This RFC set introduces in-kernel fastpath handler for fanotify. The fastpath handler can be used to handle/filter some events without going through userspace. In LPC 2024, multiple talks covered use cases of monitoring a subtree in the VFS (fanotify: [1], bpf/lsm: [2]). This work is inspired by these discussions. Reliably monitoring of a subtree with low overhead is a hard problem. We do not claim this set fully solves problem. But we think this work can be a very useful building block of the solution to this problem. The fastpath handler can be implemented with built-in logic, in a kernel module, or a bpf program. The fastpath handler is attached to a fsnotify group. With current implementation, the multiple fastpath handlers are maintained in a global list. Only users with CAP_SYS_ADMIN can add fastpath handlers to the list by loading a kernel module. User without CAP_SYS_ADMIN can attach a loaded fastpath handler to fanotify instances. During the attach operation, the fastpath handler can take an argument. This enables non-CAP_SYSADMIN users to customize/configure the fastpath handler, for example, with a specific allowlist/denylist. As the patchset grows to 1000+ lines (including samples and tests), I would like some feedback before pushing it further. Overview: Patch 1/5 adds logic to write fastpath handlers in kernel modules. Patch 2/5 adds a sample of a fastpath handler in a kernel module. Patch 3/5 is some preparation work on BPF side. Patch 4/5 adds logic to write fastpath handlers in bpf programs. Patch 5/5 is a selftest and example of bpf based fastpath handler. TODO: 1. Add some mechanism to help users discover available fastpath handlers. For example, we can add a sysctl which is similar to net.ipv4.tcp_available_congestion_control, or we can add some sysfs entries. 2. Enable prviate (not added to global list) bpf based fastpath handlers. 3. More testing for inode local storage. 4. Man pages. [1] https://lpc.events/event/18/contributions/1717/ [2] https://lpc.events/event/18/contributions/1940/ Song Liu (5): fanotify: Introduce fanotify fastpath handler samples/fanotify: Add a sample fanotify fastpath handler bpf: Make bpf inode storage available to tracing programs fanotify: Enable bpf based fanotify fastpath handler selftests/bpf: Add test for BPF based fanotify fastpath handler MAINTAINERS | 1 + fs/Makefile | 2 +- fs/bpf_fs_kfuncs.c | 23 +- fs/notify/fanotify/Makefile | 2 +- fs/notify/fanotify/fanotify.c | 25 ++ fs/notify/fanotify/fanotify_fastpath.c | 318 ++++++++++++++++++ fs/notify/fanotify/fanotify_user.c | 7 + include/linux/bpf.h | 9 + include/linux/bpf_lsm.h | 29 -- include/linux/fanotify.h | 45 +++ include/linux/fs.h | 4 + include/linux/fsnotify_backend.h | 3 + include/uapi/linux/fanotify.h | 26 ++ kernel/bpf/Makefile | 3 +- kernel/bpf/bpf_inode_storage.c | 174 +++++++--- kernel/bpf/bpf_lsm.c | 4 - kernel/bpf/verifier.c | 5 + kernel/trace/bpf_trace.c | 8 + samples/Kconfig | 20 +- samples/Makefile | 2 +- samples/fanotify/.gitignore | 1 + samples/fanotify/Makefile | 5 +- samples/fanotify/fastpath-mod.c | 138 ++++++++ samples/fanotify/fastpath-user.c | 90 +++++ security/bpf/hooks.c | 5 - tools/testing/selftests/bpf/bpf_kfuncs.h | 4 + tools/testing/selftests/bpf/config | 1 + .../testing/selftests/bpf/prog_tests/fan_fp.c | 245 ++++++++++++++ tools/testing/selftests/bpf/progs/fan_fp.c | 77 +++++ 29 files changed, 1189 insertions(+), 87 deletions(-) create mode 100644 fs/notify/fanotify/fanotify_fastpath.c create mode 100644 samples/fanotify/fastpath-mod.c create mode 100644 samples/fanotify/fastpath-user.c create mode 100644 tools/testing/selftests/bpf/prog_tests/fan_fp.c create mode 100644 tools/testing/selftests/bpf/progs/fan_fp.c -- 2.43.5
