On Sat 26-10-24 08:58:47, Amir Goldstein wrote: > On Fri, Oct 25, 2024 at 3:39 PM Amir Goldstein <amir73il@xxxxxxxxx> wrote: > > > > On Fri, Oct 25, 2024 at 3:09 PM Jan Kara <jack@xxxxxxx> wrote: > > > > > > On Fri 25-10-24 09:55:21, Amir Goldstein wrote: > > > > On Sat, Aug 3, 2024 at 6:52 PM Amir Goldstein <amir73il@xxxxxxxxx> wrote: > > > > > On Thu, Aug 1, 2024 at 6:31 PM Jan Kara <jack@xxxxxxx> wrote: > > > > > > On Thu 25-07-24 14:19:39, Josef Bacik wrote: > > > > > > > From: Amir Goldstein <amir73il@xxxxxxxxx> > > > > > > > > > > > > > > The new FS_PRE_ACCESS permission event is similar to FS_ACCESS_PERM, > > > > > > > but it meant for a different use case of filling file content before > > > > > > > access to a file range, so it has slightly different semantics. > > > > > > > > > > > > > > Generate FS_PRE_ACCESS/FS_ACCESS_PERM as two seperate events, same as > > > > > > > we did for FS_OPEN_PERM/FS_OPEN_EXEC_PERM. > > > > > > > > > > > > > > FS_PRE_MODIFY is a new permission event, with similar semantics as > > > > > > > FS_PRE_ACCESS, which is called before a file is modified. > > > > > > > > > > > > > > FS_ACCESS_PERM is reported also on blockdev and pipes, but the new > > > > > > > pre-content events are only reported for regular files and dirs. > > > > > > > > > > > > > > The pre-content events are meant to be used by hierarchical storage > > > > > > > managers that want to fill the content of files on first access. > > > > > > > > > > > > > > Signed-off-by: Amir Goldstein <amir73il@xxxxxxxxx> > > > > > > > > > > > > The patch looks good. Just out of curiosity: > > > > > > > > > > > > > diff --git a/include/linux/fsnotify_backend.h b/include/linux/fsnotify_backend.h > > > > > > > index 8be029bc50b1..21e72b837ec5 100644 > > > > > > > --- a/include/linux/fsnotify_backend.h > > > > > > > +++ b/include/linux/fsnotify_backend.h > > > > > > > @@ -56,6 +56,9 @@ > > > > > > > #define FS_ACCESS_PERM 0x00020000 /* access event in a permissions hook */ > > > > > > > #define FS_OPEN_EXEC_PERM 0x00040000 /* open/exec event in a permission hook */ > > > > > > > > > > > > > > +#define FS_PRE_ACCESS 0x00100000 /* Pre-content access hook */ > > > > > > > +#define FS_PRE_MODIFY 0x00200000 /* Pre-content modify hook */ > > > > > > > > > > > > Why is a hole left here in the flag space? > > > > > > > > > > Can't remember. > > > > > > > > > > Currently we have a draft design for two more events > > > > > FS_PATH_ACCESS, FS_PATH_MODIFY > > > > > https://github.com/amir73il/man-pages/commits/fan_pre_path > > > > > > > > > > So might have been a desire to keep the pre-events group on the nibble. > > > > > > > > Funny story. > > > > > > > > I straced a program with latest FS_PRE_ACCESS (0x00080000) and > > > > see what I got: > > > > > > > > fanotify_mark(3, FAN_MARK_ADD|FAN_MARK_MOUNT, > > > > FAN_CLOSE_WRITE|FAN_OPEN_PERM|FAN_ACCESS_PERM|FAN_DIR_MODIFY|FAN_ONDIR, > > > > AT_FDCWD, "/vdd") = 0 > > > > > > > > "FAN_DIR_MODIFY"! a blast from the past [1] > > > > > > > > It would have been nice if we reserved 0x00080000 for FAN_PATH_MODIFY [2] > > > > to be a bit less confusing for users with old strace. > > > > > > > > WDYT? > > > > > > Yeah, reusing that bit for something semantically close would reduce some > > > confusion. But realistically I don't think FAN_DIR_MODIFY go wide use when > > > it was never supported in a released upstream kernel. > > > > No, but its legacy lives in strace forever... > > > > Speaking of legacy events, you will notice that in the fan_pre_access > branch I swapped the order of FS_PRE_ACCESS to be generated > before FS_ACCESS_PERM. > > It is a semantic difference that probably does not matter much in practice, > but I justified it as "need to fill the content before content can be inspected" > because FS_ACCESS_PERM is the legacy Anti-malware event. > > This order is also aligned with the priority group associated with those > events (PRE_CONTENT before CONTENT). Yes, I've noticed this and it makes sense. Thanks for the expanded rationale. > But from a wider POV, my feeling is that FS_ACCESS_PERM is not > really used by anyone and it is baggage that we need to try to get rid of. > It is not worth the bloat of the inlined fsnotify_file_area_perm() hook. > It is not worth the wasted cycles in the __fsnotify_parent() call that will > not be optimized when there is any high priority group listener on the sb. > > I am tempted to try and combine the PRE/PERM access events into > a single event and make sure that no fanotify group can subscribe to > both of them at the same time, so a combined event can never be seen, > but it is not very easy to rationalize this API. > > For example, if we would have required FAN_REPORT_RANGE init flag > for subscribing to FAN_PRE_ACCESS, then we could have denied the legacy > FAN_ACCESS_PERM in this group, but I don't think that we want to do that (?). Yeah, this would look a bit weird in the API. If you really think that FAN_ACCESS_PERM is dead (which it may well be but I would not bet on it), then we could start a deprecation period for it and if nobody comes back to us saying they still use it, we can then remove it from the kernel altogether. Honza -- Jan Kara <jack@xxxxxxxx> SUSE Labs, CR
