From patchwork Mon Nov 11 20:17:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13871225 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 31B84D3ABF5 for ; Mon, 11 Nov 2024 20:19:27 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id ED3BA8D0003; Mon, 11 Nov 2024 15:19:23 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id E6A8A8D0001; Mon, 11 Nov 2024 15:19:23 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CADC58D0003; Mon, 11 Nov 2024 15:19:23 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id A048D8D0001 for ; Mon, 11 Nov 2024 15:19:23 -0500 (EST) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 46B4341BC0 for ; Mon, 11 Nov 2024 20:19:23 +0000 (UTC) X-FDA: 82774927284.27.343D217 Received: from mail-oi1-f182.google.com (mail-oi1-f182.google.com [209.85.167.182]) by imf24.hostedemail.com (Postfix) with ESMTP id 1011F180002 for ; Mon, 11 Nov 2024 20:19:15 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=toxicpanda-com.20230601.gappssmtp.com header.s=20230601 header.b=jz3wTsB4; dmarc=none; spf=none (imf24.hostedemail.com: domain of josef@toxicpanda.com has no SPF policy when checking 209.85.167.182) smtp.mailfrom=josef@toxicpanda.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1731356186; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=UZOrOsZ4U8Z1PLuT0mm2pKda/bBg1AqKhK+ePUzLSNs=; b=JIbXe7DVb59b5jIvu490LXv7G1LQbE6EW6vHwwW20fi1IlWLgfiGBrvlSjqC4/S28qIoI9 bdN589QOPu19DCSKXT32eRvA1OBmuQBweBHVqnLs5Rt47Lj3vlmU1oolWCGn1mAhWKiHA+ 0kzXvpNQKsd0GIqO1N+aVW+UCd7eHkc= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=toxicpanda-com.20230601.gappssmtp.com header.s=20230601 header.b=jz3wTsB4; dmarc=none; spf=none (imf24.hostedemail.com: domain of josef@toxicpanda.com has no SPF policy when checking 209.85.167.182) smtp.mailfrom=josef@toxicpanda.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1731356186; a=rsa-sha256; cv=none; b=rW6AzjsgRq+MWzaKP6redwspZDEnfJLCYEUsU8ueg0RB+CXSx/83NNI/1Dkw4HJuuXN8tt e7SwliZnI1fpIqtOuN+zJCKagggyC7A0JlF4d47xuB6g2jxwWb12FEDzIBeSnP+mn34g8W dFXDlLWaEOTbno1W24WUDy9XVBcTaiA= Received: by mail-oi1-f182.google.com with SMTP id 5614622812f47-3e5f835c024so3021877b6e.2 for ; Mon, 11 Nov 2024 12:19:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1731356360; x=1731961160; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=UZOrOsZ4U8Z1PLuT0mm2pKda/bBg1AqKhK+ePUzLSNs=; b=jz3wTsB4waUIe2WQr3GetJaDlnD9EM9uhzX606FDlfulGM8A65rcCxdnnWm9WUU2My RVNEoLOrSf7Xu3AwooY16DHH9kSYfWQ+hcouTx9k1yZsqdURGCfD4ywFfeV73UfHDMej yjrMvtIJtdTtjA376vDnpfPNHJILNLaeWDSf2vUwJdwuB4yKrxpOL6tW8G9TF8vqW6K+ ki0AEw6Rm+lFX7HFYd6X0ANK0UiMZyIyLS2rmKT1x9MTAdIhjd6mfNeuBHtWIW6siwyM Ws1k+0Wdj4moSyTnc77eU70TRYyLW7gpUaJgOXbz+EH4++phnanUz1EGs75Xd4IX87eP ejqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731356360; x=1731961160; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UZOrOsZ4U8Z1PLuT0mm2pKda/bBg1AqKhK+ePUzLSNs=; b=RS+HnT6Tsr3gC1O1YFwHWpkUpadsC4GB2oGFnv3vPgsqYmXeHdJ1rv3HGJcYu+wUfU dDSFw8/YEnmTG1Am4v3vKp18B3xk38F2VL1ogiiPzpHtcVnH/iJT0+XKGb4bfqPVOhyv kOLw0FyHx/hX5NvSsjmitue/I20oZMZjZphrEvjRd52kdqOHeVevTLsJvlu4JDa0R9cZ VXKT75A7jBsOIEsIJtsiaO6eGHTwOcvycNYWPCHph6iZ9ktGbAt/RQI32JglLFtOnjGf m8r4iQ0xySaBtplJAx7Th/TYWhdGxjGWUjEuvbaADRrMqTbTwfzNTEts5JPJ0vMl5Wvt ntng== X-Forwarded-Encrypted: i=1; AJvYcCWjXywWrY5goVjHrr2TbTsAnTTK+/DYvnk/wCzDIwGhr6pAelZbeMXeU74RzaaPiXS5xuvTzPw9bg==@kvack.org X-Gm-Message-State: AOJu0YwtxuDB7//hGhpQcSMSMRzwiMtR7Rm9YWJhM6n4cimNSZFk9of2 YqZ6ww5LCN36w91Vi2SCBm5EENACpyB+43Po5/6vcrQu3/+cqQU0bIGjI2ByMdk= X-Google-Smtp-Source: AGHT+IHipOS2ybKSG81rwkOStrwkrxpZJxan2OC6U26/iyaDXrZO7WYlZi5blzqVcMk5sSNReEzGJQ== X-Received: by 2002:a05:6808:1305:b0:3e6:40b3:e525 with SMTP id 5614622812f47-3e7947734bbmr9745673b6e.41.1731356360425; Mon, 11 Nov 2024 12:19:20 -0800 (PST) Received: from localhost (syn-076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6d3961ecdcbsm63623066d6.31.2024.11.11.12.19.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Nov 2024 12:19:19 -0800 (PST) From: Josef Bacik To: kernel-team@fb.com, linux-fsdevel@vger.kernel.org, jack@suse.cz, amir73il@gmail.com, brauner@kernel.org, torvalds@linux-foundation.org, linux-xfs@vger.kernel.org, linux-btrfs@vger.kernel.org, linux-mm@kvack.org, linux-ext4@vger.kernel.org Subject: [PATCH v6 07/17] fsnotify: generate pre-content permission event on truncate Date: Mon, 11 Nov 2024 15:17:56 -0500 Message-ID: <95769c056a65cbc2d6ca6aa1fb66918acbe5ad0e.1731355931.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 1011F180002 X-Stat-Signature: ok9uspy5aew1jx9suhj7ah4anqpxpjuo X-Rspam-User: X-HE-Tag: 1731356355-350951 X-HE-Meta: U2FsdGVkX193JmU9cSpcYIblVB4gwMxFOLg7MiFhTQBR8FWMhiKxzrLZjmsqyfitNrB3ZBUak/FvCyNDyU8YSJn7dt7hR3YKONQsx29CQ7B85LTVQOwJ+cTxRJvMQ8cDEugKO7Bg85R2B3LEiyY+uuXDPNxj5Z8WFyjXRl/NhiUw7XlZ4vdfmmlfsqZrpsMWhaFlx0VKyTjl0rDu8VX8h/fGCynFIvaZx8VhbVeb9sVZRSuNjzgGB/VWkKGlQxVhqZfTOkC9d1vlFC5ZMUw7l7dnhdJOxSbiTffCupFPCE8ZL/uGbjnch8KE7scHbYRRTI1X+OiCorMx63cK0TKYgX5wIveaCIxj9IpDapm7oTVFnMKTCiIi/2tFWkltBQ+NgcLJhsV9jnrBMQnAzGCIdvVvsXhNfe9fzrOH/B3l2kMmH0LBq79L1tLI3vke17nXExOKQmvJLswJVpLPAEGA8euo1wzqsncU1yZ2TQdpvr55vgZiGQItLHnIMHqY36em0UREtTPuojO7BGbpgdduuc5hPGd07u3Mcx0OOShydJK+565ho2amjBJrBeIJqK+3ds9gr7CmPUnywnVtBpxcZbvlxvVWDQ8R7mxhJvrGMvv3v3zrHZVrP18MLtTsiVQeDayakAZk4IBME/p/m/5eDdUSOa6wFpne8TdoT5RntKX3UI7pzYzwwVX7quPpOty4IvZxg+ywbpsodsI+1/VZ95JSTpSQx7G2ZYDxSz+vOpPZiuN2aScpJf5VXF7H49WKFdmTYs2s4TwhlC/15VaS+QrcGR8iTekIOa0yWFbPCEUH/WJs4E0puew+BZT45EeK72hXVz8x/wkRpMwuwQQ0PHKDLP+EZkb59sAIiC/w3Rn9m6dPLNqEuNaFXiUIN4FHfkSRr7HPf2ZdlQP7qLQ2/kVOIOu9dArx6Swx17Lt76xuDohEKrlXCvfwCRSbabh+juTvMNAbkV1mFrUv8jT AvQPnRLk GSWo1++pmec6OZZ3WINZW2U4/Yj0cyFP+qasiENPM7FaBe0rvj/ER16rvQ6dHdBzs+AU8TdXliCbhGEhEpxm+akr1ScUcqjMKSag8E+aNMbIFaXU4vYKdDNqedrijVBnHP+5pNStbvJJLH+xr88SnQG/vX5TDoZ+sqKZcmIrp3xB6iCks9szb0/KDKiOBvqZaskG+Q+YZQvcN9VjB4f1S5fi13HBWhJOXRn4q1/ZO9MXssQ41XsExeuHHq1vhGTyyl1vb9ZTfZjxjulricWXEPYZtmLgm9HGdfrsI+uD8OPxHFOgyMcMF/T0ZWSTAbER4h2NoviJW8jEOsRe2PJhbafGS5A== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000089, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Amir Goldstein Generate FS_PRE_ACCESS event before truncate, without sb_writers held. Move the security hooks also before sb_start_write() to conform with other security hooks (e.g. in write, fallocate). The event will have a range info of the page surrounding the new size to provide an opportunity to fill the conetnt at the end of file before truncating to non-page aligned size. Signed-off-by: Amir Goldstein --- fs/open.c | 31 +++++++++++++++++++++---------- include/linux/fsnotify.h | 32 ++++++++++++++++++++++---------- 2 files changed, 43 insertions(+), 20 deletions(-) diff --git a/fs/open.c b/fs/open.c index c822f88d4c1d..51103ba339d0 100644 --- a/fs/open.c +++ b/fs/open.c @@ -81,14 +81,18 @@ long vfs_truncate(const struct path *path, loff_t length) if (!S_ISREG(inode->i_mode)) return -EINVAL; - error = mnt_want_write(path->mnt); - if (error) - goto out; - idmap = mnt_idmap(path->mnt); error = inode_permission(idmap, inode, MAY_WRITE); if (error) - goto mnt_drop_write_and_out; + return error; + + error = fsnotify_truncate_perm(path, length); + if (error) + return error; + + error = mnt_want_write(path->mnt); + if (error) + return error; error = -EPERM; if (IS_APPEND(inode)) @@ -114,7 +118,7 @@ long vfs_truncate(const struct path *path, loff_t length) put_write_access(inode); mnt_drop_write_and_out: mnt_drop_write(path->mnt); -out: + return error; } EXPORT_SYMBOL_GPL(vfs_truncate); @@ -175,11 +179,18 @@ long do_ftruncate(struct file *file, loff_t length, int small) /* Check IS_APPEND on real upper inode */ if (IS_APPEND(file_inode(file))) return -EPERM; - sb_start_write(inode->i_sb); + error = security_file_truncate(file); - if (!error) - error = do_truncate(file_mnt_idmap(file), dentry, length, - ATTR_MTIME | ATTR_CTIME, file); + if (error) + return error; + + error = fsnotify_truncate_perm(&file->f_path, length); + if (error) + return error; + + sb_start_write(inode->i_sb); + error = do_truncate(file_mnt_idmap(file), dentry, length, + ATTR_MTIME | ATTR_CTIME, file); sb_end_write(inode->i_sb); return error; diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h index 1e87a54b88b6..fbcdddb9601a 100644 --- a/include/linux/fsnotify.h +++ b/include/linux/fsnotify.h @@ -132,17 +132,14 @@ static inline int fsnotify_file(struct file *file, __u32 mask) } #ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS -static inline int fsnotify_pre_content(const struct file *file, +static inline int fsnotify_pre_content(const struct path *path, const loff_t *ppos, size_t count) { - struct inode *inode = file_inode(file); + struct inode *inode = d_inode(path->dentry); struct file_range range; const void *data; int data_type; - if (file->f_mode & FMODE_NONOTIFY) - return 0; - /* * Pre-content events are only reported for regular files and dirs * if there are any pre-content event watchers on this sb. @@ -155,18 +152,17 @@ static inline int fsnotify_pre_content(const struct file *file, /* Report page aligned range only when pos is known */ if (ppos) { - range.path = &file->f_path; + range.path = path; range.pos = PAGE_ALIGN_DOWN(*ppos); range.count = PAGE_ALIGN(*ppos + count) - range.pos; data = ⦥ data_type = FSNOTIFY_EVENT_FILE_RANGE; } else { - data = &file->f_path; + data = path; data_type = FSNOTIFY_EVENT_PATH; } - return fsnotify_parent(file->f_path.dentry, FS_PRE_ACCESS, - data, data_type); + return fsnotify_parent(path->dentry, FS_PRE_ACCESS, data, data_type); } /* @@ -184,11 +180,14 @@ static inline int fsnotify_file_area_perm(struct file *file, int perm_mask, */ lockdep_assert_once(file_write_not_started(file)); + if (file->f_mode & FMODE_NONOTIFY) + return 0; + /* * read()/write and other types of access generate pre-content events. */ if (perm_mask & (MAY_READ | MAY_WRITE | MAY_ACCESS | MAY_OPEN)) { - int ret = fsnotify_pre_content(file, ppos, count); + int ret = fsnotify_pre_content(&file->f_path, ppos, count); if (ret) return ret; @@ -204,6 +203,14 @@ static inline int fsnotify_file_area_perm(struct file *file, int perm_mask, return fsnotify_file(file, FS_ACCESS_PERM); } +/* + * fsnotify_truncate_perm - permission hook before file truncate + */ +static inline int fsnotify_truncate_perm(const struct path *path, loff_t length) +{ + return fsnotify_pre_content(path, &length, 0); +} + /* * fsnotify_file_perm - permission hook before file access (unknown range) */ @@ -235,6 +242,11 @@ static inline int fsnotify_file_area_perm(struct file *file, int perm_mask, return 0; } +static inline int fsnotify_truncate_perm(const struct path *path, loff_t length) +{ + return 0; +} + static inline int fsnotify_file_perm(struct file *file, int perm_mask) { return 0;