leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

\n

Browse Source 
-----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEq1nRK9aeMoq1VSgcnJ2qBz9kQNkFAlyTUdgACgkQnJ2qBz9k
 QNm8IAgAs38MqUpxZircs/li5fLhFUDr1bELH8gsdwbmBrQST/X5giAk1JFLsga3
 2zaWnpjiQAw0K0vfUNYxu5c2V6eo+5gbEL3wwZ2Q4/ORilv36Sbh8KT8nfsMESfz
 YKwu27Eek+KDk2y6cRuJTWACPB9ohVoxWiomcerOhJy40/56ctCngDczP6r+dXuy
 MGH6GA3zT8IixX1vNv4qzoiDX7fbWAlWaH6Ni66EgGtVhsdRkhsmv70ZLzkMzIqr
 oaEXCxRzUk1sy47HDzqEABeFcR0esGzj41NklZ32mqTOst/T1s9PM0Ao3grAX1x/
 jUBkV0bHkN/HyNy6bjfSi6ioHnCIkA==
 =Fn5R
 -----END PGP SIGNATURE-----

Merge tag 'fsnotify_for_v5.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs

Pull fsnotify fixes from Jan Kara:
 "One inotify and one fanotify fix"

* tag 'fsnotify_for_v5.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
  fanotify: Allow copying of file handle to userspace
  inotify: Fix fsnotify_mark refcount leak in inotify_update_existing_watch()
This commit is contained in:
Linus Torvalds 2019-03-21 10:24:00 -07:00
commit 7294fbd441
2 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
fs/notify/fanotify/fanotify_user.c
View File

@ -208,6 +208,7 @@ static int copy_fid_to_user(struct fanotify_event *event, char __user *buf)
{
struct fanotify_event_info_fid info = { };
struct file_handle handle = { };
unsigned char bounce[FANOTIFY_INLINE_FH_LEN], *fh;
size_t fh_len = event->fh_len;
size_t len = fanotify_event_info_len(event);
@ -233,7 +234,16 @@ static int copy_fid_to_user(struct fanotify_event *event, char __user *buf)
buf += sizeof(handle);
len -= sizeof(handle);
if (copy_to_user(buf, fanotify_event_fh(event), fh_len))
/*
* For an inline fh, copy through stack to exclude the copy from
* usercopy hardening protections.
*/
fh = fanotify_event_fh(event);
if (fh_len <= FANOTIFY_INLINE_FH_LEN) {
memcpy(bounce, fh, fh_len);
fh = bounce;
}
if (copy_to_user(buf, fh, fh_len))
return -EFAULT;
/* Pad with 0's */

7
fs/notify/inotify/inotify_user.c
View File

@ -519,8 +519,10 @@ static int inotify_update_existing_watch(struct fsnotify_group *group,
fsn_mark = fsnotify_find_mark(&inode->i_fsnotify_marks, group);
if (!fsn_mark)
return -ENOENT;
else if (create)
return -EEXIST;
else if (create) {
ret = -EEXIST;
goto out;
}
i_mark = container_of(fsn_mark, struct inotify_inode_mark, fsn_mark);
@ -548,6 +550,7 @@ static int inotify_update_existing_watch(struct fsnotify_group *group,
/* return the wd */
ret = i_mark->wd;
out:
/* match the get from fsnotify_find_mark() */
fsnotify_put_mark(fsn_mark);