From: Amir Goldstein <amir73il@gmail.com>
To: Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>
Cc: Jeff Layton <jlayton@kernel.org>,
Josef Bacik <josef@toxicpanda.com>,
Christoph Hellwig <hch@lst.de>,
David Howells <dhowells@redhat.com>, Jens Axboe <axboe@kernel.dk>,
Miklos Szeredi <miklos@szeredi.hu>,
Al Viro <viro@zeniv.linux.org.uk>,
linux-fsdevel@vger.kernel.org
Subject: [PATCH 4/4] fsnotify: pass access range in file permission hooks
Date: Thu, 7 Dec 2023 14:38:25 +0200 [thread overview]
Message-ID: <20231207123825.4011620-5-amir73il@gmail.com> (raw)
In-Reply-To: <20231207123825.4011620-1-amir73il@gmail.com>
In preparation for pre-content permission events with file access range,
move fsnotify_file_perm() hook out of security_file_permission() and into
the callers that have the access range information and pass the access
range to fsnotify_file_perm().
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
---
fs/open.c | 4 ++++
fs/read_write.c | 10 ++++++++--
fs/readdir.c | 4 ++++
fs/remap_range.c | 8 +++++++-
include/linux/fsnotify.h | 3 ++-
security/security.c | 8 +-------
6 files changed, 26 insertions(+), 11 deletions(-)
diff --git a/fs/open.c b/fs/open.c
index 02dc608d40d8..530f70da69e1 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -304,6 +304,10 @@ int vfs_fallocate(struct file *file, int mode, loff_t offset, loff_t len)
if (ret)
return ret;
+ ret = fsnotify_file_perm(file, MAY_WRITE, &offset, len);
+ if (ret)
+ return ret;
+
if (S_ISFIFO(inode->i_mode))
return -ESPIPE;
diff --git a/fs/read_write.c b/fs/read_write.c
index 97a9d5c7ad96..1b5b0883edba 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -354,6 +354,9 @@ SYSCALL_DEFINE5(llseek, unsigned int, fd, unsigned long, offset_high,
int rw_verify_area(int read_write, struct file *file, const loff_t *ppos, size_t count)
{
+ int mask = read_write == READ ? MAY_READ : MAY_WRITE;
+ int ret;
+
if (unlikely((ssize_t) count < 0))
return -EINVAL;
@@ -371,8 +374,11 @@ int rw_verify_area(int read_write, struct file *file, const loff_t *ppos, size_t
}
}
- return security_file_permission(file,
- read_write == READ ? MAY_READ : MAY_WRITE);
+ ret = security_file_permission(file, mask);
+ if (ret)
+ return ret;
+
+ return fsnotify_file_perm(file, mask, ppos, count);
}
EXPORT_SYMBOL(rw_verify_area);
diff --git a/fs/readdir.c b/fs/readdir.c
index c8c46e294431..684ae75d94a4 100644
--- a/fs/readdir.c
+++ b/fs/readdir.c
@@ -96,6 +96,10 @@ int iterate_dir(struct file *file, struct dir_context *ctx)
if (res)
goto out;
+ res = fsnotify_file_perm(file, MAY_READ, NULL, 0);
+ if (res)
+ goto out;
+
res = down_read_killable(&inode->i_rwsem);
if (res)
goto out;
diff --git a/fs/remap_range.c b/fs/remap_range.c
index 12131f2a6c9e..ee4729aafbde 100644
--- a/fs/remap_range.c
+++ b/fs/remap_range.c
@@ -102,7 +102,9 @@ static int generic_remap_checks(struct file *file_in, loff_t pos_in,
static int remap_verify_area(struct file *file, loff_t pos, loff_t len,
bool write)
{
+ int mask = write ? MAY_WRITE : MAY_READ;
loff_t tmp;
+ int ret;
if (unlikely(pos < 0 || len < 0))
return -EINVAL;
@@ -110,7 +112,11 @@ static int remap_verify_area(struct file *file, loff_t pos, loff_t len,
if (unlikely(check_add_overflow(pos, len, &tmp)))
return -EINVAL;
- return security_file_permission(file, write ? MAY_WRITE : MAY_READ);
+ ret = security_file_permission(file, mask);
+ if (ret)
+ return ret;
+
+ return fsnotify_file_perm(file, mask, &pos, len);
}
/*
diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
index 0a9d6a8a747a..45e6ecbca057 100644
--- a/include/linux/fsnotify.h
+++ b/include/linux/fsnotify.h
@@ -103,7 +103,8 @@ static inline int fsnotify_file(struct file *file, __u32 mask)
/*
* fsnotify_file_perm - permission hook before file access
*/
-static inline int fsnotify_file_perm(struct file *file, int perm_mask)
+static inline int fsnotify_file_perm(struct file *file, int perm_mask,
+ const loff_t *ppos, size_t count)
{
__u32 fsnotify_mask = FS_ACCESS_PERM;
diff --git a/security/security.c b/security/security.c
index d7f3703c5905..2a7fc7881cbc 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2580,13 +2580,7 @@ int security_kernfs_init_security(struct kernfs_node *kn_dir,
*/
int security_file_permission(struct file *file, int mask)
{
- int ret;
-
- ret = call_int_hook(file_permission, 0, file, mask);
- if (ret)
- return ret;
-
- return fsnotify_file_perm(file, mask);
+ return call_int_hook(file_permission, 0, file, mask);
}
/**
--
2.34.1
next prev parent reply other threads:[~2023-12-07 12:38 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-07 12:38 [PATCH 0/4] Prepare for fsnotify pre-content permission events Amir Goldstein
2023-12-07 12:38 ` [PATCH 1/4] fs: use splice_copy_file_range() inline helper Amir Goldstein
2023-12-08 17:33 ` Christian Brauner
2023-12-10 10:07 ` Amir Goldstein
2023-12-08 18:27 ` Jan Kara
2023-12-07 12:38 ` [PATCH 2/4] fsnotify: split fsnotify_perm() into two hooks Amir Goldstein
2023-12-08 18:33 ` Jan Kara
2023-12-07 12:38 ` [PATCH 3/4] fsnotify: assert that file_start_write() is not held in permission hooks Amir Goldstein
2023-12-08 18:46 ` Jan Kara
2023-12-08 21:02 ` Amir Goldstein
2023-12-11 10:30 ` Jan Kara
2023-12-11 10:57 ` Amir Goldstein
2023-12-07 12:38 ` Amir Goldstein [this message]
2023-12-08 17:52 ` [PATCH 4/4] fsnotify: pass access range in file " Christian Brauner
2023-12-08 18:53 ` Jan Kara
2023-12-08 21:34 ` Amir Goldstein
2023-12-10 13:24 ` Amir Goldstein
2023-12-11 11:49 ` Jan Kara
2023-12-11 12:00 ` Amir Goldstein
2023-12-11 14:53 ` Jan Kara
2023-12-07 21:51 ` [PATCH 0/4] Prepare for fsnotify pre-content permission events Josef Bacik
2023-12-08 7:34 ` Amir Goldstein
2023-12-15 17:00 ` Amir Goldstein
2023-12-15 20:04 ` Josef Bacik
2023-12-08 17:54 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231207123825.4011620-5-amir73il@gmail.com \
--to=amir73il@gmail.com \
--cc=axboe@kernel.dk \
--cc=brauner@kernel.org \
--cc=dhowells@redhat.com \
--cc=hch@lst.de \
--cc=jack@suse.cz \
--cc=jlayton@kernel.org \
--cc=josef@toxicpanda.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.