This RFC set introduces in-kernel fastpath handler for fanotify. The
fastpath handler can be used to handle/filter some events without going
through userspace.
In LPC 2024, multiple talks covered use cases of monitoring a subtree in
the VFS (fanotify: [1], bpf/lsm: [2]). This work is inspired by these
discussions. Reliably monitoring of a subtree with low overhead is a hard
problem. We do not claim this set fully solves problem. But we think this
work can be a very useful building block of the solution to this problem.
The fastpath handler can be implemented with built-in logic, in a kernel
module, or a bpf program. The fastpath handler is attached to a fsnotify
group. With current implementation, the multiple fastpath handlers are
maintained in a global list. Only users with CAP_SYS_ADMIN can add
fastpath handlers to the list by loading a kernel module. User without
CAP_SYS_ADMIN can attach a loaded fastpath handler to fanotify instances.
During the attach operation, the fastpath handler can take an argument.
This enables non-CAP_SYSADMIN users to customize/configure the fastpath
handler, for example, with a specific allowlist/denylist.
As the patchset grows to 1000+ lines (including samples and tests), I
would like some feedback before pushing it further.
Overview:
Patch 1/5 adds logic to write fastpath handlers in kernel modules.
Patch 2/5 adds a sample of a fastpath handler in a kernel module.
Patch 3/5 is some preparation work on BPF side.
Patch 4/5 adds logic to write fastpath handlers in bpf programs.
Patch 5/5 is a selftest and example of bpf based fastpath handler.
TODO:
1. Add some mechanism to help users discover available fastpath
handlers. For example, we can add a sysctl which is similar to
net.ipv4.tcp_available_congestion_control, or we can add some sysfs
entries.
2. Enable prviate (not added to global list) bpf based fastpath handlers.
3. More testing for inode local storage.
4. Man pages.
[1] https://lpc.events/event/18/contributions/1717/
[2] https://lpc.events/event/18/contributions/1940/
Song Liu (5):
fanotify: Introduce fanotify fastpath handler
samples/fanotify: Add a sample fanotify fastpath handler
bpf: Make bpf inode storage available to tracing programs
fanotify: Enable bpf based fanotify fastpath handler
selftests/bpf: Add test for BPF based fanotify fastpath handler
MAINTAINERS | 1 +
fs/Makefile | 2 +-
fs/bpf_fs_kfuncs.c | 23 +-
fs/notify/fanotify/Makefile | 2 +-
fs/notify/fanotify/fanotify.c | 25 ++
fs/notify/fanotify/fanotify_fastpath.c | 318 ++++++++++++++++++
fs/notify/fanotify/fanotify_user.c | 7 +
include/linux/bpf.h | 9 +
include/linux/bpf_lsm.h | 29 --
include/linux/fanotify.h | 45 +++
include/linux/fs.h | 4 +
include/linux/fsnotify_backend.h | 3 +
include/uapi/linux/fanotify.h | 26 ++
kernel/bpf/Makefile | 3 +-
kernel/bpf/bpf_inode_storage.c | 174 +++++++---
kernel/bpf/bpf_lsm.c | 4 -
kernel/bpf/verifier.c | 5 +
kernel/trace/bpf_trace.c | 8 +
samples/Kconfig | 20 +-
samples/Makefile | 2 +-
samples/fanotify/.gitignore | 1 +
samples/fanotify/Makefile | 5 +-
samples/fanotify/fastpath-mod.c | 138 ++++++++
samples/fanotify/fastpath-user.c | 90 +++++
security/bpf/hooks.c | 5 -
tools/testing/selftests/bpf/bpf_kfuncs.h | 4 +
tools/testing/selftests/bpf/config | 1 +
.../testing/selftests/bpf/prog_tests/fan_fp.c | 245 ++++++++++++++
tools/testing/selftests/bpf/progs/fan_fp.c | 77 +++++
29 files changed, 1189 insertions(+), 87 deletions(-)
create mode 100644 fs/notify/fanotify/fanotify_fastpath.c
create mode 100644 samples/fanotify/fastpath-mod.c
create mode 100644 samples/fanotify/fastpath-user.c
create mode 100644 tools/testing/selftests/bpf/prog_tests/fan_fp.c
create mode 100644 tools/testing/selftests/bpf/progs/fan_fp.c
--
2.43.5