Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp1471817rwb; Fri, 19 Aug 2022 04:26:49 -0700 (PDT) X-Google-Smtp-Source: AA6agR4hh1fJb6T1db/n0r2MglkAvVe1U2o3UtFqNwQAvcqULoL1NmYaxUwUkrVUyZ9jkxsRT3Ym X-Received: by 2002:a17:907:6e08:b0:731:83a3:58b6 with SMTP id sd8-20020a1709076e0800b0073183a358b6mr4712530ejc.12.1660908409496; Fri, 19 Aug 2022 04:26:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660908409; cv=none; d=google.com; s=arc-20160816; b=zStmBDfaOfp9v43MI3Q+Py5Fbc7QjgbVFTWy3dNN9C1qpIOHg3nzUW2+V8G63rDnzS tFd0xVe2Oq10YOZjrDw6Pd5QIuTk9WHti5y8TvKM3e0J4CE9ywAFSOvlPWrnbDKYzSs2 I701wWDHvkBGb782hdxQTMHNCdeSN48UD3feHmB+tJZvqhfDQKpByiBfUbfyH7/lkxdn Q3cix7dstNTN23hUxxPQDKzmwfXbKgFFAOEXH47hEgwaAlH/pUYG1wXndH5um+IHcJu9 4o13+WXc8pkOSxN0lsWTSolFmlfNdyNEsVJrqN0HL9mz3nrpHBeTzd3MjRbhUvWcsemC NUWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature :dkim-signature; bh=HDiDqL4eZ1S6ynqk3mNLxZ6ZUEZmbiyxsoE9XpxMsmA=; b=LE1d1nr3ZPaZreYjoiYO3XISo0rEcE66slVIisnfFoRkITgz3yWMttHfbDAqaMbQcd zlCQ/VfmbG15da47TbaqmTE3nltl/BH0aH2yvOhn2nv/xjOAcUP3DgcKbgMju87xcB+G XUaM1E6uEQB14lgcjUH0AxqIQxCcwdWcg1IlRFLSU9DMsBrmGW5TgfFsQFPjOJ011TLU 28v5DF59cZSelj+Xe+KYmlkJ1YbJxm5uJXvRPH7flWDaqdYC/k2qpi6trw1WP9RvQgM9 eAuCPqJDtx1a/IewgXaqFCQoptxXrrM2c9uAlZBt5ICDD382Qi4xKy+tkziQwqUb7NeK ImwQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=pf6mw92r; dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519 header.b=e2jfLCPD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id fj4-20020a1709069c8400b00730babc11e3si3223772ejc.640.2022.08.19.04.26.24; Fri, 19 Aug 2022 04:26:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=pf6mw92r; dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519 header.b=e2jfLCPD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348603AbiHSLNh (ORCPT + 99 others); Fri, 19 Aug 2022 07:13:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39726 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229601AbiHSLNe (ORCPT ); Fri, 19 Aug 2022 07:13:34 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AC5AF66128; Fri, 19 Aug 2022 04:13:31 -0700 (PDT) Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out2.suse.de (Postfix) with ESMTP id DB31D2012A; Fri, 19 Aug 2022 11:13:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1660907609; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=HDiDqL4eZ1S6ynqk3mNLxZ6ZUEZmbiyxsoE9XpxMsmA=; b=pf6mw92r9UxMsHr+gbnPE/wonUtoKd4stGwfPKc/CAz90htMEef1ipxKM7aSzL/giTr7KW VPCocLRJD/BlU1GWaJztpYrSL+KdlgP6HWh8buSZQQ6OzEjvgnYzttQFeXEZzah462uGAY edK5rMNKCfo18sh0HXvPS+nhAaFV8Po= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1660907609; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=HDiDqL4eZ1S6ynqk3mNLxZ6ZUEZmbiyxsoE9XpxMsmA=; b=e2jfLCPD7kHQP7PsKpLuOJdFNZnKuKfJpcYCEA39438+liET3XSMKWJHE1ZRLSlpa61HDp ydwVYEOJcqATwOCQ== Received: from quack3.suse.cz (unknown [10.100.224.230]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by relay2.suse.de (Postfix) with ESMTPS id 761F62C141; Fri, 19 Aug 2022 11:13:29 +0000 (UTC) Received: by quack3.suse.cz (Postfix, from userid 1000) id DF38AA0635; Fri, 19 Aug 2022 13:13:28 +0200 (CEST) Date: Fri, 19 Aug 2022 13:13:28 +0200 From: Jan Kara To: Richard Guy Briggs Cc: Linux-Audit Mailing List , LKML , linux-fsdevel@vger.kernel.org, Paul Moore , Eric Paris , Steve Grubb , Jan Kara , Amir Goldstein Subject: Re: [PATCH v4 2/4] fanotify: define struct members to hold response decision context Message-ID: <20220819111328.2j6u53sfmxsj2nyt@quack3> References: <8767f3a0d43d6a994584b86c03eb659a662cc416.1659996830.git.rgb@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8767f3a0d43d6a994584b86c03eb659a662cc416.1659996830.git.rgb@redhat.com> X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello Richard! On Tue 09-08-22 13:22:53, Richard Guy Briggs wrote: > This patch adds a flag, FAN_INFO and an extensible buffer to provide > additional information about response decisions. The buffer contains > one or more headers defining the information type and the length of the > following information. The patch defines one additional information > type, FAN_RESPONSE_INFO_AUDIT_RULE, an audit rule number. This will > allow for the creation of other information types in the future if other > users of the API identify different needs. > > Suggested-by: Steve Grubb > Link: https://lore.kernel.org/r/2745105.e9J7NaK4W3@x2 > Suggested-by: Jan Kara > Link: https://lore.kernel.org/r/20201001101219.GE17860@quack2.suse.cz > Signed-off-by: Richard Guy Briggs > --- > fs/notify/fanotify/fanotify.c | 10 ++- > fs/notify/fanotify/fanotify.h | 2 + > fs/notify/fanotify/fanotify_user.c | 104 +++++++++++++++++++++++------ > include/linux/fanotify.h | 5 ++ > include/uapi/linux/fanotify.h | 27 +++++++- > 5 files changed, 123 insertions(+), 25 deletions(-) Amir and Matthew covered most of the comments so let me add just a few I have on top: > diff --git a/fs/notify/fanotify/fanotify.h b/fs/notify/fanotify/fanotify.h > index abfa3712c185..14c30e173632 100644 > --- a/fs/notify/fanotify/fanotify.h > +++ b/fs/notify/fanotify/fanotify.h > @@ -428,6 +428,8 @@ struct fanotify_perm_event { > u32 response; /* userspace answer to the event */ > unsigned short state; /* state of the event */ > int fd; /* fd we passed to userspace for this event */ > + size_t info_len; > + char *info_buf; > }; Rather than this, I'd expand struct fanotify_perm_event by adding: union info { struct fanotify_response_info_header hdr; struct fanotify_response_info_audit_rule audit_rule; } at the end of the struct. Currently that is more memory efficient, easier to code, and more CPU efficient as well. The 'hdr' member of the union can be used to look at type of the info and then appropriate union member can be used to get the data. If we ever grow additional info that has non-trivial size, changing the code to use dynamically allocated buffer as you do now is very easy. But until that moment it is just overengineering. > diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c > index ff67ca0d25cc..a4ae953f0e62 100644 > --- a/fs/notify/fanotify/fanotify_user.c > +++ b/fs/notify/fanotify/fanotify_user.c > @@ -289,13 +289,18 @@ static int create_fd(struct fsnotify_group *group, struct path *path, > */ > static void finish_permission_event(struct fsnotify_group *group, > struct fanotify_perm_event *event, > - u32 response) > + struct fanotify_response *response, Why do you pass struct fanotify_response here instead of plain u32? I don't see you'd use it anywhere and it introduces some unnecessary churn in other places. > + size_t info_len, char *info_buf) > __releases(&group->notification_lock) > { > bool destroy = false; > > assert_spin_locked(&group->notification_lock); > - event->response = response; > + event->response = response->response & ~FAN_INFO; Why do you mask out FAN_INFO here? I don't see a good reason for that. > + if (response->response & FAN_INFO) { > + event->info_len = info_len; > + event->info_buf = info_buf; > + } > if (event->state == FAN_EVENT_CANCELED) > destroy = true; > else ... > diff --git a/include/uapi/linux/fanotify.h b/include/uapi/linux/fanotify.h > index f1f89132d60e..4d08823a5698 100644 > --- a/include/uapi/linux/fanotify.h > +++ b/include/uapi/linux/fanotify.h > @@ -180,15 +180,40 @@ struct fanotify_event_info_error { > __u32 error_count; > }; > > +/* > + * User space may need to record additional information about its decision. > + * The extra information type records what kind of information is included. > + * The default is none. We also define an extra information buffer whose > + * size is determined by the extra information type. > + * > + * If the context type is Rule, then the context following is the rule number > + * that triggered the user space decision. > + */ > + > +#define FAN_RESPONSE_INFO_NONE 0 Why do you define this? I don't see it being used anywhere (in a meaningful way). You can as well make FAN_RESPONSE_INFO_AUDIT_RULE be type 0... > +#define FAN_RESPONSE_INFO_AUDIT_RULE 1 > + > struct fanotify_response { > __s32 fd; > __u32 response; > }; > > +struct fanotify_response_info_header { > + __u8 type; > + __u8 pad; > + __u16 len; > +}; > + > +struct fanotify_response_info_audit_rule { > + struct fanotify_response_info_header hdr; > + __u32 audit_rule; > +}; > + Honza -- Jan Kara SUSE Labs, CR