lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAOQ4uxjJL_ZbJt4LnRcZWXfvgVahSeUeAKa9OSru=egcPv6aDA@mail.gmail.com> Date: Wed, 13 Nov 2024 11:12:18 +0100 From: Amir Goldstein <amir73il@...il.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Josef Bacik <josef@...icpanda.com>, kernel-team@...com, linux-fsdevel@...r.kernel.org, jack@...e.cz, brauner@...nel.org, linux-xfs@...r.kernel.org, linux-btrfs@...r.kernel.org, linux-mm@...ck.org, linux-ext4@...r.kernel.org Subject: Re: [PATCH v7 07/18] fsnotify: generate pre-content permission event on open On Wed, Nov 13, 2024 at 1:58 AM Linus Torvalds <torvalds@...ux-foundation.org> wrote: > > On Tue, 12 Nov 2024 at 15:41, Amir Goldstein <amir73il@...il.com> wrote: > > > > You wrote it should be called "in the open path" - that is ambiguous. > > pre-content hook must be called without sb_writers held, so current > > (in linux-next) location of fsnotify_open_perm() is not good in case of > > O_CREATE flag, so I am not sure where a good location is. > > Easier is to drop this patch. > > Dropping that patch obviously removes my objection. > > But since none of the whole "return errors" is valid with a truncate > or a new file creation anyway, isn't the whole thing kind of moot? > Not moot. It is needed for the case that open with O_CREAT finds an existing file and that file needs to be filled on open and anyway do_open() is also taking sb_writers for O_RDWR and O_WRONLY (not 100% sure why) not only for O_CREAT. Essentially, this means that the legacy FAN_OPEN_PERM event is not safe to be used by HSM, to fill file content on open. and while I can document that fact all over the internet, that won't stop people from using FAN_OPEN_PERM to implement a simple HSM. This is (the only) reason that I wanted to have a noticeable new event at open time that is documented as safe for use by HSM and inviting HSM developers to use the correct event. Very possible that this is not a good enough reason. > I guess do_open() could do it, but only inside a > > if (!error && !do_truncate && !(file->f_mode & FMODE_CREATED)) > error = fsnotify_opened_old(file); > > kind of thing. With a big comment about how this is a pre-read hook, > and not relevant for a new file or a truncate event since then it's > always empty anyway. Right. That would be good for what I wanted to achieve. > > But hey, if you don't absolutely need it in the first place, not > having it is *MUCH* preferable. > > It sounds like the whole point was to catch reads - not opens. So then > you should catch it at read() time, not at open() time. Yeh, for sure. Will drop this patch. Thanks, Amir.
Powered by blists - more mailing lists