Hi Jeff,
Thanks for your review!
I will update 1/2 based on the feedback. (Replying here to save everyone
an email..)
> On Oct 30, 2024, at 6:03 AM, Jeff Layton <jlayton@xxxxxxxxxx> wrote:
[...]
>> +
>> +static int sample_fp_handler(struct fsnotify_group *group,
>> + struct fanotify_fastpath_hook *fp_hook,
>> + struct fanotify_fastpath_event *fp_event)
>> +{
>> + const struct qstr *file_name = fp_event->file_name;
>> + struct sample_fp_data *fp_data;
>> + struct prefix_item *item;
>> +
>> + if (!file_name)
>> + return FAN_FP_RET_SEND_TO_USERSPACE;
>> + fp_data = fp_hook->data;
>> +
>> + list_for_each_entry(item, &fp_data->item_list, list) {
>> + if (strstr(file_name->name, item->prefix) == (char *)file_name->name)
>> + return FAN_FP_RET_SKIP_EVENT;
>> + }
>> +
>> + return FAN_FP_RET_SEND_TO_USERSPACE;
>> +}
>
> The sample is a little underwhelming and everyone hates string parsing
> in the kernel ;). It'd be nice to see a more real-world use-case for
> this.
>
> Could this be used to implement subtree filtering? I guess you'd have
> to walk back up the directory tree and see whether it had a given
> ancestor?
If the subtree is all in the same file system, we can attach fanotify to
the whole file system, and then use some dget_parent() and follow_up()
to walk up the directory tree in the fastpath handler. However, if there
are other mount points in the subtree, we will need more logic to handle
these mount points.
@Christian, I would like to know your thoughts on this (walking up the
directory tree in fanotify fastpath handler). It can be expensive for
very very deep subtree.
How should we pass in the subtree? I guess we can just use full path in
a string as the argument.
Thanks,
Song
