From nobody Mon Feb 9 14:55:15 2026 Received: from mail-oi1-f180.google.com (mail-oi1-f180.google.com [209.85.167.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4CDC176025 for ; Mon, 8 Jul 2024 10:13:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720433596; cv=none; b=f4gJ2WOjqLO2DjqVdLMgxEb9hPTqX2ASuagvj5aglmYgdHNE9xEcadtgwP9K2gNFa45/nOT99ptZoeFgh6Lk0QwL98yrRb01F8J3TnW0JJzzAQ0+fzWWHmTJnW+bRJtbdammZBZJTMyHJIXKRQzBeYaO7oOHOzq4jss1RiabTic= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720433596; c=relaxed/simple; bh=HEeGDhbwnZOacLYf46vwc5wEABZGEKWDdQ4rW5ANr88=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=BPA1NGWjab7tc12LoD4U7rVCacUrZaVVv37A6JqBOzIZU12dG+UnRz6dhq2eldC+hJvwje4td/bXnOZutuxIIYjQCVZReHxofPWRuZ8Z/Gv5qpmy55jSIubQCoc7OgAeOd/vVgw+rj3VW7UhFqyeHmQMRk+KLeBx6wD8b17c8TE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=bytedance.com; spf=pass smtp.mailfrom=bytedance.com; dkim=pass (2048-bit key) header.d=bytedance.com header.i=@bytedance.com header.b=OGCiPkoe; arc=none smtp.client-ip=209.85.167.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=bytedance.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=bytedance.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=bytedance.com header.i=@bytedance.com header.b="OGCiPkoe" Received: by mail-oi1-f180.google.com with SMTP id 5614622812f47-3d9306100b5so573868b6e.1 for ; Mon, 08 Jul 2024 03:13:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance.com; s=google; t=1720433593; x=1721038393; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=8XXKAYmfVFyA7thhyLqvFeZE7qEz3+PJWR4pQ61AWUw=; b=OGCiPkoekjCd5ni1KJe+51ayTspB3tGnDgEsabGMQmiRgCJcGxB0C2blxPJewhs8sh vCzRNk/C/YagZOrOxlni+44QsU05LbV/vknTFV/5Lm/2yFqidrWCc0RFKRrzUveFDzM4 mXSLYqYUX1GipBnAgtu+9EJp+LM3Il6jV6N6aQJ8afT6P5lKsPTc0sYLwFF5krjW1Nwh ydwBUaBH3QkiDnKtA3UcojpDDxrDrdjZhxFrl+y1PKzK873upQA7FrXyZ0YP98b5t4CP jUiulY0KdC+gWxwumbcEf5ls2W/gD5A9/GJNNlGSca4m4wVEFBgatC6Z7T/oiExIevB8 oFSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720433593; x=1721038393; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8XXKAYmfVFyA7thhyLqvFeZE7qEz3+PJWR4pQ61AWUw=; b=wMjMVpxsftH7Wb4W1me+ngtMhIUDkM0RDNpKAcMG+HimyxF9mpOdL0TF2XYRIxwJUD cmlEzn+Z39qb3tPePden0+y5a5BAlEpzLRtEI9Wjpff/4V2bf0zhEsQ4YJVS61goSCd0 4m+j7VBydWp+qnTlXf/H54KKY7JGWYow7P/VOfp8zBgVbw40L3eealLmFUaqe6nbnWfX d7PDc+IxjptQ9LpvEoE7osnWK04Pm39RbtArxcEa90HG0XA12TYs8lD4AYzpw9ZF/+Pw toek1vR5m52f7R1nJNOEPnUDxIjz35HmTCFwVI8WU1L8sN6h242hUfNzCiIDZp6i9/25 VX+g== X-Forwarded-Encrypted: i=1; AJvYcCUPwWtfAqGrzwFCjRm8AFb6svMKVqC/SmkJy0qpbtItI5T0SrJ4N6PHUdxUNr5EWYkeo3q/iDE4JRuSPlZeKPLGbUp9oW9R9W0qGROJ X-Gm-Message-State: AOJu0YyZ35s0c6AqjFpsMfxp7ifKBEfQyVMSWBeM7GrXO/D8WsZ+htQ6 nin3bSZ6a89w5kCZ4dPPjv6I4JWMlL5PqyqbyJO2IkFK2jpCQA2XbTa94ju/ZQ== X-Google-Smtp-Source: AGHT+IE7xxHxLr5inoKXU+i7LdrQmrl5bVJRW4SAjjiIiQkXir4NQfGD8V6du1EKKer2WLBHscQzBg== X-Received: by 2002:a05:6808:1984:b0:3d2:1b1b:ec1 with SMTP id 5614622812f47-3d914da9b46mr17267596b6e.45.1720433592875; Mon, 08 Jul 2024 03:13:12 -0700 (PDT) Received: from lizhigang-HP-Elite-Tower-880-G9-Desktop-PC.bytedance.net ([61.213.176.6]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-72c6a8df0e3sm14902961a12.36.2024.07.08.03.13.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jul 2024 03:13:12 -0700 (PDT) From: lizhigang To: jack@suse.cz Cc: amir73il@gmail.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, lizhigang Subject: [PATCH] inotify: Added pid and uid information in inotify event. Date: Mon, 8 Jul 2024 18:12:57 +0800 Message-Id: <20240708101257.3367614-1-lizhigang.1220@bytedance.com> X-Mailer: git-send-email 2.25.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The inotify event only contains file name information. Sometimes we also want to know user or process information,such as who created or deleted a file. This patch adds information such as COMM, PID and UID to the end of filename, which allowing us to implement this function without modifying the current Inotify mechanism. This function is not enabled by default and is enabled through an IOCTL When enable this function, inotify_event->name will contain comm, pid and uid information, with the following specific format: filename____XXX,pid:YYY__uid:ZZZ Pseudo code to enable this function: int rc, bytes_to_read, inotify_fd; inotify_fd =3D inotify_init(); ... // enable padding uid,pid information rc =3D ioctl( inotify_fd, TIOCLINUX, &bytes_to_read); Log example with this function: CREATE,ISDIR /home/peter/testdir____mkdir,pid:3626__uid:1000 CREATE /home/peter/test.txt____bash,pid:3582__uid:1000 OPEN /home/peter/test.txt____bash,pid:3582__uid:1000 MODIFY /home/peter/test.txt____bash,pid:3582__uid:1000 CLOSE_WRITE,CLOSE /home/peter/test.txt____bash,pid:3582__uid:1000 OPEN,ISDIR /home/peter/testdir____rm,pid:3640__uid:1000 ACCESS,ISDIR /home/peter/testdir____rm,pid:3640__uid:1000 ACCESS,ISDIR /home/peter/testdir____rm,pid:3640__uid:1000 CLOSE_NOWRITE,CLOSE,ISDIR /home/peter/testdir____rm,pid:3640__uid:1000 DELETE,ISDIR /home/peter/testdir____rm,pid:3640__uid:1000 Signed-off-by: lizhigang --- fs/notify/inotify/Kconfig | 24 +++++++++++++++++++++++ fs/notify/inotify/inotify_fsnotify.c | 29 +++++++++++++++++++++++++++- fs/notify/inotify/inotify_user.c | 11 ++++++++++- include/linux/fsnotify_backend.h | 5 ++++- 4 files changed, 66 insertions(+), 3 deletions(-) diff --git a/fs/notify/inotify/Kconfig b/fs/notify/inotify/Kconfig index 1cc8be25df7e..1b2d6aef5dda 100644 --- a/fs/notify/inotify/Kconfig +++ b/fs/notify/inotify/Kconfig @@ -15,3 +15,27 @@ config INOTIFY_USER For more information, see =20 If unsure, say Y. + +config INOTIFY_NAME_UID + bool "Inotify filename with uid information" + default n + help + Say Y here to enable inotify file name with uid, pid and comm informati= on. + Added the current context information with file name. + The inotify event only contains file name information. Sometimes we + also want to know user or process information,such as who created + or deleted a file. This patch adds information such as COMM, PID + and UID to the end of filename, which allowing us to implement + this function without modifying the current Inotify mechanism. + This function is not enabled by default and is enabled through an IOCTL + When enable this function, inotify_event->name will contain comm, + pid and uid information, with the following specific format: + filename____XXX,pid:YYY__uid:ZZZ + Pseudo code to enable this function: + int rc, bytes_to_read, inotify_fd; + inotify_fd =3D inotify_init(); + ... + // enable padding uid,pid information + rc =3D ioctl( inotify_fd, TIOCLINUX, &bytes_to_read); + + If unsure, say n. diff --git a/fs/notify/inotify/inotify_fsnotify.c b/fs/notify/inotify/inoti= fy_fsnotify.c index 993375f0db67..d6d2d11f1e8c 100644 --- a/fs/notify/inotify/inotify_fsnotify.c +++ b/fs/notify/inotify/inotify_fsnotify.c @@ -23,9 +23,16 @@ #include #include #include +#ifdef CONFIG_INOTIFY_NAME_UID +#include +#endif =20 #include "inotify.h" =20 +#ifdef CONFIG_INOTIFY_NAME_UID +#define UID_INFO_MAX_SIZE 64 +#endif + /* * Check if 2 events contain the same information. */ @@ -68,9 +75,21 @@ int inotify_handle_inode_event(struct fsnotify_mark *ino= de_mark, u32 mask, int len =3D 0, wd; int alloc_len =3D sizeof(struct inotify_event_info); struct mem_cgroup *old_memcg; +#ifdef CONFIG_INOTIFY_NAME_UID + char uid_info[UID_INFO_MAX_SIZE]; + struct user_struct *user_info; +#endif =20 if (name) { len =3D name->len; +#ifdef CONFIG_INOTIFY_NAME_UID + if (group->user_flag & USER_FLAG_TASK_INFO) { + user_info =3D current_user(); + sprintf(uid_info, "____%s,pid:%d__uid:%d", + current->comm, current->pid, user_info->uid.val); + len +=3D strlen(uid_info); + } +#endif alloc_len +=3D len + 1; } =20 @@ -120,9 +139,17 @@ int inotify_handle_inode_event(struct fsnotify_mark *i= node_mark, u32 mask, event->wd =3D wd; event->sync_cookie =3D cookie; event->name_len =3D len; +#ifdef CONFIG_INOTIFY_NAME_UID + if (len) { + if (group->user_flag & USER_FLAG_TASK_INFO) + sprintf(event->name, "%s%s", name->name, uid_info); + else + strcpy(event->name, name->name); + } +#else if (len) strcpy(event->name, name->name); - +#endif ret =3D fsnotify_add_event(group, fsn_event, inotify_merge); if (ret) { /* Our event wasn't used in the end. Free it. */ diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_u= ser.c index 4ffc30606e0b..f1538cafdc1d 100644 --- a/fs/notify/inotify/inotify_user.c +++ b/fs/notify/inotify/inotify_user.c @@ -349,6 +349,13 @@ static long inotify_ioctl(struct file *file, unsigned = int cmd, } break; #endif /* CONFIG_CHECKPOINT_RESTORE */ + +#ifdef CONFIG_INOTIFY_NAME_UID + case TIOCLINUX: + group->user_flag |=3D USER_FLAG_TASK_INFO; + ret =3D 0; + break; +#endif /* CONFIG_INOTIFY_NAME_UID */ } =20 return ret; @@ -674,7 +681,9 @@ static struct fsnotify_group *inotify_new_group(unsigne= d int max_events) =20 group->max_events =3D max_events; group->memcg =3D get_mem_cgroup_from_mm(current->mm); - +#ifdef CONFIG_INOTIFY_NAME_UID + group->user_flag =3D 0; +#endif spin_lock_init(&group->inotify_data.idr_lock); idr_init(&group->inotify_data.idr); group->inotify_data.ucounts =3D inc_ucount(current_user_ns(), diff --git a/include/linux/fsnotify_backend.h b/include/linux/fsnotify_back= end.h index 4dd6143db271..d4f57b16f1d3 100644 --- a/include/linux/fsnotify_backend.h +++ b/include/linux/fsnotify_backend.h @@ -234,7 +234,10 @@ struct fsnotify_group { * full */ =20 struct mem_cgroup *memcg; /* memcg to charge allocations */ - +#ifdef CONFIG_INOTIFY_NAME_UID + #define USER_FLAG_TASK_INFO 1 /* output task infor with filename */ + unsigned int user_flag; /* user added control flag */ +#endif /* groups can define private fields here or use the void *private */ union { void *private; --=20 2.25.1