linux

mirror of https://github.com/torvalds/linux.git synced 2025-11-01 17:18:25 +02:00

History

Dan Carpenter ee12595147 fanotify: Fix stale file descriptor in copy_event_to_user() This code calls fd_install() which gives the userspace access to the fd. Then if copy_info_records_to_user() fails it calls put_unused_fd(fd) but that will not release it and leads to a stale entry in the file descriptor table. Generally you can't trust the fd after a call to fd_install(). The fix is to delay the fd_install() until everything else has succeeded. Fortunately it requires CAP_SYS_ADMIN to reach this code so the security impact is less. Fixes: `f644bc449b` ("fanotify: fix copy_event_to_user() fid error clean up") Link: https://lore.kernel.org/r/20220128195656.GA26981@kili Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Mathias Krause <minipli@grsecurity.net> Signed-off-by: Jan Kara <jack@suse.cz>		2022-02-01 12:52:07 +01:00
..
dnotify	dnotify: move dnotify sysctl to dnotify.c	2022-01-22 08:33:34 +02:00
fanotify	fanotify: Fix stale file descriptor in copy_event_to_user()	2022-02-01 12:52:07 +01:00
inotify	inotify: simplify subdirectory registration with register_sysctl()	2022-01-22 08:33:35 +02:00
fdinfo.c	fanotify: fix permission model of unprivileged group	2021-05-25 12:21:14 +02:00
fdinfo.h
fsnotify.c	fsnotify: generate FS_RENAME event with rich information	2021-12-15 14:04:27 +01:00
fsnotify.h	fsnotify: count all objects with attached connectors	2021-08-11 13:50:48 +02:00
group.c	fsnotify: clarify object type argument	2021-12-15 14:04:03 +01:00
Kconfig	treewide: Add SPDX license identifier - Makefile/Kconfig	2019-05-21 10:50:46 +02:00
Makefile
mark.c	fsnotify: separate mark iterator type from object type enum	2021-12-15 14:04:06 +01:00
notification.c	fsnotify: Pass group argument to free_event	2021-10-27 12:34:18 +02:00