www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Amir Goldstein <amir73il@gmail.com>
	Fri, 15 Nov 2024 15:30:25 +0000 (10:30 -0500)
committer	Jan Kara <jack@suse.cz>
	Tue, 10 Dec 2024 11:03:17 +0000 (12:03 +0100)
commit	b4b2ff4f61ded819bfa22e50fdec7693f51cbbee
tree	967a77c693130977627fd981408ac8dd16d30c11	tree
parent	870499bc1d4dc04cba1f63dd5e7bc02b983e2458	commit \| diff

fanotify: allow to set errno in FAN_DENY permission response

With FAN_DENY response, user trying to perform the filesystem operation
gets an error with errno set to EPERM.

It is useful for hierarchical storage management (HSM) service to be able
to deny access for reasons more diverse than EPERM, for example EAGAIN,
if HSM could retry the operation later.

Allow fanotify groups with priority FAN_CLASSS_PRE_CONTENT to responsd
to permission events with the response value FAN_DENY_ERRNO(errno),
instead of FAN_DENY to return a custom error.

Limit custom error values to errors expected on read(2)/write(2) and
open(2) of regular files. This list could be extended in the future.
Userspace can test for legitimate values of FAN_DENY_ERRNO(errno) by
writing a response to an fanotify group fd with a value of FAN_NOFD in
the fd field of the response.

The change in fanotify_response is backward compatible, because errno is
written in the high 8 bits of the 32bit response field and old kernels
reject respose value with high bits set.

Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://patch.msgid.link/1e5fb6af84b69ca96b5c849fa5f10bdf4d1dc414.1731684329.git.josef@toxicpanda.com

fs/notify/fanotify/fanotify.c		diff \| blob \| history
fs/notify/fanotify/fanotify.h		diff \| blob \| history
fs/notify/fanotify/fanotify_user.c		diff \| blob \| history
include/linux/fanotify.h		diff \| blob \| history
include/uapi/linux/fanotify.h		diff \| blob \| history