AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
45102b538a
kernel_optimize_test/fs/notify
History
Dan Carpenter 7b4741644c fanotify: Fix stale file descriptor in copy_event_to_user() 
commit ee12595147ac1fbfb5bcb23837e26dd58d94b15d upstream.

This code calls fd_install() which gives the userspace access to the fd.
Then if copy_info_records_to_user() fails it calls put_unused_fd(fd) but
that will not release it and leads to a stale entry in the file
descriptor table.

Generally you can't trust the fd after a call to fd_install().  The fix
is to delay the fd_install() until everything else has succeeded.

Fortunately it requires CAP_SYS_ADMIN to reach this code so the security
impact is less.

Fixes: f644bc449b37 ("fanotify: fix copy_event_to_user() fid error clean up")
Link: https://lore.kernel.org/r/20220128195656.GA26981@kili
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Mathias Krause <minipli@grsecurity.net>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-02-05 12:37:56 +01:00
..
dnotify fsnotify: generalize handle_inode_event() 2020-12-30 11:54:18 +01:00
fanotify fanotify: Fix stale file descriptor in copy_event_to_user() 2022-02-05 12:37:56 +01:00
inotify inotify: convert to handle_inode_event() interface 2020-12-30 11:54:18 +01:00
fdinfo.c fsnotify: Remove proc_fs.h include 2020-05-13 17:16:14 +02:00
fdinfo.h
fsnotify.c fsnotify: fix events reported to watching parent and child 2020-12-30 11:54:18 +01:00
fsnotify.h
group.c fsnotify: add mutex destroy 2020-05-13 17:14:20 +02:00
Kconfig
Makefile
mark.c fsnotify: Add missing annotation for fsnotify_finish_user_wait() and for fsnotify_prepare_user_wait() 2020-04-15 11:44:43 +02:00
notification.c