Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp5416832rwb; Tue, 17 Jan 2023 13:33:04 -0800 (PST) X-Google-Smtp-Source: AMrXdXsWcrN8TgF+Vsck8aheDeH5hwjvi/T8c5aReXkZ/77jYkUTidO9QYHbhJ36/mWrsvgw2l8W X-Received: by 2002:a05:6402:c41:b0:499:d0e3:7745 with SMTP id cs1-20020a0564020c4100b00499d0e37745mr5689463edb.14.1673991184686; Tue, 17 Jan 2023 13:33:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673991184; cv=none; d=google.com; s=arc-20160816; b=0XxxgBFSBELleeujlrS7GgWfNhIOJh0QBaskTUxjol8K0VQUxwb/oRt6CILx6FZI3x kW5kt7r3agSfRqamLn/T3JCj5BvOrty1aYbvTRmEGqBHKG1i2FEjo0zuhAH4X1YkVIVJ ETYuNgtsLiB3SMrF4+/je4pk1rWwyfNCvMUABn3rCtxOrcWeZegPZ02yVkQVHAEbeaC/ I6YzwdYLdbawRjN6dzhYTsguDgdL8a5SOR6aiJ/aqrMXkiRQaY0iQBaDaIUVHLsythJN gluRXSOyYdaxsNzC1MvGAOw7iwiDUn84Ttpr5b4jcfWd9CdL0bOipnDr+wAXPP4EhAwW 238Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=SaoPtBG814dLGHyMXINuN35PchsE3987LhkDMQdYqfk=; b=KjOoD4XgmTaI8INM9kf+7OcYGNf84YjGQ88rmUGeQRE09apaqxsfLf8Y2tF3H/ynxS WdEotv7Fzl9nUAB2gZ8oiZNqpattYMcnFLckyXOTVB4ayMYmtZphnKGpOChsDI691rsa +NQDTDelN+Mx7TiSQU+PJrXQh4cxJMDYQZVhZDC1vjR+YcjZeI+I3yp+qJaFTMHH2F8P y6Gc9ngb6xEvZiEitVl/VcyyYvTcxDCdui4StYCD8EdyZt0AQoyZpDgpYDXbmASKeN8+ NxUF41SQ9ey9bOX9dOtkhBGehyJ3z0s91jLzpx2kXKkozo4oa8B/gHlvnAl1qtD1EeuC 5Ung== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=CGsKlOAW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 10-20020a50874a000000b0047e2b42bc54si10446708edv.189.2023.01.17.13.32.52; Tue, 17 Jan 2023 13:33:04 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=CGsKlOAW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229741AbjAQVLu (ORCPT + 46 others); Tue, 17 Jan 2023 16:11:50 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40490 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229742AbjAQVJ4 (ORCPT ); Tue, 17 Jan 2023 16:09:56 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6C4C1917D0 for ; Tue, 17 Jan 2023 11:33:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1673984032; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=SaoPtBG814dLGHyMXINuN35PchsE3987LhkDMQdYqfk=; b=CGsKlOAWzAsZO/+I6e530J0gwpTTeePebsAs6I9QLdDXriMsoBAYSnLZUcKvvziQRtrjjn azwSsJwSCZNQ8qRTbW2DmTvLDPdBiMm57Idz+y3vMwyyTtmCU4PGmvOPvSgtEUyZ3wRI8Q X2ZXnoS0qIpy4XF7iWQIfMXM/dD38JI= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-38-tGLWhuguNquX2AdcLvJtHw-1; Tue, 17 Jan 2023 14:33:49 -0500 X-MC-Unique: tGLWhuguNquX2AdcLvJtHw-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A78283C14858; Tue, 17 Jan 2023 19:33:48 +0000 (UTC) Received: from madcap2.tricolour.ca (ovpn-0-3.rdu2.redhat.com [10.22.0.3]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DF35640C2064; Tue, 17 Jan 2023 19:33:46 +0000 (UTC) Date: Tue, 17 Jan 2023 14:33:44 -0500 From: Richard Guy Briggs To: Jan Kara Cc: Linux-Audit Mailing List , LKML , linux-fsdevel@vger.kernel.org, linux-api@vger.kernel.org, Paul Moore , Eric Paris , Steve Grubb , Amir Goldstein Subject: Re: [PATCH v5 2/3] fanotify: define struct members to hold response decision context Message-ID: References: <45da8423b9b1e8fc7abd68cd2269acff8cf9022a.1670606054.git.rgb@redhat.com> <20221216164342.ojcbdifdmafq5njw@quack3> <20230103124201.iopasddbtb6vi362@quack3> <20230117082723.7g3ig6ernoslt7ub@quack3> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230117082723.7g3ig6ernoslt7ub@quack3> X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2023-01-17 09:27, Jan Kara wrote: > On Mon 16-01-23 15:42:29, Richard Guy Briggs wrote: > > On 2023-01-03 13:42, Jan Kara wrote: > > > On Thu 22-12-22 15:47:21, Richard Guy Briggs wrote: > > > > > > + > > > > > > + if (info_len != sizeof(*friar)) > > > > > > + return -EINVAL; > > > > > > + > > > > > > + if (copy_from_user(friar, info, sizeof(*friar))) > > > > > > + return -EFAULT; > > > > > > + > > > > > > + if (friar->hdr.type != FAN_RESPONSE_INFO_AUDIT_RULE) > > > > > > + return -EINVAL; > > > > > > + if (friar->hdr.pad != 0) > > > > > > + return -EINVAL; > > > > > > + if (friar->hdr.len != sizeof(*friar)) > > > > > > + return -EINVAL; > > > > > > + > > > > > > + return info_len; > > > > > > +} > > > > > > + > > > > > > > > > > ... > > > > > > > > > > > @@ -327,10 +359,18 @@ static int process_access_response(struct fsnotify_group *group, > > > > > > return -EINVAL; > > > > > > } > > > > > > > > > > > > - if (fd < 0) > > > > > > + if ((response & FAN_AUDIT) && !FAN_GROUP_FLAG(group, FAN_ENABLE_AUDIT)) > > > > > > return -EINVAL; > > > > > > > > > > > > - if ((response & FAN_AUDIT) && !FAN_GROUP_FLAG(group, FAN_ENABLE_AUDIT)) > > > > > > + if (response & FAN_INFO) { > > > > > > + ret = process_access_response_info(fd, info, info_len, &friar); > > > > > > + if (ret < 0) > > > > > > + return ret; > > > > > > + } else { > > > > > > + ret = 0; > > > > > > + } > > > > > > + > > > > > > + if (fd < 0) > > > > > > return -EINVAL; > > > > > > > > > > And here I'd do: > > > > > > > > > > if (fd == FAN_NOFD) > > > > > return 0; > > > > > if (fd < 0) > > > > > return -EINVAL; > > > > > > > > > > As we talked in previous revisions we'd specialcase FAN_NOFD to just verify > > > > > extra info is understood by the kernel so that application writing fanotify > > > > > responses has a way to check which information it can provide to the > > > > > kernel. > > > > > > > > The reason for including it in process_access_response_info() is to make > > > > sure that it is included in the FAN_INFO case to detect this extension. > > > > If it were included here > > > > > > I see what you're getting at now. So the condition > > > > > > if (fd == FAN_NOFD) > > > return 0; > > > > > > needs to be moved into > > > > > > if (response & FAN_INFO) > > > > > > branch after process_access_response_info(). I still prefer to keep it > > > outside of the process_access_response_info() function itself as it looks > > > more logical to me. Does it address your concerns? > > > > Ok. Note that this does not return zero to userspace, since this > > function's return value is added to the size of the struct > > fanotify_response when there is no error. > > Right, good point. 0 is not a good return value in this case. > > > For that reason, I think it makes more sense to return -ENOENT, or some > > other unused error code that fits, unless you think it is acceptable to > > return sizeof(struct fanotify_response) when FAN_INFO is set to indicate > > this. > > Yeah, my intention was to indicate "success" to userspace so I'd like to > return whatever we return for the case when struct fanotify_response is > accepted for a normal file descriptor - looks like info_len is the right > value. Thanks! Ok, I hadn't thought of that. So, to confirm, when FAN_INFO is set, if FAN_NOFD is also set, return info_len from process_access_response() and then immediately return sizeof(struct fanotify_response) plus info_len to userspace without issuing an audit record should indicate support for FAN_INFO and the specific info type supplied. Thanks for helping work through this. > Honza > -- > Jan Kara - RGB -- Richard Guy Briggs Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635