kernel/fs/notify, branch linux-5.1.y

fanotify: update connector fsid cache on add mark

2019-07-03T11:13:44Z

commit c285a2f01d692ef48d7243cf1072897bbd237407 upstream. When implementing connector fsid cache, we only initialized the cache when the first mark added to object was added by FAN_REPORT_FID group. We forgot to update conn->fsid when the second mark is added by FAN_REPORT_FID group to an already attached connector without fsid cache. Reported-and-tested-by: syzbot+c277e8e2f46414645508@syzkaller.appspotmail.com Fixes: 77115225acc6 ("fanotify: cache fsid in fsnotify_mark_connector") Signed-off-by: Amir Goldstein Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman

fsnotify: fix unlink performance regression

2019-05-25T16:16:35Z

commit 4d8e7055a4058ee191296699803c5090e14f0dff upstream. __fsnotify_parent() has an optimization in place to avoid unneeded take_dentry_name_snapshot(). When fsnotify_nameremove() was changed not to call __fsnotify_parent(), we left out the optimization. Kernel test robot reported a 5% performance regression in concurrent unlink() workload. Reported-by: kernel test robot Link: https://lore.kernel.org/lkml/20190505062153.GG29809@shao2-debian/ Link: https://lore.kernel.org/linux-fsdevel/20190104090357.GD22409@quack2.suse.cz/ Fixes: 5f02a8776384 ("fsnotify: annotate directory entry modification events") CC: stable@vger.kernel.org Signed-off-by: Amir Goldstein Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman

fsnotify: Fix NULL ptr deref in fanotify_get_fsid()

2019-04-28T20:14:50Z

fanotify_get_fsid() is reading mark->connector->fsid under srcu. It can happen that it sees mark not fully initialized or mark that is already detached from the object list. In these cases mark->connector can be NULL leading to NULL ptr dereference. Fix the problem by being careful when reading mark->connector and check it for being NULL. Also use WRITE_ONCE when writing the mark just to prevent compiler from doing something stupid. Reported-by: syzbot+15927486a4f1bfcbaf91@syzkaller.appspotmail.com Fixes: 77115225acc6 ("fanotify: cache fsid in fsnotify_mark_connector") Signed-off-by: Jan Kara

fanotify: Allow copying of file handle to userspace

2019-03-19T08:29:07Z

When file handle is embedded inside fanotify_event and usercopy checks are enabled, we get a warning like: Bad or missing usercopy whitelist? Kernel memory exposure attempt detected from SLAB object 'fanotify_event' (offset 40, size 8)! WARNING: CPU: 1 PID: 7649 at mm/usercopy.c:78 usercopy_warn+0xeb/0x110 mm/usercopy.c:78 Annotate handling in fanotify_event properly to mark copying it to userspace is fine. Reported-by: syzbot+2c49971e251e36216d1f@syzkaller.appspotmail.com Fixes: a8b13aa20afb ("fanotify: enable FAN_REPORT_FID init flag") Signed-off-by: Kees Cook Reviewed-by: Amir Goldstein Signed-off-by: Jan Kara

inotify: Fix fsnotify_mark refcount leak in inotify_update_existing_watch()

2019-03-11T09:13:17Z

Commit 4d97f7d53da7dc83 ("inotify: Add flag IN_MASK_CREATE for inotify_add_watch()") forgot to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark() Fixes: 4d97f7d53da7dc83 ("inotify: Add flag IN_MASK_CREATE for inotify_add_watch()") Signed-off-by: ZhangXiaoxu Signed-off-by: Jan Kara

fanotify: Make waits for fanotify events only killable

2019-02-21T10:47:23Z

Making waits for response to fanotify permission events interruptible can result in EINTR returns from open(2) or other syscalls when there's e.g. AV software that's monitoring the file. Orion reports that e.g. bash is complaining like: bash: /etc/bash_completion.d/itweb-settings.bash: Interrupted system call So for now convert the wait from interruptible to only killable one. That is mostly invisible to userspace. Sadly this breaks hibernation with fanotify permission events pending again but we have to put more thought into how to fix this without regressing userspace visible behavior. Reported-by: Orion Poplawski Signed-off-by: Jan Kara

fanotify: Use interruptible wait when waiting for permission events

2019-02-18T11:41:16Z

When waiting for response to fanotify permission events, we currently use uninterruptible waits. That makes code simple however it can cause lots of processes to end up in uninterruptible sleep with hard reboot being the only alternative in case fanotify listener process stops responding (e.g. due to a bug in its implementation). Uninterruptible sleep also makes system hibernation fail if the listener gets frozen before the process generating fanotify permission event. Fix these problems by using interruptible sleep for waiting for response to fanotify event. This is slightly tricky though - we have to detect when the event got already reported to userspace as in that case we must not free the event. Instead we push the responsibility for freeing the event to the process that will write response to the event. Reported-by: Orion Poplawski Reported-by: Konstantin Khlebnikov Reviewed-by: Amir Goldstein Signed-off-by: Jan Kara

fanotify: Track permission event state

2019-02-18T11:41:16Z

Track whether permission event got already reported to userspace and whether userspace already answered to the permission event. Protect stores to this field together with updates to ->response field by group->notification_lock. This will allow aborting wait for reply to permission event from userspace. Reviewed-by: Amir Goldstein Signed-off-by: Jan Kara

fanotify: Simplify cleaning of access_list

2019-02-18T11:41:16Z

Simplify iteration cleaning access_list in fanotify_release(). That will make following changes more obvious. Reviewed-by: Amir Goldstein Signed-off-by: Jan Kara

fsnotify: Create function to remove event from notification list

2019-02-18T11:41:16Z

Create function to remove event from the notification list. Later it will be used from more places. Reviewed-by: Amir Goldstein Signed-off-by: Jan Kara