linux-usb.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: David Howells <dhowells@redhat.com>
To: viro@zeniv.linux.org.uk
Cc: dhowells@redhat.com, Casey Schaufler <casey@schaufler-ca.com>,
	Stephen Smalley <sds@tycho.nsa.gov>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	nicolas.dichtel@6wind.com, raven@themaw.net,
	Christian Brauner <christian@brauner.io>,
	dhowells@redhat.com, keyrings@vger.kernel.org,
	linux-usb@vger.kernel.org, linux-security-module@vger.kernel.org,
	linux-fsdevel@vger.kernel.org, linux-api@vger.kernel.org,
	linux-block@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH 0/6] Mount and superblock notifications [ver #5]
Date: Fri, 28 Jun 2019 16:50:13 +0100	[thread overview]
Message-ID: <156173701358.15650.8735203424342507015.stgit@warthog.procyon.org.uk> (raw)


Here's a set of patches to adds VFS-related watches to the general
notification system to add sources of events for:

 (1) Mount topology events, such as mounting, unmounting, mount expiry,
     mount reconfiguration.

 (2) Superblock events, such as R/W<->R/O changes, quota overrun and I/O
     errors (not complete yet).

One of the reasons for this is so that we can remove the issue of processes
having to repeatedly and regularly scan /proc/mounts, which has proven to
be a system performance problem.  To further aid this, the fsinfo() syscall
on which this patch series depends, provides a way to access superblock and
mount information in binary form without the need to parse /proc/mounts.

LSM hooks are included are provided that allow an LSM to rule on whether or
not a watch may be set.  Each of these hooks takes a different "watched
object" parameter, so they're not really shareable.  The LSM should use
current's credentials.  [Wanted by SELinux & Smack]

Watches are created with:

	watch_mount(AT_FDCWD, "/", 0, fd, 0x03);
	watch_sb(AT_FDCWD, "/mnt", 0, fd, 0x04);

where in all three cases, fd indicates the queue and the number after is a
tag between 0 and 255.

Further things that could be considered:

 (1) Adding global superblock event queue.

 (2) Propagating watches to child superblock over automounts.


The patches can be found here also:

	http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=notifications

Changes:

 ver #5:

 (*) The superblock watch and mount watch parts are split out into this set
     from the core branch (notifications-core) as it depends on fsinfo().

David
---
David Howells (6):
      security: Add hooks to rule on setting a superblock or mount watch
      Adjust watch_queue documentation to mention mount and superblock watches.
      vfs: Add a mount-notification facility
      vfs: Add superblock notifications
      fsinfo: Export superblock notification counter
      Add sample notification program


 Documentation/watch_queue.rst               |   20 +++
 arch/alpha/kernel/syscalls/syscall.tbl      |    2 
 arch/arm/tools/syscall.tbl                  |    2 
 arch/arm64/include/asm/unistd.h             |    2 
 arch/ia64/kernel/syscalls/syscall.tbl       |    2 
 arch/m68k/kernel/syscalls/syscall.tbl       |    2 
 arch/microblaze/kernel/syscalls/syscall.tbl |    2 
 arch/mips/kernel/syscalls/syscall_n32.tbl   |    2 
 arch/mips/kernel/syscalls/syscall_n64.tbl   |    2 
 arch/mips/kernel/syscalls/syscall_o32.tbl   |    2 
 arch/parisc/kernel/syscalls/syscall.tbl     |    2 
 arch/powerpc/kernel/syscalls/syscall.tbl    |    2 
 arch/s390/kernel/syscalls/syscall.tbl       |    2 
 arch/sh/kernel/syscalls/syscall.tbl         |    2 
 arch/sparc/kernel/syscalls/syscall.tbl      |    2 
 arch/x86/entry/syscalls/syscall_32.tbl      |    2 
 arch/x86/entry/syscalls/syscall_64.tbl      |    2 
 arch/xtensa/kernel/syscalls/syscall.tbl     |    2 
 drivers/misc/Kconfig                        |    5 -
 fs/Kconfig                                  |   21 +++
 fs/Makefile                                 |    1 
 fs/fsinfo.c                                 |   12 ++
 fs/mount.h                                  |   33 +++--
 fs/mount_notify.c                           |  188 +++++++++++++++++++++++++++
 fs/namespace.c                              |   16 ++
 fs/super.c                                  |  126 ++++++++++++++++++
 include/linux/dcache.h                      |    1 
 include/linux/fs.h                          |   78 +++++++++++
 include/linux/lsm_hooks.h                   |   16 ++
 include/linux/security.h                    |   10 +
 include/linux/syscalls.h                    |    4 +
 include/uapi/asm-generic/unistd.h           |    6 +
 include/uapi/linux/fsinfo.h                 |   10 +
 include/uapi/linux/watch_queue.h            |   61 +++++++++
 kernel/sys_ni.c                             |    2 
 samples/vfs/test-fsinfo.c                   |   13 ++
 samples/watch_queue/watch_test.c            |   76 +++++++++++
 security/security.c                         |   10 +
 38 files changed, 722 insertions(+), 21 deletions(-)
 create mode 100644 fs/mount_notify.c


             reply	other threads:[~2019-06-28 15:50 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-28 15:50 David Howells [this message]
2019-06-28 15:50 ` [PATCH 1/6] security: Add hooks to rule on setting a superblock or mount watch [ver #5] David Howells
2019-07-12 20:11   ` James Morris
2019-06-28 15:50 ` [PATCH 2/6] Adjust watch_queue documentation to mention mount and superblock watches. " David Howells
2019-07-01  2:59   ` Randy Dunlap
2019-07-01  8:52   ` David Howells
2019-07-01 14:52     ` Randy Dunlap
2019-06-28 15:50 ` [PATCH 3/6] vfs: Add a mount-notification facility " David Howells
2019-06-28 15:50 ` [PATCH 4/6] vfs: Add superblock notifications " David Howells
2019-06-28 15:51 ` [PATCH 5/6] fsinfo: Export superblock notification counter " David Howells
2019-06-28 15:51 ` [PATCH 6/6] Add sample notification program " David Howells
2019-06-28 16:47 ` [PATCH 0/6] Mount and superblock notifications " David Howells

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=156173701358.15650.8735203424342507015.stgit@warthog.procyon.org.uk \
    --to=dhowells@redhat.com \
    --cc=casey@schaufler-ca.com \
    --cc=christian@brauner.io \
    --cc=gregkh@linuxfoundation.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=nicolas.dichtel@6wind.com \
    --cc=raven@themaw.net \
    --cc=sds@tycho.nsa.gov \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).