe to write to the file being accessed
> in the context of the event handler.
>
> This pre-content event is meant to be used by hierarchical storage
> managers that want to fill the content of files on first read access.
>
> Signed-off-by: Amir Goldstein <amir73il@xxxxxxxxx>
Otherwise the patch looks good.
Honza
> ---
> fs/notify/fanotify/fanotify.c | 3 ++-
> fs/notify/fanotify/fanotify_user.c | 17 ++++++++++++++---
> include/linux/fanotify.h | 14 ++++++++++----
> include/uapi/linux/fanotify.h | 2 ++
> 4 files changed, 28 insertions(+), 8 deletions(-)
>
> diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c
> index 224bccaab4cc..7dac8e4486df 100644
> --- a/fs/notify/fanotify/fanotify.c
> +++ b/fs/notify/fanotify/fanotify.c
> @@ -910,8 +910,9 @@ static int fanotify_handle_event(struct fsnotify_group *group, u32 mask,
> BUILD_BUG_ON(FAN_OPEN_EXEC_PERM != FS_OPEN_EXEC_PERM);
> BUILD_BUG_ON(FAN_FS_ERROR != FS_ERROR);
> BUILD_BUG_ON(FAN_RENAME != FS_RENAME);
> + BUILD_BUG_ON(FAN_PRE_ACCESS != FS_PRE_ACCESS);
>
> - BUILD_BUG_ON(HWEIGHT32(ALL_FANOTIFY_EVENT_BITS) != 21);
> + BUILD_BUG_ON(HWEIGHT32(ALL_FANOTIFY_EVENT_BITS) != 22);
>
> mask = fanotify_group_event_mask(group, iter_info, &match_mask,
> mask, data, data_type, dir);
> diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
> index 2e2fba8a9d20..c294849e474f 100644
> --- a/fs/notify/fanotify/fanotify_user.c
> +++ b/fs/notify/fanotify/fanotify_user.c
> @@ -1628,6 +1628,7 @@ static int fanotify_events_supported(struct fsnotify_group *group,
> unsigned int flags)
> {
> unsigned int mark_type = flags & FANOTIFY_MARK_TYPE_BITS;
> + bool is_dir = d_is_dir(path->dentry);
> /* Strict validation of events in non-dir inode mask with v5.17+ APIs */
> bool strict_dir_events = FAN_GROUP_FLAG(group, FAN_REPORT_TARGET_FID) ||
> (mask & FAN_RENAME) ||
> @@ -1665,9 +1666,15 @@ static int fanotify_events_supported(struct fsnotify_group *group,
> * but because we always allowed it, error only when using new APIs.
> */
> if (strict_dir_events && mark_type == FAN_MARK_INODE &&
> - !d_is_dir(path->dentry) && (mask & FANOTIFY_DIRONLY_EVENT_BITS))
> + !is_dir && (mask & FANOTIFY_DIRONLY_EVENT_BITS))
> return -ENOTDIR;
>
> + /* Pre-content events are only supported on regular files and dirs */
> + if (mask & FANOTIFY_PRE_CONTENT_EVENTS) {
> + if (!is_dir && !d_is_reg(path->dentry))
> + return -EINVAL;
> + }
> +
> return 0;
> }
>
> @@ -1769,11 +1776,15 @@ static int do_fanotify_mark(int fanotify_fd, unsigned int flags, __u64 mask,
> goto fput_and_out;
>
> /*
> - * Permission events require minimum priority FAN_CLASS_CONTENT.
> + * Permission events are not allowed for FAN_CLASS_NOTIF.
> + * Pre-content permission events are not allowed for FAN_CLASS_CONTENT.
> */
> ret = -EINVAL;
> if (mask & FANOTIFY_PERM_EVENTS &&
> - group->priority < FSNOTIFY_PRIO_CONTENT)
> + group->priority == FSNOTIFY_PRIO_NORMAL)
> + goto fput_and_out;
> + else if (mask & FANOTIFY_PRE_CONTENT_EVENTS &&
> + group->priority == FSNOTIFY_PRIO_CONTENT)
> goto fput_and_out;
>
> if (mask & FAN_FS_ERROR &&
> diff --git a/include/linux/fanotify.h b/include/linux/fanotify.h
> index 4f1c4f603118..5c811baf44d2 100644
> --- a/include/linux/fanotify.h
> +++ b/include/linux/fanotify.h
> @@ -88,6 +88,16 @@
> #define FANOTIFY_DIRENT_EVENTS (FAN_MOVE | FAN_CREATE | FAN_DELETE | \
> FAN_RENAME)
>
> +/* Content events can be used to inspect file content */
> +#define FANOTIFY_CONTENT_PERM_EVENTS (FAN_OPEN_PERM | FAN_OPEN_EXEC_PERM | \
> + FAN_ACCESS_PERM)
> +/* Pre-content events can be used to fill file content */
> +#define FANOTIFY_PRE_CONTENT_EVENTS (FAN_PRE_ACCESS)
> +
> +/* Events that require a permission response from user */
> +#define FANOTIFY_PERM_EVENTS (FANOTIFY_CONTENT_PERM_EVENTS | \
> + FANOTIFY_PRE_CONTENT_EVENTS)
> +
> /* Events that can be reported with event->fd */
> #define FANOTIFY_FD_EVENTS (FANOTIFY_PATH_EVENTS | FANOTIFY_PERM_EVENTS)
>
> @@ -103,10 +113,6 @@
> FANOTIFY_INODE_EVENTS | \
> FANOTIFY_ERROR_EVENTS)
>
> -/* Events that require a permission response from user */
> -#define FANOTIFY_PERM_EVENTS (FAN_OPEN_PERM | FAN_ACCESS_PERM | \
> - FAN_OPEN_EXEC_PERM)
> -
> /* Extra flags that may be reported with event or control handling of events */
> #define FANOTIFY_EVENT_FLAGS (FAN_EVENT_ON_CHILD | FAN_ONDIR)
>
> diff --git a/include/uapi/linux/fanotify.h b/include/uapi/linux/fanotify.h
> index a37de58ca571..3ae43867d318 100644
> --- a/include/uapi/linux/fanotify.h
> +++ b/include/uapi/linux/fanotify.h
> @@ -26,6 +26,8 @@
> #define FAN_ACCESS_PERM 0x00020000 /* File accessed in perm check */
> #define FAN_OPEN_EXEC_PERM 0x00040000 /* File open/exec in perm check */
>
> +#define FAN_PRE_ACCESS 0x00100000 /* Pre-content access hook */
> +
> #define FAN_EVENT_ON_CHILD 0x08000000 /* Interested in child events */
>
> #define FAN_RENAME 0x10000000 /* File was renamed */
> --
> 2.43.0
>
--
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR
