Dan Carpenter ee12595147 fanotify: Fix stale file descriptor in copy_event_to_user() ...

This code calls fd_install() which gives the userspace access to the fd.
Then if copy_info_records_to_user() fails it calls put_unused_fd(fd) but
that will not release it and leads to a stale entry in the file
descriptor table.

Generally you can't trust the fd after a call to fd_install().  The fix
is to delay the fd_install() until everything else has succeeded.

Fortunately it requires CAP_SYS_ADMIN to reach this code so the security
impact is less.

Fixes: f644bc449b37 ("fanotify: fix copy_event_to_user() fid error clean up")
Link: https://lore.kernel.org/r/20220128195656.GA26981@kili
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Mathias Krause <minipli@grsecurity.net>
Signed-off-by: Jan Kara <jack@suse.cz>

2022-02-01 12:52:07 +01:00

..

dnotify

dnotify: move dnotify sysctl to dnotify.c

2022-01-22 08:33:34 +02:00

fanotify

fanotify: Fix stale file descriptor in copy_event_to_user()

2022-02-01 12:52:07 +01:00

inotify

inotify: simplify subdirectory registration with register_sysctl()

2022-01-22 08:33:35 +02:00

fdinfo.c

fanotify: fix permission model of unprivileged group

2021-05-25 12:21:14 +02:00

fdinfo.h

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

fsnotify.c

fsnotify: generate FS_RENAME event with rich information

2021-12-15 14:04:27 +01:00

fsnotify.h

fsnotify: count all objects with attached connectors

2021-08-11 13:50:48 +02:00

group.c

fsnotify: clarify object type argument

2021-12-15 14:04:03 +01:00

Kconfig

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

Makefile

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

mark.c

fsnotify: separate mark iterator type from object type enum

2021-12-15 14:04:06 +01:00

notification.c

fsnotify: Pass group argument to free_event

2021-10-27 12:34:18 +02:00