lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAOQ4uxjJL_ZbJt4LnRcZWXfvgVahSeUeAKa9OSru=egcPv6aDA@mail.gmail.com>
Date: Wed, 13 Nov 2024 11:12:18 +0100
From: Amir Goldstein <amir73il@...il.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Josef Bacik <josef@...icpanda.com>, kernel-team@...com, linux-fsdevel@...r.kernel.org, 
	jack@...e.cz, brauner@...nel.org, linux-xfs@...r.kernel.org, 
	linux-btrfs@...r.kernel.org, linux-mm@...ck.org, linux-ext4@...r.kernel.org
Subject: Re: [PATCH v7 07/18] fsnotify: generate pre-content permission event
 on open

On Wed, Nov 13, 2024 at 1:58 AM Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
>
> On Tue, 12 Nov 2024 at 15:41, Amir Goldstein <amir73il@...il.com> wrote:
> >
> > You wrote it should be called "in the open path" - that is ambiguous.
> > pre-content hook must be called without sb_writers held, so current
> > (in linux-next) location of fsnotify_open_perm() is not good in case of
> > O_CREATE flag, so I am not sure where a good location is.
> > Easier is to drop this patch.
>
> Dropping that patch obviously removes my objection.
>
> But since none of the whole "return errors" is valid with a truncate
> or a new file creation anyway, isn't the whole thing kind of moot?
>

Not moot. It is needed for the case that open with O_CREAT
finds an existing file and that file needs to be filled on open
and anyway do_open() is also taking sb_writers for O_RDWR
and O_WRONLY (not 100% sure why) not only for O_CREAT.

Essentially, this means that the legacy FAN_OPEN_PERM event
is not safe to be used by HSM, to fill file content on open.
and while I can document that fact all over the internet, that won't
stop people from using FAN_OPEN_PERM to implement a simple
HSM.

This is (the only) reason that I wanted to have a noticeable new event
at open time that is documented as safe for use by HSM and inviting
HSM developers to use the correct event.

Very possible that this is not a good enough reason.

> I guess do_open() could do it, but only inside a
>
>         if (!error && !do_truncate && !(file->f_mode & FMODE_CREATED))
>                 error = fsnotify_opened_old(file);
>
> kind of thing. With a big comment about how this is a pre-read hook,
> and not relevant for a new file or a truncate event since then it's
> always empty anyway.

Right. That would be good for what I wanted to achieve.

>
> But hey, if you don't absolutely need it in the first place, not
> having it is *MUCH* preferable.
>
> It sounds like the whole point was to catch reads - not opens. So then
> you should catch it at read() time, not at open() time.

Yeh, for sure.

Will drop this patch.

Thanks,
Amir.

Powered by blists - more mailing lists