lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAOQ4uxj4bREBYPZTBTgZ5LiSx+SosrUS8W-G_ea634M1nXs=wQ@mail.gmail.com>
Date:   Fri, 21 May 2021 12:06:18 +0300
From:   Amir Goldstein <amir73il@...il.com>
To:     Gabriel Krisman Bertazi <krisman@...labora.com>
Cc:     kernel@...labora.com, "Darrick J . Wong" <djwong@...nel.org>,
        "Theodore Ts'o" <tytso@....edu>,
        Dave Chinner <david@...morbit.com>, Jan Kara <jack@...e.com>,
        David Howells <dhowells@...hat.com>,
        Khazhismel Kumykov <khazhy@...gle.com>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        Ext4 <linux-ext4@...r.kernel.org>
Subject: Re: [PATCH 04/11] fanotify: Expose fanotify_mark

On Fri, May 21, 2021 at 5:42 AM Gabriel Krisman Bertazi
<krisman@...labora.com> wrote:
>
> FAN_ERROR will require an error structure to be stored per mark.
> Therefore, wrap fsnotify_mark in a fanotify specific structure in
> preparation for that.
>
> Signed-off-by: Gabriel Krisman Bertazi <krisman@...labora.com>
> ---
>  fs/notify/fanotify/fanotify.c      |  4 +++-
>  fs/notify/fanotify/fanotify.h      | 10 ++++++++++
>  fs/notify/fanotify/fanotify_user.c | 14 +++++++-------
>  3 files changed, 20 insertions(+), 8 deletions(-)
>
> diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c
> index 711b36a9483e..34e2ee759b39 100644
> --- a/fs/notify/fanotify/fanotify.c
> +++ b/fs/notify/fanotify/fanotify.c
> @@ -869,7 +869,9 @@ static void fanotify_freeing_mark(struct fsnotify_mark *mark,
>
>  static void fanotify_free_mark(struct fsnotify_mark *fsn_mark)
>  {
> -       kmem_cache_free(fanotify_mark_cache, fsn_mark);
> +       struct fanotify_mark *mark = FANOTIFY_MARK(fsn_mark);
> +
> +       kmem_cache_free(fanotify_mark_cache, mark);
>  }
>
>  const struct fsnotify_ops fanotify_fsnotify_ops = {
> diff --git a/fs/notify/fanotify/fanotify.h b/fs/notify/fanotify/fanotify.h
> index 4a5e555dc3d2..a399c5e2615d 100644
> --- a/fs/notify/fanotify/fanotify.h
> +++ b/fs/notify/fanotify/fanotify.h
> @@ -129,6 +129,16 @@ static inline void fanotify_info_copy_name(struct fanotify_info *info,
>                name->name);
>  }
>
> +struct fanotify_mark {
> +       struct fsnotify_mark fsn_mark;
> +       struct fanotify_error_event *error_event;

I don't think fanotify_error_event is defined at this point in the series.
You can add this field later in the series.

> +};
> +
> +static inline struct fanotify_mark *FANOTIFY_MARK(struct fsnotify_mark *mark)
> +{
> +       return container_of(mark, struct fanotify_mark, fsn_mark);
> +}
> +
>  /*
>   * Common structure for fanotify events. Concrete structs are allocated in
>   * fanotify_handle_event() and freed when the information is retrieved by
> diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
> index 9cc6c8808ed5..00210535a78e 100644
> --- a/fs/notify/fanotify/fanotify_user.c
> +++ b/fs/notify/fanotify/fanotify_user.c
> @@ -914,7 +914,7 @@ static struct fsnotify_mark *fanotify_add_new_mark(struct fsnotify_group *group,
>                                                    __kernel_fsid_t *fsid)
>  {
>         struct ucounts *ucounts = group->fanotify_data.ucounts;
> -       struct fsnotify_mark *mark;
> +       struct fanotify_mark *mark;
>         int ret;
>
>         /*
> @@ -926,20 +926,20 @@ static struct fsnotify_mark *fanotify_add_new_mark(struct fsnotify_group *group,
>             !inc_ucount(ucounts->ns, ucounts->uid, UCOUNT_FANOTIFY_MARKS))
>                 return ERR_PTR(-ENOSPC);
>
> -       mark = kmem_cache_alloc(fanotify_mark_cache, GFP_KERNEL);
> +       mark = kmem_cache_zalloc(fanotify_mark_cache, GFP_KERNEL);
>         if (!mark) {
>                 ret = -ENOMEM;
>                 goto out_dec_ucounts;
>         }
>
> -       fsnotify_init_mark(mark, group);
> -       ret = fsnotify_add_mark_locked(mark, connp, type, 0, fsid);
> +       fsnotify_init_mark(&mark->fsn_mark, group);
> +       ret = fsnotify_add_mark_locked(&mark->fsn_mark, connp, type, 0, fsid);
>         if (ret) {
> -               fsnotify_put_mark(mark);
> +               fsnotify_put_mark(&mark->fsn_mark);
>                 goto out_dec_ucounts;
>         }
>
> -       return mark;
> +       return &mark->fsn_mark;
>
>  out_dec_ucounts:
>         if (!FAN_GROUP_FLAG(group, FAN_UNLIMITED_MARKS))
> @@ -1477,7 +1477,7 @@ static int __init fanotify_user_setup(void)
>         BUILD_BUG_ON(HWEIGHT32(FANOTIFY_INIT_FLAGS) != 10);
>         BUILD_BUG_ON(HWEIGHT32(FANOTIFY_MARK_FLAGS) != 9);
>
> -       fanotify_mark_cache = KMEM_CACHE(fsnotify_mark,
> +       fanotify_mark_cache = KMEM_CACHE(fanotify_mark,
>                                          SLAB_PANIC|SLAB_ACCOUNT);

Thinking out loud:

Do we want to increase the size of all fanotify marks or just the size of
sb marks?

In this WIP branch [1], I took the latter approach.

The greater question is, do we want/need to allow setting FAN_ERROR
on inode marks mask at all?

My feeling is that we should not allow that at this time, because the
use case of watching for critical errors on a specific inode is a
non-requirement IMO.

OTOH, if we treat this change as a stepping stone towards adding
writeback error events in the future then we should also think about
whether watching specific files for writeback error in a sensible use case
I don't think that it is, because when application can always keep an open
fd for file of interest and fysnc on any reported writeback error on the
filesystem, as those events are supposed to be rare.

Another point to consider - in future revisions of [1] fanotify sb marks
may grow more fields (e.g. subtree_root, userns), so while adding a single
pointer field to all fanotify inode marks may not be the end of the world,
going forward, we will need to have a separate kmem_cache for sb marks
anyway, so maybe better to split it now already.

Thoughts?

Amir.

[1] https://github.com/amir73il/linux/commits/fanotify_idmapped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ