fanotify: record either old name new name or both for FAN_RENAME
authorAmir Goldstein <amir73il@gmail.com>
Mon, 29 Nov 2021 20:15:35 +0000 (22:15 +0200)
committerJan Kara <jack@suse.cz>
Wed, 15 Dec 2021 14:55:53 +0000 (15:55 +0100)
We do not want to report the dirfid+name of a directory whose
inode/sb are not watched, because watcher may not have permissions
to see the directory content.

Use an internal iter_info to indicate to fanotify_alloc_event()
which marks of this group are watching FAN_RENAME, so it can decide
if we need to record only the old parent+name, new parent+name or both.

Link: https://lore.kernel.org/r/20211129201537.1932819-10-amir73il@gmail.com
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
[JK: Modified code to pass around only mask of mark types matching
generated event]
Signed-off-by: Jan Kara <jack@suse.cz>
fs/notify/fanotify/fanotify.c

index db81eab..14bc0f1 100644 (file)
@@ -284,8 +284,9 @@ out:
  */
 static u32 fanotify_group_event_mask(struct fsnotify_group *group,
                                     struct fsnotify_iter_info *iter_info,
-                                    u32 event_mask, const void *data,
-                                    int data_type, struct inode *dir)
+                                    u32 *match_mask, u32 event_mask,
+                                    const void *data, int data_type,
+                                    struct inode *dir)
 {
        __u32 marks_mask = 0, marks_ignored_mask = 0;
        __u32 test_mask, user_mask = FANOTIFY_OUTGOING_EVENTS |
@@ -335,6 +336,9 @@ static u32 fanotify_group_event_mask(struct fsnotify_group *group,
                        continue;
 
                marks_mask |= mark->mask;
+
+               /* Record the mark types of this group that matched the event */
+               *match_mask |= 1U << type;
        }
 
        test_mask = event_mask & marks_mask & ~marks_ignored_mask;
@@ -701,11 +705,11 @@ static struct fanotify_event *fanotify_alloc_error_event(
        return &fee->fae;
 }
 
-static struct fanotify_event *fanotify_alloc_event(struct fsnotify_group *group,
-                                                  u32 mask, const void *data,
-                                                  int data_type, struct inode *dir,
-                                                  const struct qstr *file_name,
-                                                  __kernel_fsid_t *fsid)
+static struct fanotify_event *fanotify_alloc_event(
+                               struct fsnotify_group *group,
+                               u32 mask, const void *data, int data_type,
+                               struct inode *dir, const struct qstr *file_name,
+                               __kernel_fsid_t *fsid, u32 match_mask)
 {
        struct fanotify_event *event = NULL;
        gfp_t gfp = GFP_KERNEL_ACCOUNT;
@@ -753,13 +757,36 @@ static struct fanotify_event *fanotify_alloc_event(struct fsnotify_group *group,
                }
 
                /*
-                * In the special case of FAN_RENAME event, we record both
-                * old and new parent+name.
+                * In the special case of FAN_RENAME event, use the match_mask
+                * to determine if we need to report only the old parent+name,
+                * only the new parent+name or both.
                 * 'dirid' and 'file_name' are the old parent+name and
                 * 'moved' has the new parent+name.
                 */
-               if (mask & FAN_RENAME)
-                       moved = fsnotify_data_dentry(data, data_type);
+               if (mask & FAN_RENAME) {
+                       bool report_old, report_new;
+
+                       if (WARN_ON_ONCE(!match_mask))
+                               return NULL;
+
+                       /* Report both old and new parent+name if sb watching */
+                       report_old = report_new =
+                               match_mask & (1U << FSNOTIFY_ITER_TYPE_SB);
+                       report_old |=
+                               match_mask & (1U << FSNOTIFY_ITER_TYPE_INODE);
+                       report_new |=
+                               match_mask & (1U << FSNOTIFY_ITER_TYPE_INODE2);
+
+                       if (!report_old) {
+                               /* Do not report old parent+name */
+                               dirid = NULL;
+                               file_name = NULL;
+                       }
+                       if (report_new) {
+                               /* Report new parent+name */
+                               moved = fsnotify_data_dentry(data, data_type);
+                       }
+               }
        }
 
        /*
@@ -872,6 +899,7 @@ static int fanotify_handle_event(struct fsnotify_group *group, u32 mask,
        struct fanotify_event *event;
        struct fsnotify_event *fsn_event;
        __kernel_fsid_t fsid = {};
+       u32 match_mask = 0;
 
        BUILD_BUG_ON(FAN_ACCESS != FS_ACCESS);
        BUILD_BUG_ON(FAN_MODIFY != FS_MODIFY);
@@ -897,12 +925,13 @@ static int fanotify_handle_event(struct fsnotify_group *group, u32 mask,
 
        BUILD_BUG_ON(HWEIGHT32(ALL_FANOTIFY_EVENT_BITS) != 20);
 
-       mask = fanotify_group_event_mask(group, iter_info, mask, data,
-                                        data_type, dir);
+       mask = fanotify_group_event_mask(group, iter_info, &match_mask,
+                                        mask, data, data_type, dir);
        if (!mask)
                return 0;
 
-       pr_debug("%s: group=%p mask=%x\n", __func__, group, mask);
+       pr_debug("%s: group=%p mask=%x report_mask=%x\n", __func__,
+                group, mask, match_mask);
 
        if (fanotify_is_perm_event(mask)) {
                /*
@@ -921,7 +950,7 @@ static int fanotify_handle_event(struct fsnotify_group *group, u32 mask,
        }
 
        event = fanotify_alloc_event(group, mask, data, data_type, dir,
-                                    file_name, &fsid);
+                                    file_name, &fsid, match_mask);
        ret = -ENOMEM;
        if (unlikely(!event)) {
                /*