1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (C) 2008 Red Hat, Inc., Eric Paris <eparis@redhat.com>
4 */
5
6 #include <linux/dcache.h>
7 #include <linux/fs.h>
8 #include <linux/gfp.h>
9 #include <linux/init.h>
10 #include <linux/module.h>
11 #include <linux/mount.h>
12 #include <linux/srcu.h>
13
14 #include <linux/fsnotify_backend.h>
15 #include "fsnotify.h"
16
17 /*
18 * Clear all of the marks on an inode when it is being evicted from core
19 */
__fsnotify_inode_delete(struct inode * inode)20 void __fsnotify_inode_delete(struct inode *inode)
21 {
22 fsnotify_clear_marks_by_inode(inode);
23 }
24 EXPORT_SYMBOL_GPL(__fsnotify_inode_delete);
25
__fsnotify_vfsmount_delete(struct vfsmount * mnt)26 void __fsnotify_vfsmount_delete(struct vfsmount *mnt)
27 {
28 fsnotify_clear_marks_by_mount(mnt);
29 }
30
__fsnotify_mntns_delete(struct mnt_namespace * mntns)31 void __fsnotify_mntns_delete(struct mnt_namespace *mntns)
32 {
33 fsnotify_clear_marks_by_mntns(mntns);
34 }
35
fsnotify_sb_delete(struct super_block * sb)36 void fsnotify_sb_delete(struct super_block *sb)
37 {
38 struct fsnotify_sb_info *sbinfo = fsnotify_sb_info(sb);
39
40 /* Were any marks ever added to any object on this sb? */
41 if (!sbinfo)
42 return;
43
44 fsnotify_unmount_inodes(sbinfo);
45 fsnotify_clear_marks_by_sb(sb);
46 /* Wait for outstanding object references from connectors */
47 wait_var_event(fsnotify_sb_watched_objects(sb),
48 !atomic_long_read(fsnotify_sb_watched_objects(sb)));
49 WARN_ON(fsnotify_sb_has_priority_watchers(sb, FSNOTIFY_PRIO_CONTENT));
50 WARN_ON(fsnotify_sb_has_priority_watchers(sb,
51 FSNOTIFY_PRIO_PRE_CONTENT));
52 }
53
fsnotify_sb_free(struct super_block * sb)54 void fsnotify_sb_free(struct super_block *sb)
55 {
56 if (sb->s_fsnotify_info) {
57 WARN_ON_ONCE(!list_empty(&sb->s_fsnotify_info->inode_conn_list));
58 kfree(sb->s_fsnotify_info);
59 }
60 }
61
62 /*
63 * Given an inode, first check if we care what happens to our children. Inotify
64 * and dnotify both tell their parents about events. If we care about any event
65 * on a child we run all of our children and set a dentry flag saying that the
66 * parent cares. Thus when an event happens on a child it can quickly tell
67 * if there is a need to find a parent and send the event to the parent.
68 */
fsnotify_set_children_dentry_flags(struct inode * inode)69 void fsnotify_set_children_dentry_flags(struct inode *inode)
70 {
71 struct dentry *alias;
72
73 if (!S_ISDIR(inode->i_mode))
74 return;
75
76 spin_lock(&inode->i_lock);
77 /* run all of the dentries associated with this inode. Since this is a
78 * directory, there damn well better only be one item on this list */
79 hlist_for_each_entry(alias, &inode->i_dentry, d_u.d_alias) {
80 struct dentry *child;
81
82 /* run all of the children of the original inode and fix their
83 * d_flags to indicate parental interest (their parent is the
84 * original inode) */
85 spin_lock(&alias->d_lock);
86 hlist_for_each_entry(child, &alias->d_children, d_sib) {
87 if (!child->d_inode)
88 continue;
89
90 spin_lock_nested(&child->d_lock, DENTRY_D_LOCK_NESTED);
91 child->d_flags |= DCACHE_FSNOTIFY_PARENT_WATCHED;
92 spin_unlock(&child->d_lock);
93 }
94 spin_unlock(&alias->d_lock);
95 }
96 spin_unlock(&inode->i_lock);
97 }
98
99 /*
100 * Lazily clear false positive PARENT_WATCHED flag for child whose parent had
101 * stopped watching children.
102 */
fsnotify_clear_child_dentry_flag(struct inode * pinode,struct dentry * dentry)103 static void fsnotify_clear_child_dentry_flag(struct inode *pinode,
104 struct dentry *dentry)
105 {
106 spin_lock(&dentry->d_lock);
107 /*
108 * d_lock is a sufficient barrier to prevent observing a non-watched
109 * parent state from before the fsnotify_set_children_dentry_flags()
110 * or fsnotify_update_flags() call that had set PARENT_WATCHED.
111 */
112 if (!fsnotify_inode_watches_children(pinode))
113 dentry->d_flags &= ~DCACHE_FSNOTIFY_PARENT_WATCHED;
114 spin_unlock(&dentry->d_lock);
115 }
116
117 /* Are inode/sb/mount interested in parent and name info with this event? */
fsnotify_event_needs_parent(struct inode * inode,__u32 mnt_mask,__u32 mask)118 static bool fsnotify_event_needs_parent(struct inode *inode, __u32 mnt_mask,
119 __u32 mask)
120 {
121 __u32 marks_mask = 0;
122
123 /* We only send parent/name to inode/sb/mount for events on non-dir */
124 if (mask & FS_ISDIR)
125 return false;
126
127 /*
128 * All events that are possible on child can also may be reported with
129 * parent/name info to inode/sb/mount. Otherwise, a watching parent
130 * could result in events reported with unexpected name info to sb/mount.
131 */
132 BUILD_BUG_ON(FS_EVENTS_POSS_ON_CHILD & ~FS_EVENTS_POSS_TO_PARENT);
133
134 /* Did either inode/sb/mount subscribe for events with parent/name? */
135 marks_mask |= fsnotify_parent_needed_mask(
136 READ_ONCE(inode->i_fsnotify_mask));
137 marks_mask |= fsnotify_parent_needed_mask(
138 READ_ONCE(inode->i_sb->s_fsnotify_mask));
139 marks_mask |= fsnotify_parent_needed_mask(mnt_mask);
140
141 /* Did they subscribe for this event with parent/name info? */
142 return mask & marks_mask;
143 }
144
145 /* Are there any inode/mount/sb objects that watch for these events? */
fsnotify_object_watched(struct inode * inode,__u32 mnt_mask,__u32 mask)146 static inline __u32 fsnotify_object_watched(struct inode *inode, __u32 mnt_mask,
147 __u32 mask)
148 {
149 __u32 marks_mask = READ_ONCE(inode->i_fsnotify_mask) | mnt_mask |
150 READ_ONCE(inode->i_sb->s_fsnotify_mask);
151
152 return mask & marks_mask & ALL_FSNOTIFY_EVENTS;
153 }
154
155 /* Report pre-content event with optional range info */
fsnotify_pre_content(const struct path * path,const loff_t * ppos,size_t count)156 int fsnotify_pre_content(const struct path *path, const loff_t *ppos,
157 size_t count)
158 {
159 struct file_range range;
160
161 /* Report page aligned range only when pos is known */
162 if (!ppos)
163 return fsnotify_path(path, FS_PRE_ACCESS);
164
165 range.path = path;
166 range.pos = PAGE_ALIGN_DOWN(*ppos);
167 range.count = PAGE_ALIGN(*ppos + count) - range.pos;
168
169 return fsnotify_parent(path->dentry, FS_PRE_ACCESS, &range,
170 FSNOTIFY_EVENT_FILE_RANGE);
171 }
172
173 /*
174 * Notify this dentry's parent about a child's events with child name info
175 * if parent is watching or if inode/sb/mount are interested in events with
176 * parent and name info.
177 *
178 * Notify only the child without name info if parent is not watching and
179 * inode/sb/mount are not interested in events with parent and name info.
180 */
__fsnotify_parent(struct dentry * dentry,__u32 mask,const void * data,int data_type)181 int __fsnotify_parent(struct dentry *dentry, __u32 mask, const void *data,
182 int data_type)
183 {
184 const struct path *path = fsnotify_data_path(data, data_type);
185 __u32 mnt_mask = path ?
186 READ_ONCE(real_mount(path->mnt)->mnt_fsnotify_mask) : 0;
187 struct inode *inode = d_inode(dentry);
188 struct dentry *parent;
189 bool parent_watched = dentry->d_flags & DCACHE_FSNOTIFY_PARENT_WATCHED;
190 bool parent_needed, parent_interested;
191 __u32 p_mask;
192 struct inode *p_inode = NULL;
193 struct name_snapshot name;
194 struct qstr *file_name = NULL;
195 int ret = 0;
196
197 /* Optimize the likely case of nobody watching this path */
198 if (likely(!parent_watched &&
199 !fsnotify_object_watched(inode, mnt_mask, mask)))
200 return 0;
201
202 parent = NULL;
203 parent_needed = fsnotify_event_needs_parent(inode, mnt_mask, mask);
204 if (!parent_watched && !parent_needed)
205 goto notify;
206
207 /* Does parent inode care about events on children? */
208 parent = dget_parent(dentry);
209 p_inode = parent->d_inode;
210 p_mask = fsnotify_inode_watches_children(p_inode);
211 if (unlikely(parent_watched && !p_mask))
212 fsnotify_clear_child_dentry_flag(p_inode, dentry);
213
214 /*
215 * Include parent/name in notification either if some notification
216 * groups require parent info or the parent is interested in this event.
217 * The parent interest in ACCESS/MODIFY events does not apply to special
218 * files, where read/write are not on the filesystem of the parent and
219 * events can provide an undesirable side-channel for information
220 * exfiltration.
221 */
222 parent_interested = mask & p_mask & ALL_FSNOTIFY_EVENTS &&
223 !(data_type == FSNOTIFY_EVENT_PATH &&
224 d_is_special(dentry) &&
225 (mask & (FS_ACCESS | FS_MODIFY)));
226 if (parent_needed || parent_interested) {
227 /* When notifying parent, child should be passed as data */
228 WARN_ON_ONCE(inode != fsnotify_data_inode(data, data_type));
229
230 /* Notify both parent and child with child name info */
231 take_dentry_name_snapshot(&name, dentry);
232 file_name = &name.name;
233 if (parent_interested)
234 mask |= FS_EVENT_ON_CHILD;
235 }
236
237 notify:
238 ret = fsnotify(mask, data, data_type, p_inode, file_name, inode, 0);
239
240 if (file_name)
241 release_dentry_name_snapshot(&name);
242 dput(parent);
243
244 return ret;
245 }
246 EXPORT_SYMBOL_GPL(__fsnotify_parent);
247
fsnotify_handle_inode_event(struct fsnotify_group * group,struct fsnotify_mark * inode_mark,u32 mask,const void * data,int data_type,struct inode * dir,const struct qstr * name,u32 cookie)248 static int fsnotify_handle_inode_event(struct fsnotify_group *group,
249 struct fsnotify_mark *inode_mark,
250 u32 mask, const void *data, int data_type,
251 struct inode *dir, const struct qstr *name,
252 u32 cookie)
253 {
254 const struct path *path = fsnotify_data_path(data, data_type);
255 struct inode *inode = fsnotify_data_inode(data, data_type);
256 const struct fsnotify_ops *ops = group->ops;
257
258 if (WARN_ON_ONCE(!ops->handle_inode_event))
259 return 0;
260
261 if (WARN_ON_ONCE(!inode && !dir))
262 return 0;
263
264 if ((inode_mark->flags & FSNOTIFY_MARK_FLAG_EXCL_UNLINK) &&
265 path && d_unlinked(path->dentry))
266 return 0;
267
268 /* Check interest of this mark in case event was sent with two marks */
269 if (!(mask & inode_mark->mask & ALL_FSNOTIFY_EVENTS))
270 return 0;
271
272 return ops->handle_inode_event(inode_mark, mask, inode, dir, name, cookie);
273 }
274
fsnotify_handle_event(struct fsnotify_group * group,__u32 mask,const void * data,int data_type,struct inode * dir,const struct qstr * name,u32 cookie,struct fsnotify_iter_info * iter_info)275 static int fsnotify_handle_event(struct fsnotify_group *group, __u32 mask,
276 const void *data, int data_type,
277 struct inode *dir, const struct qstr *name,
278 u32 cookie, struct fsnotify_iter_info *iter_info)
279 {
280 struct fsnotify_mark *inode_mark = fsnotify_iter_inode_mark(iter_info);
281 struct fsnotify_mark *parent_mark = fsnotify_iter_parent_mark(iter_info);
282 int ret;
283
284 if (WARN_ON_ONCE(fsnotify_iter_sb_mark(iter_info)) ||
285 WARN_ON_ONCE(fsnotify_iter_vfsmount_mark(iter_info)))
286 return 0;
287
288 /*
289 * For FS_RENAME, 'dir' is old dir and 'data' is new dentry.
290 * The only ->handle_inode_event() backend that supports FS_RENAME is
291 * dnotify, where it means file was renamed within same parent.
292 */
293 if (mask & FS_RENAME) {
294 struct dentry *moved = fsnotify_data_dentry(data, data_type);
295
296 if (dir != moved->d_parent->d_inode)
297 return 0;
298 }
299
300 if (parent_mark) {
301 ret = fsnotify_handle_inode_event(group, parent_mark, mask,
302 data, data_type, dir, name, 0);
303 if (ret)
304 return ret;
305 }
306
307 if (!inode_mark)
308 return 0;
309
310 /*
311 * Some events can be sent on both parent dir and child marks (e.g.
312 * FS_ATTRIB). If both parent dir and child are watching, report the
313 * event once to parent dir with name (if interested) and once to child
314 * without name (if interested).
315 *
316 * In any case regardless whether the parent is watching or not, the
317 * child watcher is expecting an event without the FS_EVENT_ON_CHILD
318 * flag. The file name is expected if and only if this is a directory
319 * event.
320 */
321 mask &= ~FS_EVENT_ON_CHILD;
322 if (!(mask & ALL_FSNOTIFY_DIRENT_EVENTS)) {
323 dir = NULL;
324 name = NULL;
325 }
326
327 return fsnotify_handle_inode_event(group, inode_mark, mask, data, data_type,
328 dir, name, cookie);
329 }
330
send_to_group(__u32 mask,const void * data,int data_type,struct inode * dir,const struct qstr * file_name,u32 cookie,struct fsnotify_iter_info * iter_info)331 static int send_to_group(__u32 mask, const void *data, int data_type,
332 struct inode *dir, const struct qstr *file_name,
333 u32 cookie, struct fsnotify_iter_info *iter_info)
334 {
335 struct fsnotify_group *group = NULL;
336 __u32 test_mask = (mask & ALL_FSNOTIFY_EVENTS);
337 __u32 marks_mask = 0;
338 __u32 marks_ignore_mask = 0;
339 bool is_dir = mask & FS_ISDIR;
340 struct fsnotify_mark *mark;
341 int type;
342
343 if (!iter_info->report_mask)
344 return 0;
345
346 /* clear ignored on inode modification */
347 if (mask & FS_MODIFY) {
348 fsnotify_foreach_iter_mark_type(iter_info, mark, type) {
349 if (!(mark->flags &
350 FSNOTIFY_MARK_FLAG_IGNORED_SURV_MODIFY))
351 mark->ignore_mask = 0;
352 }
353 }
354
355 /* Are any of the group marks interested in this event? */
356 fsnotify_foreach_iter_mark_type(iter_info, mark, type) {
357 group = mark->group;
358 marks_mask |= mark->mask;
359 marks_ignore_mask |=
360 fsnotify_effective_ignore_mask(mark, is_dir, type);
361 }
362
363 pr_debug("%s: group=%p mask=%x marks_mask=%x marks_ignore_mask=%x data=%p data_type=%d dir=%p cookie=%d\n",
364 __func__, group, mask, marks_mask, marks_ignore_mask,
365 data, data_type, dir, cookie);
366
367 if (!(test_mask & marks_mask & ~marks_ignore_mask))
368 return 0;
369
370 if (group->ops->handle_event) {
371 return group->ops->handle_event(group, mask, data, data_type, dir,
372 file_name, cookie, iter_info);
373 }
374
375 return fsnotify_handle_event(group, mask, data, data_type, dir,
376 file_name, cookie, iter_info);
377 }
378
fsnotify_first_mark(struct fsnotify_mark_connector * const * connp)379 static struct fsnotify_mark *fsnotify_first_mark(struct fsnotify_mark_connector *const *connp)
380 {
381 struct fsnotify_mark_connector *conn;
382 struct hlist_node *node = NULL;
383
384 conn = srcu_dereference(*connp, &fsnotify_mark_srcu);
385 if (conn)
386 node = srcu_dereference(conn->list.first, &fsnotify_mark_srcu);
387
388 return hlist_entry_safe(node, struct fsnotify_mark, obj_list);
389 }
390
fsnotify_next_mark(struct fsnotify_mark * mark)391 static struct fsnotify_mark *fsnotify_next_mark(struct fsnotify_mark *mark)
392 {
393 struct hlist_node *node = NULL;
394
395 if (mark)
396 node = srcu_dereference(mark->obj_list.next,
397 &fsnotify_mark_srcu);
398
399 return hlist_entry_safe(node, struct fsnotify_mark, obj_list);
400 }
401
402 /*
403 * iter_info is a multi head priority queue of marks.
404 * Pick a subset of marks from queue heads, all with the same group
405 * and set the report_mask to a subset of the selected marks.
406 * Returns false if there are no more groups to iterate.
407 */
fsnotify_iter_select_report_types(struct fsnotify_iter_info * iter_info)408 static bool fsnotify_iter_select_report_types(
409 struct fsnotify_iter_info *iter_info)
410 {
411 struct fsnotify_group *max_prio_group = NULL;
412 struct fsnotify_mark *mark;
413 int type;
414
415 /* Choose max prio group among groups of all queue heads */
416 fsnotify_foreach_iter_type(type) {
417 mark = iter_info->marks[type];
418 if (mark &&
419 fsnotify_compare_groups(max_prio_group, mark->group) > 0)
420 max_prio_group = mark->group;
421 }
422
423 if (!max_prio_group)
424 return false;
425
426 /* Set the report mask for marks from same group as max prio group */
427 iter_info->current_group = max_prio_group;
428 iter_info->report_mask = 0;
429 fsnotify_foreach_iter_type(type) {
430 mark = iter_info->marks[type];
431 if (mark && mark->group == iter_info->current_group) {
432 /*
433 * FSNOTIFY_ITER_TYPE_PARENT indicates that this inode
434 * is watching children and interested in this event,
435 * which is an event possible on child.
436 * But is *this mark* watching children?
437 */
438 if (type == FSNOTIFY_ITER_TYPE_PARENT &&
439 !(mark->mask & FS_EVENT_ON_CHILD) &&
440 !(fsnotify_ignore_mask(mark) & FS_EVENT_ON_CHILD))
441 continue;
442
443 fsnotify_iter_set_report_type(iter_info, type);
444 }
445 }
446
447 return true;
448 }
449
450 /*
451 * Pop from iter_info multi head queue, the marks that belong to the group of
452 * current iteration step.
453 */
fsnotify_iter_next(struct fsnotify_iter_info * iter_info)454 static void fsnotify_iter_next(struct fsnotify_iter_info *iter_info)
455 {
456 struct fsnotify_mark *mark;
457 int type;
458
459 /*
460 * We cannot use fsnotify_foreach_iter_mark_type() here because we
461 * may need to advance a mark of type X that belongs to current_group
462 * but was not selected for reporting.
463 */
464 fsnotify_foreach_iter_type(type) {
465 mark = iter_info->marks[type];
466 if (mark && mark->group == iter_info->current_group)
467 iter_info->marks[type] =
468 fsnotify_next_mark(iter_info->marks[type]);
469 }
470 }
471
472 /*
473 * fsnotify - This is the main call to fsnotify.
474 *
475 * The VFS calls into hook specific functions in linux/fsnotify.h.
476 * Those functions then in turn call here. Here will call out to all of the
477 * registered fsnotify_group. Those groups can then use the notification event
478 * in whatever means they feel necessary.
479 *
480 * @mask: event type and flags
481 * @data: object that event happened on
482 * @data_type: type of object for fanotify_data_XXX() accessors
483 * @dir: optional directory associated with event -
484 * if @file_name is not NULL, this is the directory that
485 * @file_name is relative to
486 * @file_name: optional file name associated with event
487 * @inode: optional inode associated with event -
488 * If @dir and @inode are both non-NULL, event may be
489 * reported to both.
490 * @cookie: inotify rename cookie
491 */
fsnotify(__u32 mask,const void * data,int data_type,struct inode * dir,const struct qstr * file_name,struct inode * inode,u32 cookie)492 int fsnotify(__u32 mask, const void *data, int data_type, struct inode *dir,
493 const struct qstr *file_name, struct inode *inode, u32 cookie)
494 {
495 const struct path *path = fsnotify_data_path(data, data_type);
496 struct super_block *sb = fsnotify_data_sb(data, data_type);
497 const struct fsnotify_mnt *mnt_data = fsnotify_data_mnt(data, data_type);
498 struct fsnotify_sb_info *sbinfo = sb ? fsnotify_sb_info(sb) : NULL;
499 struct fsnotify_iter_info iter_info = {};
500 struct mount *mnt = NULL;
501 struct inode *inode2 = NULL;
502 struct dentry *moved;
503 int inode2_type;
504 int ret = 0;
505 __u32 test_mask, marks_mask = 0;
506
507 if (path)
508 mnt = real_mount(path->mnt);
509
510 if (!inode) {
511 /* Dirent event - report on TYPE_INODE to dir */
512 inode = dir;
513 /* For FS_RENAME, inode is old_dir and inode2 is new_dir */
514 if (mask & FS_RENAME) {
515 moved = fsnotify_data_dentry(data, data_type);
516 inode2 = moved->d_parent->d_inode;
517 inode2_type = FSNOTIFY_ITER_TYPE_INODE2;
518 }
519 } else if (mask & FS_EVENT_ON_CHILD) {
520 /*
521 * Event on child - report on TYPE_PARENT to dir if it is
522 * watching children and on TYPE_INODE to child.
523 */
524 inode2 = dir;
525 inode2_type = FSNOTIFY_ITER_TYPE_PARENT;
526 }
527
528 /*
529 * Optimization: srcu_read_lock() has a memory barrier which can
530 * be expensive. It protects walking the *_fsnotify_marks lists.
531 * However, if we do not walk the lists, we do not have to do
532 * SRCU because we have no references to any objects and do not
533 * need SRCU to keep them "alive".
534 */
535 if ((!sbinfo || !sbinfo->sb_marks) &&
536 (!mnt || !mnt->mnt_fsnotify_marks) &&
537 (!inode || !inode->i_fsnotify_marks) &&
538 (!inode2 || !inode2->i_fsnotify_marks) &&
539 (!mnt_data || !mnt_data->ns->n_fsnotify_marks))
540 return 0;
541
542 if (sb)
543 marks_mask |= READ_ONCE(sb->s_fsnotify_mask);
544 if (mnt)
545 marks_mask |= READ_ONCE(mnt->mnt_fsnotify_mask);
546 if (inode)
547 marks_mask |= READ_ONCE(inode->i_fsnotify_mask);
548 if (inode2)
549 marks_mask |= READ_ONCE(inode2->i_fsnotify_mask);
550 if (mnt_data)
551 marks_mask |= READ_ONCE(mnt_data->ns->n_fsnotify_mask);
552
553 /*
554 * If this is a modify event we may need to clear some ignore masks.
555 * In that case, the object with ignore masks will have the FS_MODIFY
556 * event in its mask.
557 * Otherwise, return if none of the marks care about this type of event.
558 */
559 test_mask = (mask & ALL_FSNOTIFY_EVENTS);
560 if (!(test_mask & marks_mask))
561 return 0;
562
563 iter_info.srcu_idx = srcu_read_lock(&fsnotify_mark_srcu);
564
565 if (sbinfo) {
566 iter_info.marks[FSNOTIFY_ITER_TYPE_SB] =
567 fsnotify_first_mark(&sbinfo->sb_marks);
568 }
569 if (mnt) {
570 iter_info.marks[FSNOTIFY_ITER_TYPE_VFSMOUNT] =
571 fsnotify_first_mark(&mnt->mnt_fsnotify_marks);
572 }
573 if (inode) {
574 iter_info.marks[FSNOTIFY_ITER_TYPE_INODE] =
575 fsnotify_first_mark(&inode->i_fsnotify_marks);
576 }
577 if (inode2) {
578 iter_info.marks[inode2_type] =
579 fsnotify_first_mark(&inode2->i_fsnotify_marks);
580 }
581 if (mnt_data) {
582 iter_info.marks[FSNOTIFY_ITER_TYPE_MNTNS] =
583 fsnotify_first_mark(&mnt_data->ns->n_fsnotify_marks);
584 }
585
586 /*
587 * We need to merge inode/vfsmount/sb mark lists so that e.g. inode mark
588 * ignore masks are properly reflected for mount/sb mark notifications.
589 * That's why this traversal is so complicated...
590 */
591 while (fsnotify_iter_select_report_types(&iter_info)) {
592 ret = send_to_group(mask, data, data_type, dir, file_name,
593 cookie, &iter_info);
594
595 if (ret && (mask & ALL_FSNOTIFY_PERM_EVENTS))
596 goto out;
597
598 fsnotify_iter_next(&iter_info);
599 }
600 ret = 0;
601 out:
602 srcu_read_unlock(&fsnotify_mark_srcu, iter_info.srcu_idx);
603
604 return ret;
605 }
606 EXPORT_SYMBOL_GPL(fsnotify);
607
608 #ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS
609 /*
610 * At open time we check fsnotify_sb_has_priority_watchers(), call the open perm
611 * hook and set the FMODE_NONOTIFY_ mode bits accordignly.
612 * Later, fsnotify permission hooks do not check if there are permission event
613 * watches, but that there were permission event watches at open time.
614 */
fsnotify_open_perm_and_set_mode(struct file * file)615 int fsnotify_open_perm_and_set_mode(struct file *file)
616 {
617 struct dentry *dentry = file->f_path.dentry, *parent;
618 struct super_block *sb = dentry->d_sb;
619 __u32 mnt_mask, p_mask = 0;
620
621 /* Is it a file opened by fanotify? */
622 if (FMODE_FSNOTIFY_NONE(file->f_mode))
623 return 0;
624
625 /*
626 * Permission events is a super set of pre-content events, so if there
627 * are no permission event watchers, there are also no pre-content event
628 * watchers and this is implied from the single FMODE_NONOTIFY_PERM bit.
629 */
630 if (likely(!fsnotify_sb_has_priority_watchers(sb,
631 FSNOTIFY_PRIO_CONTENT))) {
632 file_set_fsnotify_mode(file, FMODE_NONOTIFY_PERM);
633 return 0;
634 }
635
636 /*
637 * OK, there are some permission event watchers. Check if anybody is
638 * watching for permission events on *this* file.
639 */
640 mnt_mask = READ_ONCE(real_mount(file->f_path.mnt)->mnt_fsnotify_mask);
641 p_mask = fsnotify_object_watched(d_inode(dentry), mnt_mask,
642 ALL_FSNOTIFY_PERM_EVENTS);
643 if (dentry->d_flags & DCACHE_FSNOTIFY_PARENT_WATCHED) {
644 parent = dget_parent(dentry);
645 p_mask |= fsnotify_inode_watches_children(d_inode(parent));
646 dput(parent);
647 }
648
649 /*
650 * Legacy FAN_ACCESS_PERM events have very high performance overhead,
651 * so unlikely to be used in the wild. If they are used there will be
652 * no optimizations at all.
653 */
654 if (unlikely(p_mask & FS_ACCESS_PERM)) {
655 /* Enable all permission and pre-content events */
656 file_set_fsnotify_mode(file, 0);
657 goto open_perm;
658 }
659
660 /*
661 * Pre-content events are only supported on regular files.
662 * If there are pre-content event watchers and no permission access
663 * watchers, set FMODE_NONOTIFY | FMODE_NONOTIFY_PERM to indicate that.
664 * That is the common case with HSM service.
665 */
666 if (d_is_reg(dentry) && (p_mask & FSNOTIFY_PRE_CONTENT_EVENTS)) {
667 file_set_fsnotify_mode(file, FMODE_NONOTIFY |
668 FMODE_NONOTIFY_PERM);
669 goto open_perm;
670 }
671
672 /* Nobody watching permission and pre-content events on this file */
673 file_set_fsnotify_mode(file, FMODE_NONOTIFY_PERM);
674
675 open_perm:
676 /*
677 * Send open perm events depending on object masks and regardless of
678 * FMODE_NONOTIFY_PERM.
679 */
680 if (file->f_flags & __FMODE_EXEC && p_mask & FS_OPEN_EXEC_PERM) {
681 int ret = fsnotify_path(&file->f_path, FS_OPEN_EXEC_PERM);
682
683 if (ret)
684 return ret;
685 }
686
687 if (p_mask & FS_OPEN_PERM)
688 return fsnotify_path(&file->f_path, FS_OPEN_PERM);
689
690 return 0;
691 }
692 #endif
693
fsnotify_mnt(__u32 mask,struct mnt_namespace * ns,struct vfsmount * mnt)694 void fsnotify_mnt(__u32 mask, struct mnt_namespace *ns, struct vfsmount *mnt)
695 {
696 struct fsnotify_mnt data = {
697 .ns = ns,
698 .mnt_id = real_mount(mnt)->mnt_id_unique,
699 };
700
701 if (WARN_ON_ONCE(!ns))
702 return;
703
704 /*
705 * This is an optimization as well as making sure fsnotify_init() has
706 * been called.
707 */
708 if (!ns->n_fsnotify_marks)
709 return;
710
711 fsnotify(mask, &data, FSNOTIFY_EVENT_MNT, NULL, NULL, NULL, 0);
712 }
713
fsnotify_init(void)714 static __init int fsnotify_init(void)
715 {
716 int ret;
717
718 BUILD_BUG_ON(HWEIGHT32(ALL_FSNOTIFY_BITS) != 26);
719
720 ret = init_srcu_struct(&fsnotify_mark_srcu);
721 if (ret)
722 panic("initializing fsnotify_mark_srcu");
723
724 fsnotify_init_connector_caches();
725
726 return 0;
727 }
728 core_initcall(fsnotify_init);
729