fanotify: introduce new event mask FAN_OPEN_EXEC

A new event mask FAN_OPEN_EXEC has been defined so that users have the
ability to receive events specifically when a file has been opened with
the intent to be executed. Events of FAN_OPEN_EXEC type will be
generated when a file has been opened using either execve(), execveat()
or uselib() system calls.

The feature is implemented within fsnotify_open() by generating the
FAN_OPEN_EXEC event type if __FMODE_EXEC is set within file->f_flags.

Signed-off-by: Matthew Bobrowski <mbobrowski@mbobrowski.org>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>

diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c
index f4f8359bc59751364b505442441cf9d159874cdb..5a1a15f646bae0cb1f669ea303cd51dcbef5aff4 100644 (file)
--- a/fs/notify/fanotify/fanotify.c
+++ b/fs/notify/fanotify/fanotify.c
@@ -210,8 +210,9 @@ static int fanotify_handle_event(struct fsnotify_group *group,
        BUILD_BUG_ON(FAN_OPEN_PERM != FS_OPEN_PERM);
        BUILD_BUG_ON(FAN_ACCESS_PERM != FS_ACCESS_PERM);
        BUILD_BUG_ON(FAN_ONDIR != FS_ISDIR);
+       BUILD_BUG_ON(FAN_OPEN_EXEC != FS_OPEN_EXEC);
 
-       BUILD_BUG_ON(HWEIGHT32(ALL_FANOTIFY_EVENT_BITS) != 10);
+       BUILD_BUG_ON(HWEIGHT32(ALL_FANOTIFY_EVENT_BITS) != 11);
 
        mask = fanotify_group_event_mask(iter_info, mask, data, data_type);
        if (!mask)

diff --git a/fs/notify/fsnotify.c b/fs/notify/fsnotify.c
index d2c34900ae05da81e941b2a2d7503714ec09d8d0..b3f58f36a0ab14194a0e4ba1735476bc2373f242 100644 (file)
--- a/fs/notify/fsnotify.c
+++ b/fs/notify/fsnotify.c
@@ -401,7 +401,7 @@ static __init int fsnotify_init(void)
 {
        int ret;
 
-       BUILD_BUG_ON(HWEIGHT32(ALL_FSNOTIFY_BITS) != 23);
+       BUILD_BUG_ON(HWEIGHT32(ALL_FSNOTIFY_BITS) != 24);
 
        ret = init_srcu_struct(&fsnotify_mark_srcu);
        if (ret)

diff --git a/include/linux/fanotify.h b/include/linux/fanotify.h
index a5a60691e48b5a65f5f07f8e11baf6f97a594b5e..c521e4264f2b5ed3ca686e0cb11db4f64f455bb1 100644 (file)
--- a/include/linux/fanotify.h
+++ b/include/linux/fanotify.h
@@ -37,7 +37,7 @@
 
 /* Events that user can request to be notified on */
 #define FANOTIFY_EVENTS                (FAN_ACCESS | FAN_MODIFY | \
-                                FAN_CLOSE | FAN_OPEN)
+                                FAN_CLOSE | FAN_OPEN | FAN_OPEN_EXEC)
 
 /* Events that require a permission response from user */
 #define FANOTIFY_PERM_EVENTS   (FAN_OPEN_PERM | FAN_ACCESS_PERM)

diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
index fd1ce10553bfad43fbbfdc1faa367f9fd0fd93c8..1fe5ac93b252cae96e0158a6c55218900b5ddfa5 100644 (file)
--- a/include/linux/fsnotify.h
+++ b/include/linux/fsnotify.h
@@ -215,6 +215,8 @@ static inline void fsnotify_open(struct file *file)
 
        if (S_ISDIR(inode->i_mode))
                mask |= FS_ISDIR;
+       if (file->f_flags & __FMODE_EXEC)
+               mask |= FS_OPEN_EXEC;
 
        fsnotify_parent(path, NULL, mask);
        fsnotify(inode, mask, path, FSNOTIFY_EVENT_PATH, NULL, 0);

diff --git a/include/linux/fsnotify_backend.h b/include/linux/fsnotify_backend.h
index 135b973e44d18420074331dfbada3bd1f43009f5..39d94e62a8369a4328a6085f4338759a04ccd3fc 100644 (file)
--- a/include/linux/fsnotify_backend.h
+++ b/include/linux/fsnotify_backend.h
@@ -38,6 +38,7 @@
 #define FS_DELETE              0x00000200      /* Subfile was deleted */
 #define FS_DELETE_SELF         0x00000400      /* Self was deleted */
 #define FS_MOVE_SELF           0x00000800      /* Self was moved */
+#define FS_OPEN_EXEC           0x00001000      /* File was opened for exec */
 
 #define FS_UNMOUNT             0x00002000      /* inode on umount fs */
 #define FS_Q_OVERFLOW          0x00004000      /* Event queued overflowed */
@@ -62,7 +63,8 @@
 #define FS_EVENTS_POSS_ON_CHILD   (FS_ACCESS | FS_MODIFY | FS_ATTRIB |\
                                   FS_CLOSE_WRITE | FS_CLOSE_NOWRITE | FS_OPEN |\
                                   FS_MOVED_FROM | FS_MOVED_TO | FS_CREATE |\
-                                  FS_DELETE | FS_OPEN_PERM | FS_ACCESS_PERM)
+                                  FS_DELETE | FS_OPEN_PERM | FS_ACCESS_PERM | \
+                                  FS_OPEN_EXEC)
 
 #define FS_MOVE                        (FS_MOVED_FROM | FS_MOVED_TO)
 
@@ -74,7 +76,8 @@
                             FS_MOVED_FROM | FS_MOVED_TO | FS_CREATE | \
                             FS_DELETE | FS_DELETE_SELF | FS_MOVE_SELF | \
                             FS_UNMOUNT | FS_Q_OVERFLOW | FS_IN_IGNORED | \
-                            FS_OPEN_PERM | FS_ACCESS_PERM | FS_DN_RENAME)
+                            FS_OPEN_PERM | FS_ACCESS_PERM | FS_DN_RENAME | \
+                            FS_OPEN_EXEC)
 
 /* Extra flags that may be reported with event or control handling of events */
 #define ALL_FSNOTIFY_FLAGS  (FS_EXCL_UNLINK | FS_ISDIR | FS_IN_ONESHOT | \

diff --git a/include/uapi/linux/fanotify.h b/include/uapi/linux/fanotify.h
index b86740d1c50a4bcde370f953cf5400d31a89bafb..d9664fbc905b62a7770e16da8c124d4af151cc26 100644 (file)
--- a/include/uapi/linux/fanotify.h
+++ b/include/uapi/linux/fanotify.h
@@ -10,6 +10,7 @@
 #define FAN_CLOSE_WRITE                0x00000008      /* Writtable file closed */
 #define FAN_CLOSE_NOWRITE      0x00000010      /* Unwrittable file closed */
 #define FAN_OPEN               0x00000020      /* File was opened */
+#define FAN_OPEN_EXEC          0x00001000      /* File was opened for exec */
 
 #define FAN_Q_OVERFLOW         0x00004000      /* Event queued overflowed */