From: Amir Goldstein <amir73il@gmail.com>
To: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Matthew Bobrowski <repnop@google.com>, Jan Kara <jack@suse.cz>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Linux API <linux-api@vger.kernel.org>
Subject: Re: [PATCH 5/5] fanotify: Add pidfd info record support to the fanotify API
Date: Thu, 20 May 2021 16:43:48 +0300 [thread overview]
Message-ID: <CAOQ4uxhvD2w1i3ia=8=4iCNEYDJ3wfps6AOLdUBXVi-H9Xu-OQ@mail.gmail.com> (raw)
In-Reply-To: <20210520081755.eqey4ryngngt4yqd@wittgenstein>
On Thu, May 20, 2021 at 11:17 AM Christian Brauner
<christian.brauner@ubuntu.com> wrote:
>
> On Thu, May 20, 2021 at 12:11:51PM +1000, Matthew Bobrowski wrote:
> > Introduce a new flag FAN_REPORT_PIDFD for fanotify_init(2) which
> > allows userspace applications to control whether a pidfd info record
> > containing a pidfd is to be returned with each event.
> >
> > If FAN_REPORT_PIDFD is enabled for a notification group, an additional
> > struct fanotify_event_info_pidfd object will be supplied alongside the
> > generic struct fanotify_event_metadata within a single event. This
> > functionality is analogous to that of FAN_REPORT_FID in terms of how
> > the event structure is supplied to the userspace application. Usage of
> > FAN_REPORT_PIDFD with FAN_REPORT_FID/FAN_REPORT_DFID_NAME is
> > permitted, and in this case a struct fanotify_event_info_pidfd object
> > will follow any struct fanotify_event_info_fid object.
> >
> > Usage of FAN_REPORT_TID is not permitted with FAN_REPORT_PIDFD as the
> > pidfd API only supports the creation of pidfds for thread-group
> > leaders. Attempting to do so will result with a -EINVAL being returned
> > when calling fanotify_init(2).
> >
> > If pidfd creation fails via pidfd_create(), the pidfd field within
> > struct fanotify_event_info_pidfd is set to FAN_NOPIDFD.
> >
> > Signed-off-by: Matthew Bobrowski <repnop@google.com>
> > ---
> > fs/notify/fanotify/fanotify_user.c | 65 +++++++++++++++++++++++++++---
> > include/linux/fanotify.h | 3 +-
> > include/uapi/linux/fanotify.h | 12 ++++++
> > 3 files changed, 74 insertions(+), 6 deletions(-)
> >
> > diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
> > index 1e15f3222eb2..bba61988f4a0 100644
> > --- a/fs/notify/fanotify/fanotify_user.c
> > +++ b/fs/notify/fanotify/fanotify_user.c
> > @@ -106,6 +106,8 @@ struct kmem_cache *fanotify_perm_event_cachep __read_mostly;
> > #define FANOTIFY_EVENT_ALIGN 4
> > #define FANOTIFY_FID_INFO_HDR_LEN \
> > (sizeof(struct fanotify_event_info_fid) + sizeof(struct file_handle))
> > +#define FANOTIFY_PIDFD_INFO_HDR_LEN \
> > + sizeof(struct fanotify_event_info_pidfd)
> >
> > static int fanotify_fid_info_len(int fh_len, int name_len)
> > {
> > @@ -141,6 +143,9 @@ static int fanotify_event_info_len(unsigned int info_mode,
> > if (fh_len)
> > info_len += fanotify_fid_info_len(fh_len, dot_len);
> >
> > + if (info_mode & FAN_REPORT_PIDFD)
> > + info_len += FANOTIFY_PIDFD_INFO_HDR_LEN;
> > +
> > return info_len;
> > }
> >
> > @@ -401,6 +406,29 @@ static int copy_fid_info_to_user(__kernel_fsid_t *fsid,
> > return info_len;
> > }
> >
> > +static int copy_pidfd_info_to_user(struct pid *pid,
> > + char __user *buf,
> > + size_t count)
> > +{
> > + struct fanotify_event_info_pidfd info = { };
> > + size_t info_len = FANOTIFY_PIDFD_INFO_HDR_LEN;
> > +
> > + if (WARN_ON_ONCE(info_len > count))
> > + return -EFAULT;
> > +
> > + info.hdr.info_type = FAN_EVENT_INFO_TYPE_PIDFD;
> > + info.hdr.len = info_len;
> > +
> > + info.pidfd = pidfd_create(pid, 0);
> > + if (info.pidfd < 0)
> > + info.pidfd = FAN_NOPIDFD;
> > +
> > + if (copy_to_user(buf, &info, info_len))
> > + return -EFAULT;
>
> Hm, well this kinda sucks. The caller can end up with a pidfd in their
> fd table and when the copy_to_user() failed they won't know what fd it
Good catch!
But I prefer to solve it differently, because moving fd_install() to the
end of this function does not guarantee that copy_event_to_user()
won't return an error one day with dangling pidfd in fd table.
It might be simpler to do pidfd_create() next to create_fd() in
copy_event_to_user() and pass pidfd to copy_pidfd_info_to_user().
pidfd can be closed on error along with fd on out_close_fd label.
You also forgot to add CAP_SYS_ADMIN check before pidfd_create()
(even though fanotify_init() does check for that).
Anyway, something like:
if (!capable(CAP_SYS_ADMIN) &&
task_tgid(current) != event->pid)
metadata.pid = 0;
+ else if (pidfd_mode)
+ pidfd = pidfd_create(pid, 0);
[...]
+ if (pidfd_mode)
+ ret = copy_pidfd_info_to_user(pidfd, buf, count);
return metadata.event_len;
out_close_fd:
+ if (pidfd != FAN_NOPIDFD) {
...
And in any case, it wrong to call copy_pidfd_info_to_user() from
copy_info_to_user(). It needs to be called once from copy_event_to_user()
because copy_pidfd_info_to_user() may be called twice to report both
FAN_EVENT_INFO_TYPE_FID and FAN_EVENT_INFO_TYPE_DFID
records for the same event.
Thanks,
Amir.
next prev parent reply other threads:[~2021-05-20 13:44 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-20 2:09 [PATCH 0/5] Add pidfd support to the fanotify API Matthew Bobrowski
2021-05-20 2:10 ` [PATCH 1/5] kernel/pid.c: remove static qualifier from pidfd_create() Matthew Bobrowski
2021-05-20 2:10 ` [PATCH 2/5] kernel/pid.c: implement checks on parameters passed to pidfd_create() Matthew Bobrowski
2021-05-20 2:11 ` [PATCH 3/5] fanotify_user.c: minor cosmetic adjustments to fid labels Matthew Bobrowski
2021-05-20 2:11 ` [PATCH 4/5] fanotify/fanotify_user.c: introduce a generic info record copying function Matthew Bobrowski
2021-05-20 13:59 ` Amir Goldstein
2021-05-21 9:26 ` Matthew Bobrowski
2021-05-20 2:11 ` [PATCH 5/5] fanotify: Add pidfd info record support to the fanotify API Matthew Bobrowski
2021-05-20 8:17 ` Christian Brauner
2021-05-20 13:43 ` Amir Goldstein [this message]
2021-05-21 9:21 ` Matthew Bobrowski
2021-05-21 9:41 ` Amir Goldstein
2021-05-21 10:24 ` Jan Kara
2021-05-21 11:10 ` Amir Goldstein
2021-05-21 13:19 ` Jan Kara
2021-05-21 13:52 ` Amir Goldstein
2021-05-21 15:14 ` Jan Kara
2021-05-22 0:41 ` Matthew Bobrowski
2021-05-22 9:01 ` Amir Goldstein
2021-05-20 13:55 ` [PATCH 0/5] Add pidfd " Jan Kara
2021-05-21 10:15 ` Matthew Bobrowski
2021-05-21 10:40 ` Jan Kara
2021-05-21 23:32 ` Matthew Bobrowski
2021-05-24 8:47 ` Jan Kara
2021-05-25 10:31 ` Christian Brauner
2021-05-25 23:20 ` Matthew Bobrowski
2021-05-26 18:05 ` Christian Brauner
2021-05-26 22:54 ` Matthew Bobrowski
2021-06-01 11:03 ` Matthew Bobrowski
2021-06-01 11:46 ` Christian Brauner
2021-06-02 6:30 ` Matthew Bobrowski
2021-06-02 7:18 ` Amir Goldstein
2021-06-02 8:48 ` Christian Brauner
2021-06-02 10:56 ` Matthew Bobrowski
2021-06-02 12:46 ` Christian Brauner
2021-06-02 10:43 ` Matthew Bobrowski
2021-06-02 12:18 ` Amir Goldstein
2021-06-03 1:24 ` Matthew Bobrowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAOQ4uxhvD2w1i3ia=8=4iCNEYDJ3wfps6AOLdUBXVi-H9Xu-OQ@mail.gmail.com' \
--to=amir73il@gmail.com \
--cc=christian.brauner@ubuntu.com \
--cc=jack@suse.cz \
--cc=linux-api@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=repnop@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).