Currently the default response for pending events is FAN_ALLOW. This makes default close response configurable. The main goal of these changes would be to provide better handling for pending events for lazy file loading use cases which may back fanotify events by a long-lived daemon. For earlier discussion see: https://lore.kernel.org/linux-fsdevel/6za2mngeqslmqjg3icoubz37hbbxi6bi44canfsg2aajgkialt@c3ujlrjzkppr/ This implements the first approach outlined there of providing configuration for response on group close. This is supported by writing a response with .fd = FAN_NOFD .response = FAN_DENY | FAN_DEFAULT which modifies the group property default_response Signed-off-by: Ibrahim Jirdeh <ibrahimjirdeh@xxxxxxxx> --- fs/notify/fanotify/fanotify_user.c | 14 ++++++++++++-- include/linux/fanotify.h | 2 +- include/linux/fsnotify_backend.h | 1 + include/uapi/linux/fanotify.h | 1 + tools/include/uapi/linux/fanotify.h | 1 + 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c index b192ee068a7a..02669abff4a5 100644 --- a/fs/notify/fanotify/fanotify_user.c +++ b/fs/notify/fanotify/fanotify_user.c @@ -378,6 +378,13 @@ static int process_access_response(struct fsnotify_group *group, return -EINVAL; } + if (response & FAN_DEFAULT) { + if (fd != FAN_NOFD) + return -EINVAL; + group->default_response = response & FANOTIFY_RESPONSE_ACCESS; + return 0; + } + if ((response & FAN_AUDIT) && !FAN_GROUP_FLAG(group, FAN_ENABLE_AUDIT)) return -EINVAL; @@ -1023,7 +1030,8 @@ static int fanotify_release(struct inode *ignored, struct file *file) event = list_first_entry(&group->fanotify_data.access_list, struct fanotify_perm_event, fae.fse.list); list_del_init(&event->fae.fse.list); - finish_permission_event(group, event, FAN_ALLOW, NULL); + finish_permission_event(group, event, + group->default_response, NULL); spin_lock(&group->notification_lock); } @@ -1040,7 +1048,7 @@ static int fanotify_release(struct inode *ignored, struct file *file) fsnotify_destroy_event(group, fsn_event); } else { finish_permission_event(group, FANOTIFY_PERM(event), - FAN_ALLOW, NULL); + group->default_response, NULL); } spin_lock(&group->notification_lock); } @@ -1640,6 +1648,8 @@ SYSCALL_DEFINE2(fanotify_init, unsigned int, flags, unsigned int, event_f_flags) goto out_destroy_group; } + group->default_response = FAN_ALLOW; + BUILD_BUG_ON(!(FANOTIFY_ADMIN_INIT_FLAGS & FAN_UNLIMITED_QUEUE)); if (flags & FAN_UNLIMITED_QUEUE) { group->max_events = UINT_MAX; diff --git a/include/linux/fanotify.h b/include/linux/fanotify.h index 879cff5eccd4..182fc574b848 100644 --- a/include/linux/fanotify.h +++ b/include/linux/fanotify.h @@ -134,7 +134,7 @@ /* These masks check for invalid bits in permission responses. */ #define FANOTIFY_RESPONSE_ACCESS (FAN_ALLOW | FAN_DENY) -#define FANOTIFY_RESPONSE_FLAGS (FAN_AUDIT | FAN_INFO) +#define FANOTIFY_RESPONSE_FLAGS (FAN_AUDIT | FAN_INFO | FAN_DEFAULT) #define FANOTIFY_RESPONSE_VALID_MASK \ (FANOTIFY_RESPONSE_ACCESS | FANOTIFY_RESPONSE_FLAGS | \ (FAN_ERRNO_MASK << FAN_ERRNO_SHIFT)) diff --git a/include/linux/fsnotify_backend.h b/include/linux/fsnotify_backend.h index d4034ddaf392..9683396acda6 100644 --- a/include/linux/fsnotify_backend.h +++ b/include/linux/fsnotify_backend.h @@ -231,6 +231,7 @@ struct fsnotify_group { unsigned int max_events; /* maximum events allowed on the list */ enum fsnotify_group_prio priority; /* priority for sending events */ bool shutdown; /* group is being shut down, don't queue more events */ + unsigned int default_response; /* default response sent on group close */ #define FSNOTIFY_GROUP_USER 0x01 /* user allocated group */ #define FSNOTIFY_GROUP_DUPS 0x02 /* allow multiple marks per object */ diff --git a/include/uapi/linux/fanotify.h b/include/uapi/linux/fanotify.h index e710967c7c26..7badde273a66 100644 --- a/include/uapi/linux/fanotify.h +++ b/include/uapi/linux/fanotify.h @@ -254,6 +254,7 @@ struct fanotify_response_info_audit_rule { #define FAN_AUDIT 0x10 /* Bitmask to create audit record for result */ #define FAN_INFO 0x20 /* Bitmask to indicate additional information */ +#define FAN_DEFAULT 0x30 /* Bitmask to set default response on close */ /* No fd set in event */ #define FAN_NOFD -1 diff --git a/tools/include/uapi/linux/fanotify.h b/tools/include/uapi/linux/fanotify.h index e710967c7c26..7badde273a66 100644 --- a/tools/include/uapi/linux/fanotify.h +++ b/tools/include/uapi/linux/fanotify.h @@ -254,6 +254,7 @@ struct fanotify_response_info_audit_rule { #define FAN_AUDIT 0x10 /* Bitmask to create audit record for result */ #define FAN_INFO 0x20 /* Bitmask to indicate additional information */ +#define FAN_DEFAULT 0x30 /* Bitmask to set default response on close */ /* No fd set in event */ #define FAN_NOFD -1 -- 2.47.1
