On Tue, Nov 14, 2023 at 5:32 PM Amir Goldstein <amir73il@xxxxxxxxx> wrote: > > Hi Christian, > OOPS, posted to the wrong list. Re-posting to fsdevel. Sorry for the noise. Amir. > I realize you won't have time to review this week, but wanted to get > this series out for review for a wider audience soon. > > During my work on fanotify "pre content" events [1], Jan and I noticed > some inconsistencies in the call sites of security_file_permission() > hooks inside rw_verify_area() and remap_verify_area(). > > The majority of call sites are before file_start_write(), which is how > we want them to be for fanotify "pre content" events. > > For splice code, there are many duplicate calls to rw_verify_area() > for the entire range as well as for partial ranges inside iterator. > > This cleanup series, mostly following Jan's suggestions, moves all > the security_file_permission() hooks before file_start_write() and > eliminates duplicate permission hook calls in the same call chain. > > The last 3 patches are helpers that I used in fanotify patches to > assert that permission hooks are called with expected locking scope. > > My hope is to get this work reviewed and staged in the vfs tree > for the 6.8 cycle, so that I can send Jan fanotify patches for > "pre content" events based on a stable branch in the vfs tree. > > Thanks, > Amir. > > [1] https://github.com/amir73il/linux/commits/fan_pre_content > > Amir Goldstein (15): > ovl: add permission hooks outside of do_splice_direct() > splice: remove permission hook from do_splice_direct() > splice: move permission hook out of splice_direct_to_actor() > splice: move permission hook out of splice_file_to_pipe() > splice: remove permission hook from iter_file_splice_write() > remap_range: move permission hooks out of do_clone_file_range() > remap_range: move file_start_write() to after permission hook > btrfs: move file_start_write() to after permission hook > fs: move file_start_write() into vfs_iter_write() > fs: move permission hook out of do_iter_write() > fs: move permission hook out of do_iter_read() > fs: move kiocb_start_write() into vfs_iocb_iter_write() > fs: create __sb_write_started() helper > fs: create file_write_started() helper > fs: create {sb,file}_write_not_started() helpers > > drivers/block/loop.c | 2 - > fs/btrfs/ioctl.c | 12 +-- > fs/cachefiles/io.c | 2 - > fs/coda/file.c | 4 +- > fs/internal.h | 8 +- > fs/nfsd/vfs.c | 7 +- > fs/overlayfs/copy_up.c | 26 ++++++- > fs/overlayfs/file.c | 3 - > fs/read_write.c | 164 +++++++++++++++++++++++++++-------------- > fs/remap_range.c | 48 ++++++------ > fs/splice.c | 78 ++++++++++++-------- > include/linux/fs.h | 62 +++++++++++++++- > 12 files changed, 279 insertions(+), 137 deletions(-) > > -- > 2.34.1 >
