From patchwork Thu Nov 8 03:05:49 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Bobrowski X-Patchwork-Id: 10673403 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CF741109C for ; Thu, 8 Nov 2018 03:05:58 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BC0B62D6FC for ; Thu, 8 Nov 2018 03:05:58 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B020A2D702; Thu, 8 Nov 2018 03:05:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 208722D6FC for ; Thu, 8 Nov 2018 03:05:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728494AbeKHMjP (ORCPT ); Thu, 8 Nov 2018 07:39:15 -0500 Received: from mail-pl1-f174.google.com ([209.85.214.174]:46833 "EHLO mail-pl1-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728372AbeKHMjP (ORCPT ); Thu, 8 Nov 2018 07:39:15 -0500 Received: by mail-pl1-f174.google.com with SMTP id c13-v6so8813517plz.13 for ; Wed, 07 Nov 2018 19:05:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mbobrowski-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=BLwx/Y4zoegDd/oLyl5TqFsR2/50lIuEEvl+WJdRrS8=; b=CEQKechNLH49jyR/ABlU3iclscu3qyCnaASw5/o5Idy83DEHhsC4CUZJ4+JdZz0agm 16RmO2TjQ5IZNOq833M+PnnnU67b7oVnmtA8DVBYMb0NaKTH8XE6G0NDKqNBb78qI3pY sgKO2MXhU/9/pMInB/IlmuYEO0rkBEWS8al2EP8yuZ2dlXQA96U3OJk7LFSfY9g5wcgQ vvJohMiTj6b3BmP3y75ZN8AiUGDkert7MEB1wquzCE8hKFDV3hAM9UVGJc0MHm9XBmEu Oz3MSYNW4K7fr+iSWPKTGYoAeFLPkq8Ilru7XxDeLHwMwFOX1SaKa5jJxeTKaiOYfGAe evvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=BLwx/Y4zoegDd/oLyl5TqFsR2/50lIuEEvl+WJdRrS8=; b=CZ4fYrfITM84BWFEtOGyL8n0bl82SWHGnqiWVHuIfA6k6bUDtwZuJKMfgEqn3ntQtv +4IObta6LHHcaHLuik0QXj3h0RF+qR83ews++fybo7XQUgCU/neM3RgLd0TPVLCrLi8w phQtyr2OvfUdR8NaLO1PK1dKW5kuEGCFKujnUZzXAKjX72LDNgLAF6ltYMrMpi3L+WxJ lzP2jcxo6C7bqp0EwUfTNkJvkDvKOjcja4TQVUCijkQ7NXTvg7Z2EN/beSieE1/8cXTb f+XkyBlQj/QNS9JXlgyRqlFBsU9N3XmL56mXb1YHoWrMXjW9da6O5oRcXcdOtcQAnseI qsBw== X-Gm-Message-State: AGRZ1gJ9HV949fWP0ZGKHy7xEMs0VRVQztQKp6d733EdROynCDcKev9D 2Md9Yq0ytKGmJyiIi7KeRIci X-Google-Smtp-Source: AJdET5e+iW9AbimLYdSpr9SMYp0cEefytYY9nnE0STilNPoq/RFgrHRrVmJGo+Ij1YdX69cgK229jA== X-Received: by 2002:a17:902:7146:: with SMTP id u6-v6mr2791715plm.322.1541646356063; Wed, 07 Nov 2018 19:05:56 -0800 (PST) Received: from lithium.mbobrowski.org ([103.230.158.220]) by smtp.gmail.com with ESMTPSA id x63-v6sm2526888pfk.14.2018.11.07.19.05.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 19:05:55 -0800 (PST) Date: Thu, 8 Nov 2018 14:05:49 +1100 From: Matthew Bobrowski To: jack@suse.cz Cc: amir73il@gmail.com, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, sgrubb@redhat.com Subject: [PATCH v7 1/4] fanotify: return only user requested event types in event mask Message-ID: <812e19281cfb4de116fcb8baff1fcddcd63ceb4d.1541639254.git.mbobrowski@mbobrowski.org> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Modify fanotify_should_send_event() so that it now returns a mask for an event that contains ONLY flags for the event types that have been specifically requested by the user. Flags that may have been included within the event mask, but have not been explicitly requested by the user will not be present in the returned value. As an example, given the situation where a user requests events of type FAN_OPEN. Traditionally, the event mask returned within an event that occurred on a filesystem object that has been marked for monitoring and is opened, will only ever have the FAN_OPEN bit set. With the introduction of the new flags like FAN_OPEN_EXEC, and perhaps any other future event flags, there is a possibility of the returned event mask containing more than a single bit set, despite having only requested the single event type. Prior to these modifications performed to fanotify_should_send_event(), a user would have received a bundled event mask containing flags FAN_OPEN and FAN_OPEN_EXEC in the instance that a file was opened for execution via execve(), for example. This means that a user would receive event types in the returned event mask that have not been requested. This runs the possibility of breaking existing systems and causing other unforeseen issues. To mitigate this possibility, fanotify_should_send_event() has been modified to return the event mask containing ONLY event types explicitly requested by the user. This means that we will NOT report events that the user did no set a mask for, and we will NOT report events that the user has set an ignore mask for. The function name fanotify_should_send_event() has also been updated so that it's more relevant to what it has been designed to do. Signed-off-by: Matthew Bobrowski Reviewed-by: Amir Goldstein --- fs/notify/fanotify/fanotify.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c index e08a6647267b..0a09950317dd 100644 --- a/fs/notify/fanotify/fanotify.c +++ b/fs/notify/fanotify/fanotify.c @@ -89,7 +89,13 @@ static int fanotify_get_response(struct fsnotify_group *group, return ret; } -static bool fanotify_should_send_event(struct fsnotify_iter_info *iter_info, +/* + * This function returns a mask for an event that only contains the flags + * that have been specifically requested by the user. Flags that may have + * been included within the event mask, but have not been explicitly + * requested by the user, will not be present in the returned mask. + */ +static u32 fanotify_group_event_mask(struct fsnotify_iter_info *iter_info, u32 event_mask, const void *data, int data_type) { @@ -101,14 +107,14 @@ static bool fanotify_should_send_event(struct fsnotify_iter_info *iter_info, pr_debug("%s: report_mask=%x mask=%x data=%p data_type=%d\n", __func__, iter_info->report_mask, event_mask, data, data_type); - /* if we don't have enough info to send an event to userspace say no */ + /* If we don't have enough info to send an event to userspace say no */ if (data_type != FSNOTIFY_EVENT_PATH) - return false; + return 0; - /* sorry, fanotify only gives a damn about files and dirs */ + /* Sorry, fanotify only gives a damn about files and dirs */ if (!d_is_reg(path->dentry) && !d_can_lookup(path->dentry)) - return false; + return 0; fsnotify_foreach_obj_type(type) { if (!fsnotify_iter_should_report_type(iter_info, type)) @@ -131,11 +137,7 @@ static bool fanotify_should_send_event(struct fsnotify_iter_info *iter_info, !(marks_mask & FS_ISDIR & ~marks_ignored_mask)) return false; - if (event_mask & FANOTIFY_OUTGOING_EVENTS & - marks_mask & ~marks_ignored_mask) - return true; - - return false; + return event_mask & FANOTIFY_OUTGOING_EVENTS & marks_mask; } struct fanotify_event_info *fanotify_alloc_event(struct fsnotify_group *group, @@ -210,7 +212,8 @@ static int fanotify_handle_event(struct fsnotify_group *group, BUILD_BUG_ON(HWEIGHT32(ALL_FANOTIFY_EVENT_BITS) != 10); - if (!fanotify_should_send_event(iter_info, mask, data, data_type)) + mask = fanotify_group_event_mask(iter_info, mask, data, data_type); + if (!mask) return 0; pr_debug("%s: group=%p inode=%p mask=%x\n", __func__, group, inode, From patchwork Thu Nov 8 03:07:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Bobrowski X-Patchwork-Id: 10673405 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 30496109C for ; Thu, 8 Nov 2018 03:07:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1DD4C2D702 for ; Thu, 8 Nov 2018 03:07:24 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 120D12D705; Thu, 8 Nov 2018 03:07:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 805972D702 for ; Thu, 8 Nov 2018 03:07:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728679AbeKHMkl (ORCPT ); Thu, 8 Nov 2018 07:40:41 -0500 Received: from mail-pf1-f196.google.com ([209.85.210.196]:43023 "EHLO mail-pf1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728667AbeKHMkk (ORCPT ); Thu, 8 Nov 2018 07:40:40 -0500 Received: by mail-pf1-f196.google.com with SMTP id g7-v6so6367208pfo.10 for ; Wed, 07 Nov 2018 19:07:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mbobrowski-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=JhO6nDP7m+lfNYl1f8cMBuzdDVmaGispjDDlGhFI+Kc=; b=1Dbwz2WZy3YvFaVEmx6Hd45pVvHtHyKlu/m3OqMBYUHOmwVsgehuzEvgklg106lFSD s1qnT6eACgLs6EAWSCmVu2GD0M7c2HHZ4+onAcPNnwNtQjBkvY8/G3c9Bf+1coHmRWiv LVG4pS//Xwia6y8kuflYTwAR3LNh99LROSMDNxP4pG4J0oo1lBfddlbo3kh0Q4960uK9 J87TDZrMxxn2fmQlp8ikSzEbXWqF8GLVD8Y5Lk188ciRUfQHXgcZfGQQ24gliU/Af/vh MLs55vFauEyfzebqMxm2ZxHwVm3wj/XblMgQ3K111c1WVxDhupQhMlf+xwbZ2OX8LY3M F//w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=JhO6nDP7m+lfNYl1f8cMBuzdDVmaGispjDDlGhFI+Kc=; b=d2BzSI9B95/FMtc0xFSnu5MaDpuMzVCNs0icDJFEhXT1gyAsDsg5gVa45tcdkHvDCe ul6BPVDvtyD8DmnCXa6kV3jIwatDPTGaTZws40SZXIcvQatZYeP58YSub+Fp5vt97FAD AGr1480pRJSZVLpcooK8J/S+0EtpobU/7UEqYpFVgjk5mTyR1O2Ex+85DS881s+H9ijN 2pibnMXjkk4/bXUwh9o3DG37h1SrJ0npN2HlVBy4Cpc2968rsezI2YnWc1ymQSjTKVUJ pjHdcJ79DlXEYtasoUg9dQse3O0B27wVng5/7pL/PvF1JKt4ekLPfUmU7fgcnSWIfQ9D +n3g== X-Gm-Message-State: AGRZ1gJ+p8ysndepMLNKRRdJvQhJmqqvwY/jiKR8t2mywSMs0aU50hAJ 7cIZrCZ8cT2p9gLrQLCgf1GJgWvZ7GMJ X-Google-Smtp-Source: AJdET5dndHHsSbp+jLG+uv+KkQwOrhDASNgeNrCj/pfqBbhCz1j/NwGEY2EzOsnjLr/NWu19zMrvjQ== X-Received: by 2002:a63:205:: with SMTP id 5mr2413510pgc.327.1541646441276; Wed, 07 Nov 2018 19:07:21 -0800 (PST) Received: from lithium.mbobrowski.org ([103.230.158.220]) by smtp.gmail.com with ESMTPSA id 72-v6sm2418240pfl.126.2018.11.07.19.07.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 19:07:20 -0800 (PST) Date: Thu, 8 Nov 2018 14:07:14 +1100 From: Matthew Bobrowski To: jack@suse.cz Cc: amir73il@gmail.com, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, sgrubb@redhat.com Subject: [PATCH v7 2/4] fanotify: introduce new event mask FAN_OPEN_EXEC Message-ID: <05d2297ae76d5b7b00cc1d6af27b25e898e986c0.1541639254.git.mbobrowski@mbobrowski.org> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP A new event mask FAN_OPEN_EXEC has been defined so that users have the ability to receive events specifically when a file has been opened with the intent to be executed. Events of FAN_OPEN_EXEC type will be generated when a file has been opened using either execve(), execveat() or uselib() system calls. The feature is implemented within fsnotify_open() by generating the FAN_OPEN_EXEC event type if __FMODE_EXEC is set within file->f_flags. Signed-off-by: Matthew Bobrowski Reviewed-by: Amir Goldstein --- fs/notify/fanotify/fanotify.c | 3 ++- fs/notify/fsnotify.c | 2 +- include/linux/fanotify.h | 2 +- include/linux/fsnotify.h | 2 ++ include/linux/fsnotify_backend.h | 7 +++++-- include/uapi/linux/fanotify.h | 1 + 6 files changed, 12 insertions(+), 5 deletions(-) diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c index 0a09950317dd..e30f3a1d9699 100644 --- a/fs/notify/fanotify/fanotify.c +++ b/fs/notify/fanotify/fanotify.c @@ -209,8 +209,9 @@ static int fanotify_handle_event(struct fsnotify_group *group, BUILD_BUG_ON(FAN_OPEN_PERM != FS_OPEN_PERM); BUILD_BUG_ON(FAN_ACCESS_PERM != FS_ACCESS_PERM); BUILD_BUG_ON(FAN_ONDIR != FS_ISDIR); + BUILD_BUG_ON(FAN_OPEN_EXEC != FS_OPEN_EXEC); - BUILD_BUG_ON(HWEIGHT32(ALL_FANOTIFY_EVENT_BITS) != 10); + BUILD_BUG_ON(HWEIGHT32(ALL_FANOTIFY_EVENT_BITS) != 11); mask = fanotify_group_event_mask(iter_info, mask, data, data_type); if (!mask) diff --git a/fs/notify/fsnotify.c b/fs/notify/fsnotify.c index d2c34900ae05..b3f58f36a0ab 100644 --- a/fs/notify/fsnotify.c +++ b/fs/notify/fsnotify.c @@ -401,7 +401,7 @@ static __init int fsnotify_init(void) { int ret; - BUILD_BUG_ON(HWEIGHT32(ALL_FSNOTIFY_BITS) != 23); + BUILD_BUG_ON(HWEIGHT32(ALL_FSNOTIFY_BITS) != 24); ret = init_srcu_struct(&fsnotify_mark_srcu); if (ret) diff --git a/include/linux/fanotify.h b/include/linux/fanotify.h index a5a60691e48b..c521e4264f2b 100644 --- a/include/linux/fanotify.h +++ b/include/linux/fanotify.h @@ -37,7 +37,7 @@ /* Events that user can request to be notified on */ #define FANOTIFY_EVENTS (FAN_ACCESS | FAN_MODIFY | \ - FAN_CLOSE | FAN_OPEN) + FAN_CLOSE | FAN_OPEN | FAN_OPEN_EXEC) /* Events that require a permission response from user */ #define FANOTIFY_PERM_EVENTS (FAN_OPEN_PERM | FAN_ACCESS_PERM) diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h index fd1ce10553bf..1fe5ac93b252 100644 --- a/include/linux/fsnotify.h +++ b/include/linux/fsnotify.h @@ -215,6 +215,8 @@ static inline void fsnotify_open(struct file *file) if (S_ISDIR(inode->i_mode)) mask |= FS_ISDIR; + if (file->f_flags & __FMODE_EXEC) + mask |= FS_OPEN_EXEC; fsnotify_parent(path, NULL, mask); fsnotify(inode, mask, path, FSNOTIFY_EVENT_PATH, NULL, 0); diff --git a/include/linux/fsnotify_backend.h b/include/linux/fsnotify_backend.h index 135b973e44d1..39d94e62a836 100644 --- a/include/linux/fsnotify_backend.h +++ b/include/linux/fsnotify_backend.h @@ -38,6 +38,7 @@ #define FS_DELETE 0x00000200 /* Subfile was deleted */ #define FS_DELETE_SELF 0x00000400 /* Self was deleted */ #define FS_MOVE_SELF 0x00000800 /* Self was moved */ +#define FS_OPEN_EXEC 0x00001000 /* File was opened for exec */ #define FS_UNMOUNT 0x00002000 /* inode on umount fs */ #define FS_Q_OVERFLOW 0x00004000 /* Event queued overflowed */ @@ -62,7 +63,8 @@ #define FS_EVENTS_POSS_ON_CHILD (FS_ACCESS | FS_MODIFY | FS_ATTRIB |\ FS_CLOSE_WRITE | FS_CLOSE_NOWRITE | FS_OPEN |\ FS_MOVED_FROM | FS_MOVED_TO | FS_CREATE |\ - FS_DELETE | FS_OPEN_PERM | FS_ACCESS_PERM) + FS_DELETE | FS_OPEN_PERM | FS_ACCESS_PERM | \ + FS_OPEN_EXEC) #define FS_MOVE (FS_MOVED_FROM | FS_MOVED_TO) @@ -74,7 +76,8 @@ FS_MOVED_FROM | FS_MOVED_TO | FS_CREATE | \ FS_DELETE | FS_DELETE_SELF | FS_MOVE_SELF | \ FS_UNMOUNT | FS_Q_OVERFLOW | FS_IN_IGNORED | \ - FS_OPEN_PERM | FS_ACCESS_PERM | FS_DN_RENAME) + FS_OPEN_PERM | FS_ACCESS_PERM | FS_DN_RENAME | \ + FS_OPEN_EXEC) /* Extra flags that may be reported with event or control handling of events */ #define ALL_FSNOTIFY_FLAGS (FS_EXCL_UNLINK | FS_ISDIR | FS_IN_ONESHOT | \ diff --git a/include/uapi/linux/fanotify.h b/include/uapi/linux/fanotify.h index b86740d1c50a..d9664fbc905b 100644 --- a/include/uapi/linux/fanotify.h +++ b/include/uapi/linux/fanotify.h @@ -10,6 +10,7 @@ #define FAN_CLOSE_WRITE 0x00000008 /* Writtable file closed */ #define FAN_CLOSE_NOWRITE 0x00000010 /* Unwrittable file closed */ #define FAN_OPEN 0x00000020 /* File was opened */ +#define FAN_OPEN_EXEC 0x00001000 /* File was opened for exec */ #define FAN_Q_OVERFLOW 0x00004000 /* Event queued overflowed */ From patchwork Thu Nov 8 03:10:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Bobrowski X-Patchwork-Id: 10673407 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5A54E18FD for ; Thu, 8 Nov 2018 03:10:13 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 461642D267 for ; Thu, 8 Nov 2018 03:10:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3A41C2D347; Thu, 8 Nov 2018 03:10:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 98C692D267 for ; Thu, 8 Nov 2018 03:10:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728379AbeKHMna (ORCPT ); Thu, 8 Nov 2018 07:43:30 -0500 Received: from mail-pg1-f196.google.com ([209.85.215.196]:33221 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726726AbeKHMna (ORCPT ); Thu, 8 Nov 2018 07:43:30 -0500 Received: by mail-pg1-f196.google.com with SMTP id q5-v6so8224674pgv.0 for ; Wed, 07 Nov 2018 19:10:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mbobrowski-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=s4XMCCftzJV4iKkidkoox27dnDRvwdbWK2hfL/6qI40=; b=QoYHTus3tgUK0M2v9F34kmtpowuFxcBCw79kXJqwcw6mxi0d30a00DisqLBSrZSghs LNq/2AYDM/JghMafyngd5d6tceCqe0RajxmoQkqQM/mkgm4jwN7XLz+M+svaR4XJZToc ARpFp7Tp15ZozbZSRc85W2sopphH8ctRqPhAABG1heZue6wzNWH2Y4SlFGlyTZQ0/EfO mINR4dkoz/VQT+eSkQD+4Pemxaoo0t/Cx/dPfdb1XGcE4fp1QdU39jOxrI5oE7nvoZyX KHbplpfv7NPWRDfS34hWpQsIDnYugyCPhZ9uPvlwIWRvhC1+xujfNQmezT5n7XXvI80f EY8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=s4XMCCftzJV4iKkidkoox27dnDRvwdbWK2hfL/6qI40=; b=cLTt8RrJvfpYlNm5s1k7JAeSsdcUvWUzmcuCg+/GiWTHQ2gO9eG8le0xQKVoFh0lqv NM8meEjZdu4k2H6HwHZj0+oV5WBCUxEK/CKg2BIVIUi51NF68I2ouDpU9UIYstICan3F y5hOATdqk6vUZrB5su5PqJ9a9xn/L7cvtFkzry05yJaH6C+xbMQHM3o/BTBRpS2x9fU+ RRqj/ygqbwsyMx24aj3BiA1z5tPp+xR06V4RLADwzddhupm66oOd9J/goHoWIN2xRqsI kP0QDObbwEBsr3mEig/TcpFE6I9eHjJ267sirsUIDVYuUbBD0xrinY4JY6AjNtVnLfiw ILdg== X-Gm-Message-State: AGRZ1gJ4ZyAYQP/E64uaNc/1YCmLhWxmyr7h3l1QBWUIuHV6gNxN2ZoL bPipIkeza14m644UhgXReKFV X-Google-Smtp-Source: AJdET5duKH+drMkn0jGdGyX2EUoTewdZ92kEegPrSLj8xj4t4Q23ezilU8MYX+hVbBbHGPtk22UqcQ== X-Received: by 2002:a62:5bc7:: with SMTP id p190-v6mr2900673pfb.175.1541646609918; Wed, 07 Nov 2018 19:10:09 -0800 (PST) Received: from lithium.mbobrowski.org ([103.230.158.220]) by smtp.gmail.com with ESMTPSA id y71-v6sm2537315pfk.70.2018.11.07.19.10.07 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 19:10:09 -0800 (PST) Date: Thu, 8 Nov 2018 14:10:03 +1100 From: Matthew Bobrowski To: jack@suse.cz Cc: amir73il@gmail.com, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, sgrubb@redhat.com Subject: [PATCH v7 3/4] fsnotify: refactor fsnotify_parent()/fsnotify() paired calls when event is on path Message-ID: <643f78d4904acc4af4646b26f92bb3d8ab487330.1541639254.git.mbobrowski@mbobrowski.org> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP A wrapper function fsnotify_path() has been defined to simplify the paired calls to fsnotify_parent()/fsnotify(). All hooks that made use these paired calls and passed FSNOTIFY_EVENT_PATH have been updated accordingly. Signed-off-by: Matthew Bobrowski Reviewed-by: Amir Goldstein --- include/linux/fsnotify.h | 42 +++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h index 1fe5ac93b252..c29f2f072c2c 100644 --- a/include/linux/fsnotify.h +++ b/include/linux/fsnotify.h @@ -26,13 +26,26 @@ static inline int fsnotify_parent(const struct path *path, struct dentry *dentry return __fsnotify_parent(path, dentry, mask); } +/* + * Simple wrapper to consolidate calls fsnotify_parent()/fsnotify() when + * an event is on a path. + */ +static inline int fsnotify_path(struct inode *inode, const struct path *path, + __u32 mask) +{ + int ret = fsnotify_parent(path, NULL, mask); + + if (ret) + return ret; + return fsnotify(inode, mask, path, FSNOTIFY_EVENT_PATH, NULL, 0); +} + /* simple call site for access decisions */ static inline int fsnotify_perm(struct file *file, int mask) { const struct path *path = &file->f_path; struct inode *inode = file_inode(file); __u32 fsnotify_mask = 0; - int ret; if (file->f_mode & FMODE_NONOTIFY) return 0; @@ -45,11 +58,7 @@ static inline int fsnotify_perm(struct file *file, int mask) else BUG(); - ret = fsnotify_parent(path, NULL, fsnotify_mask); - if (ret) - return ret; - - return fsnotify(inode, fsnotify_mask, path, FSNOTIFY_EVENT_PATH, NULL, 0); + return fsnotify_path(inode, path, fsnotify_mask); } /* @@ -180,10 +189,8 @@ static inline void fsnotify_access(struct file *file) if (S_ISDIR(inode->i_mode)) mask |= FS_ISDIR; - if (!(file->f_mode & FMODE_NONOTIFY)) { - fsnotify_parent(path, NULL, mask); - fsnotify(inode, mask, path, FSNOTIFY_EVENT_PATH, NULL, 0); - } + if (!(file->f_mode & FMODE_NONOTIFY)) + fsnotify_path(inode, path, mask); } /* @@ -198,10 +205,8 @@ static inline void fsnotify_modify(struct file *file) if (S_ISDIR(inode->i_mode)) mask |= FS_ISDIR; - if (!(file->f_mode & FMODE_NONOTIFY)) { - fsnotify_parent(path, NULL, mask); - fsnotify(inode, mask, path, FSNOTIFY_EVENT_PATH, NULL, 0); - } + if (!(file->f_mode & FMODE_NONOTIFY)) + fsnotify_path(inode, path, mask); } /* @@ -218,8 +223,7 @@ static inline void fsnotify_open(struct file *file) if (file->f_flags & __FMODE_EXEC) mask |= FS_OPEN_EXEC; - fsnotify_parent(path, NULL, mask); - fsnotify(inode, mask, path, FSNOTIFY_EVENT_PATH, NULL, 0); + fsnotify_path(inode, path, mask); } /* @@ -235,10 +239,8 @@ static inline void fsnotify_close(struct file *file) if (S_ISDIR(inode->i_mode)) mask |= FS_ISDIR; - if (!(file->f_mode & FMODE_NONOTIFY)) { - fsnotify_parent(path, NULL, mask); - fsnotify(inode, mask, path, FSNOTIFY_EVENT_PATH, NULL, 0); - } + if (!(file->f_mode & FMODE_NONOTIFY)) + fsnotify_path(inode, path, mask); } /* From patchwork Thu Nov 8 03:12:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Bobrowski X-Patchwork-Id: 10673409 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1414C14D6 for ; Thu, 8 Nov 2018 03:12:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EC2BF2D756 for ; Thu, 8 Nov 2018 03:12:53 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E595C2D782; Thu, 8 Nov 2018 03:12:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 30C9B2D756 for ; Thu, 8 Nov 2018 03:12:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728537AbeKHMqL (ORCPT ); Thu, 8 Nov 2018 07:46:11 -0500 Received: from mail-pg1-f196.google.com ([209.85.215.196]:43122 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726726AbeKHMqL (ORCPT ); Thu, 8 Nov 2018 07:46:11 -0500 Received: by mail-pg1-f196.google.com with SMTP id n10-v6so8206474pgv.10 for ; Wed, 07 Nov 2018 19:12:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mbobrowski-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=fh4cvm9pUbzF0b554rbnVMk+31SumOSTDSUZPZxqOKw=; b=aTZfL3BLaWs1W2PsZMSePJBlY2GvMPdD614fWT7zHxYF/kb7tb9H+JDo0Qayhj9WhA A5wa6a6lmGjXknPcc3NhyAoUh9KLbREif7kT1DE/VWXTy7CgvuU4wDyksXsraeKEURNz bqqFC653a7++37T71RZyYxRf7cro3v2DUN6Zvm8Tzec0exUTxIbShsNstikzCbsZ2yEx oEoqPaw6XtVOpqBntf8JZwBBmTYQfh9Ud6vwf3hgqsFs+wbXGBdEyW6iqxjishd60hLt Lu3XjgK4PH5vzibJeLdIFC0YlTYpOy8ijumzd9wn17lfC76EFWkrvCkgmFSQ67zosUgZ 5YeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=fh4cvm9pUbzF0b554rbnVMk+31SumOSTDSUZPZxqOKw=; b=J3CbvUC0CqWex1ac8FlCF7SUIxdV0yXs0UuhHro1kdIip9sQMvH5F02Yr6GWnQVbVH lfYWaH/UXmKeiNGZLDX5rNkQfON6IGacih0FreGGGEdrBGYC1N4yWoTbnH2JNpA8kbzC fQfc8c3kYb73xbgg0yv9mQFtxs3+qgYRLvsP6z0FBguj+VKXt2opWbU+mKvMvQnlreFM 0ub+E7uYyOPZAkDQCfAMfpZfevgunr+Z4I49xY9n5V4QAxV/JdHdGteOiMq3kjN9AMRc XtWUiHl0X/xK9mbZQWAy6s7jlznlNfr9lu1OOG1Va4Xg8RjmGY57awn7gUvpt31BBiV8 +Sqg== X-Gm-Message-State: AGRZ1gKHeWir3pL/CC4ToXEPlrxNoG9TTvPcJPMHMrNBRCacXazyTybW MxnATJhnlBXIHRqkPvA2XQEn X-Google-Smtp-Source: AJdET5fa5c20Zh5JZ8RTsNZFCT2Xs4ErzuuxG74a3SJNV9afISYtbBhFXlTSSHciJBqlJP5B2/OalA== X-Received: by 2002:a62:d084:: with SMTP id p126-v6mr3020664pfg.147.1541646770937; Wed, 07 Nov 2018 19:12:50 -0800 (PST) Received: from lithium.mbobrowski.org ([103.230.158.220]) by smtp.gmail.com with ESMTPSA id s186-v6sm3552817pfs.164.2018.11.07.19.12.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 19:12:50 -0800 (PST) Date: Thu, 8 Nov 2018 14:12:44 +1100 From: Matthew Bobrowski To: jack@suse.cz Cc: amir73il@gmail.com, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, sgrubb@redhat.com Subject: [PATCH v7 4/4] fanotify: introduce new event mask FAN_OPEN_EXEC_PERM Message-ID: References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP A new event mask FAN_OPEN_EXEC_PERM has been defined. This allows users to receive events and grant access to files that are intending to be opened for execution. Events of FAN_OPEN_EXEC_PERM type will be generated when a file has been opened by using either execve(), execveat() or uselib() system calls. This acts in the same manner as previous permission event maks, meaning that an access response is required from the user application in order to permit any further operations on the file. This feature is implemented within fsnotify_perm() hook by setting the FAN_OPEN_EXEC_PERM mask if __FMODE_EXEC is set within file->f_flags. Signed-off-by: Matthew Bobrowski Reviewed-by: Amir Goldstein --- fs/notify/fanotify/fanotify.c | 3 ++- fs/notify/fsnotify.c | 2 +- include/linux/fanotify.h | 3 ++- include/linux/fsnotify.h | 17 ++++++++++++----- include/linux/fsnotify_backend.h | 8 +++++--- include/uapi/linux/fanotify.h | 1 + 6 files changed, 23 insertions(+), 11 deletions(-) diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c index e30f3a1d9699..d9aa505591eb 100644 --- a/fs/notify/fanotify/fanotify.c +++ b/fs/notify/fanotify/fanotify.c @@ -210,8 +210,9 @@ static int fanotify_handle_event(struct fsnotify_group *group, BUILD_BUG_ON(FAN_ACCESS_PERM != FS_ACCESS_PERM); BUILD_BUG_ON(FAN_ONDIR != FS_ISDIR); BUILD_BUG_ON(FAN_OPEN_EXEC != FS_OPEN_EXEC); + BUILD_BUG_ON(FAN_OPEN_EXEC_PERM != FS_OPEN_EXEC_PERM); - BUILD_BUG_ON(HWEIGHT32(ALL_FANOTIFY_EVENT_BITS) != 11); + BUILD_BUG_ON(HWEIGHT32(ALL_FANOTIFY_EVENT_BITS) != 12); mask = fanotify_group_event_mask(iter_info, mask, data, data_type); if (!mask) diff --git a/fs/notify/fsnotify.c b/fs/notify/fsnotify.c index b3f58f36a0ab..ecf09b6243d9 100644 --- a/fs/notify/fsnotify.c +++ b/fs/notify/fsnotify.c @@ -401,7 +401,7 @@ static __init int fsnotify_init(void) { int ret; - BUILD_BUG_ON(HWEIGHT32(ALL_FSNOTIFY_BITS) != 24); + BUILD_BUG_ON(HWEIGHT32(ALL_FSNOTIFY_BITS) != 25); ret = init_srcu_struct(&fsnotify_mark_srcu); if (ret) diff --git a/include/linux/fanotify.h b/include/linux/fanotify.h index c521e4264f2b..9e2142795335 100644 --- a/include/linux/fanotify.h +++ b/include/linux/fanotify.h @@ -40,7 +40,8 @@ FAN_CLOSE | FAN_OPEN | FAN_OPEN_EXEC) /* Events that require a permission response from user */ -#define FANOTIFY_PERM_EVENTS (FAN_OPEN_PERM | FAN_ACCESS_PERM) +#define FANOTIFY_PERM_EVENTS (FAN_OPEN_PERM | FAN_ACCESS_PERM | \ + FAN_OPEN_EXEC_PERM) /* Extra flags that may be reported with event or control handling of events */ #define FANOTIFY_EVENT_FLAGS (FAN_EVENT_ON_CHILD | FAN_ONDIR) diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h index c29f2f072c2c..2ccb08cb5d6a 100644 --- a/include/linux/fsnotify.h +++ b/include/linux/fsnotify.h @@ -40,9 +40,10 @@ static inline int fsnotify_path(struct inode *inode, const struct path *path, return fsnotify(inode, mask, path, FSNOTIFY_EVENT_PATH, NULL, 0); } -/* simple call site for access decisions */ +/* Simple call site for access decisions */ static inline int fsnotify_perm(struct file *file, int mask) { + int ret; const struct path *path = &file->f_path; struct inode *inode = file_inode(file); __u32 fsnotify_mask = 0; @@ -51,12 +52,18 @@ static inline int fsnotify_perm(struct file *file, int mask) return 0; if (!(mask & (MAY_READ | MAY_OPEN))) return 0; - if (mask & MAY_OPEN) + if (mask & MAY_OPEN) { fsnotify_mask = FS_OPEN_PERM; - else if (mask & MAY_READ) + + if (file->f_flags & __FMODE_EXEC) { + ret = fsnotify_path(inode, path, FS_OPEN_EXEC_PERM); + + if (ret) + return ret; + } + } else if (mask & MAY_READ) { fsnotify_mask = FS_ACCESS_PERM; - else - BUG(); + } return fsnotify_path(inode, path, fsnotify_mask); } diff --git a/include/linux/fsnotify_backend.h b/include/linux/fsnotify_backend.h index 39d94e62a836..7639774e7475 100644 --- a/include/linux/fsnotify_backend.h +++ b/include/linux/fsnotify_backend.h @@ -46,6 +46,7 @@ #define FS_OPEN_PERM 0x00010000 /* open event in an permission hook */ #define FS_ACCESS_PERM 0x00020000 /* access event in a permissions hook */ +#define FS_OPEN_EXEC_PERM 0x00040000 /* open/exec event in a permission hook */ #define FS_EXCL_UNLINK 0x04000000 /* do not send events if object is unlinked */ #define FS_ISDIR 0x40000000 /* event occurred against dir */ @@ -64,11 +65,12 @@ FS_CLOSE_WRITE | FS_CLOSE_NOWRITE | FS_OPEN |\ FS_MOVED_FROM | FS_MOVED_TO | FS_CREATE |\ FS_DELETE | FS_OPEN_PERM | FS_ACCESS_PERM | \ - FS_OPEN_EXEC) + FS_OPEN_EXEC | FS_OPEN_EXEC_PERM) #define FS_MOVE (FS_MOVED_FROM | FS_MOVED_TO) -#define ALL_FSNOTIFY_PERM_EVENTS (FS_OPEN_PERM | FS_ACCESS_PERM) +#define ALL_FSNOTIFY_PERM_EVENTS (FS_OPEN_PERM | FS_ACCESS_PERM | \ + FS_OPEN_EXEC_PERM) /* Events that can be reported to backends */ #define ALL_FSNOTIFY_EVENTS (FS_ACCESS | FS_MODIFY | FS_ATTRIB | \ @@ -77,7 +79,7 @@ FS_DELETE | FS_DELETE_SELF | FS_MOVE_SELF | \ FS_UNMOUNT | FS_Q_OVERFLOW | FS_IN_IGNORED | \ FS_OPEN_PERM | FS_ACCESS_PERM | FS_DN_RENAME | \ - FS_OPEN_EXEC) + FS_OPEN_EXEC | FS_OPEN_EXEC_PERM) /* Extra flags that may be reported with event or control handling of events */ #define ALL_FSNOTIFY_FLAGS (FS_EXCL_UNLINK | FS_ISDIR | FS_IN_ONESHOT | \ diff --git a/include/uapi/linux/fanotify.h b/include/uapi/linux/fanotify.h index d9664fbc905b..909c98fcace2 100644 --- a/include/uapi/linux/fanotify.h +++ b/include/uapi/linux/fanotify.h @@ -16,6 +16,7 @@ #define FAN_OPEN_PERM 0x00010000 /* File open in perm check */ #define FAN_ACCESS_PERM 0x00020000 /* File accessed in perm check */ +#define FAN_OPEN_EXEC_PERM 0x00040000 /* File open/exec in perm check */ #define FAN_ONDIR 0x40000000 /* event occurred against dir */