1

I'm testing fanotify, on Linux 5.4 (also tested on 5.8); for the tests, I'm using the fanotify_fid.c example in the fanotify(7) manpage.

Now, the code seems to be very poor - I think there are at least a couple of bugs - but I managed to make it work up to a certain extent nonetheless.

There is a problem I couldn't solve though - open_by_handle_at() fails with Invalid argument.

The following is the sample code I've used, with annotations; it's a simplified and corrected version of the original code; it works with both gcc and clang.
In order to test it, execute it, and in another terminal, execute mktemp (or just create a file/directory under /tmp).

#define _GNU_SOURCE
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/fanotify.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>

#define BUF_SIZE 512

int main(int argc, char **argv) {
  char *filename = "/tmp";

  int fd = fanotify_init(FAN_CLASS_NOTIF | FAN_REPORT_FID, 0);
  if (fd == -1)
    exit(EXIT_FAILURE);

  int ret = fanotify_mark(fd, FAN_MARK_ADD | FAN_MARK_ONLYDIR, FAN_CREATE | FAN_ONDIR, AT_FDCWD, filename);
  if (ret == -1)
    exit(EXIT_FAILURE);

  char events_buf[BUF_SIZE];
  char path[PATH_MAX], procfd_path[PATH_MAX];

  ssize_t len = read(fd, (void *)&events_buf, sizeof(events_buf));
  if (len == -1 && errno != EAGAIN)
    exit(EXIT_FAILURE);

  for (
    struct fanotify_event_metadata *metadata = (struct fanotify_event_metadata *)events_buf;
    FAN_EVENT_OK(metadata, len);
    metadata = FAN_EVENT_NEXT(metadata, len)
  ) {
    struct fanotify_event_info_fid *fid = (struct fanotify_event_info_fid *)(metadata + 1);

    // The mangpage `BUF_SIZE` is 256; this causes `info_type` to be 64 instead of 0
    // (when running `mktemp`), which causes an error.
    if (fid->hdr.info_type != FAN_EVENT_INFO_TYPE_FID) {
      fprintf(stderr, "Received unexpected event info type: %i.\n", fid->hdr.info_type);
      exit(EXIT_FAILURE);
    }

    if (metadata->mask == FAN_CREATE)
      printf("FAN_CREATE (file/directory created)\n");

    struct file_handle *file_handle = (struct file_handle *)fid->handle;

    // The manpage condition is `(ret == -1)`, which seems to be a bug.
    int event_fd = open_by_handle_at(AT_FDCWD, file_handle, O_RDONLY);
    if (event_fd == -1) {
      printf("File handle hex: ");
      for (int i = 0; i < sizeof(struct file_handle); i++)
        printf("%02x ", ((unsigned char *)file_handle)[i]);
      printf("\n");

      perror("open_by_handle_at");
      exit(EXIT_FAILURE);
    }

    snprintf(procfd_path, sizeof(procfd_path), "/proc/self/fd/%d", event_fd);

    ssize_t path_len = readlink(procfd_path, path, sizeof(path) - 1);
    if (path_len == -1) {
        perror("readlink");
        exit(EXIT_FAILURE);
    }

    close(event_fd);
  }
}
Marcus
  • 5,104
  • 2
  • 28
  • 24
  • What is your current directory when you run this? – stark Jan 03 '21 at 14:17
  • @stark the error happens independently of the current location; I've tried from an arbitrary one, and from `/tmp` (`cd /tmp; sudo /path/to/a.out`). – Marcus Jan 03 '21 at 15:51
  • From the man page, 2nd arg must be "a file handle returned by a previous call to name_to_handle_at()" – stark Jan 03 '21 at 16:07
  • In the fanotify headers, the structure the variable field belongs to, is explicitly declared as parameter to `open_by_handle_at(2)`: https://git.io/JLd6V – Marcus Jan 03 '21 at 16:28
  • It was an(other) error in the example. I've created an answer with the solution. – Marcus Jan 03 '21 at 16:37

1 Answers1

1

The 5.4 fanotify(7) man page example has many bugs, one of whom is that the first argument of open_by_handle_at() should be the mount/directory fd, not AT_FDCWD.

Corrected snippets, from the 5.10 man page:

mount_fd = open(argv[1], O_DIRECTORY | O_RDONLY);
if (mount_fd == -1) { /* error handling */ }

// ...

event_fd = open_by_handle_at(mount_fd, file_handle, O_RDONLY);
if (event_fd == -1) { /* error handling */ }
Marcus
  • 5,104
  • 2
  • 28
  • 24