From: Greg Kroah-Hartman Date: Mon, 4 Feb 2019 10:36:14 +0000 (+0100) Subject: 4.14-stable patches X-Git-Tag: v4.20.7~4 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fae7b1e524e9091242aa8a9ac9cf2ea3e30a175d;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: fanotify-fix-handling-of-events-on-child-sub-directory.patch --- diff --git a/queue-4.14/fanotify-fix-handling-of-events-on-child-sub-directory.patch b/queue-4.14/fanotify-fix-handling-of-events-on-child-sub-directory.patch new file mode 100644 index 00000000000..64d44dd5795 --- /dev/null +++ b/queue-4.14/fanotify-fix-handling-of-events-on-child-sub-directory.patch @@ -0,0 +1,66 @@ +From b469e7e47c8a075cc08bcd1e85d4365134bdcdd5 Mon Sep 17 00:00:00 2001 +From: Amir Goldstein +Date: Tue, 30 Oct 2018 20:29:53 +0200 +Subject: fanotify: fix handling of events on child sub-directory + +From: Amir Goldstein + +commit b469e7e47c8a075cc08bcd1e85d4365134bdcdd5 upstream. + +When an event is reported on a sub-directory and the parent inode has +a mark mask with FS_EVENT_ON_CHILD|FS_ISDIR, the event will be sent to +fsnotify() even if the event type is not in the parent mark mask +(e.g. FS_OPEN). + +Further more, if that event happened on a mount or a filesystem with +a mount/sb mark that does have that event type in their mask, the "on +child" event will be reported on the mount/sb mark. That is not +desired, because user will get a duplicate event for the same action. + +Note that the event reported on the victim inode is never merged with +the event reported on the parent inode, because of the check in +should_merge(): old_fsn->inode == new_fsn->inode. + +Fix this by looking for a match of an actual event type (i.e. not just +FS_ISDIR) in parent's inode mark mask and by not reporting an "on child" +event to group if event type is only found on mount/sb marks. + +[backport hint: The bug seems to have always been in fanotify, but this + patch will only apply cleanly to v4.19.y] + +Cc: # v4.19 +Signed-off-by: Amir Goldstein +Signed-off-by: Jan Kara +[amir: backport to v4.9] +Signed-off-by: Amir Goldstein +Signed-off-by: Greg Kroah-Hartman + +--- + fs/notify/fsnotify.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/fs/notify/fsnotify.c ++++ b/fs/notify/fsnotify.c +@@ -158,9 +158,9 @@ int __fsnotify_parent(const struct path + parent = dget_parent(dentry); + p_inode = parent->d_inode; + +- if (unlikely(!fsnotify_inode_watches_children(p_inode))) ++ if (unlikely(!fsnotify_inode_watches_children(p_inode))) { + __fsnotify_update_child_dentry_flags(p_inode); +- else if (p_inode->i_fsnotify_mask & mask) { ++ } else if (p_inode->i_fsnotify_mask & mask & ~FS_EVENT_ON_CHILD) { + struct name_snapshot name; + + /* we are notifying a parent so come up with the new mask which +@@ -264,6 +264,10 @@ int fsnotify(struct inode *to_tell, __u3 + else + mnt = NULL; + ++ /* An event "on child" is not intended for a mount mark */ ++ if (mask & FS_EVENT_ON_CHILD) ++ mnt = NULL; ++ + /* + * Optimization: srcu_read_lock() has a memory barrier which can + * be expensive. It protects walking the *_fsnotify_marks lists. diff --git a/queue-4.14/series b/queue-4.14/series index 7bea22557a2..fa3fb637b8b 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -43,3 +43,4 @@ mm-migrate-don-t-rely-on-__pagemovable-of-newpage-after-unlocking-it.patch md-raid5-fix-out-of-memory-during-raid-cache-recovery.patch cifs-always-resolve-hostname-before-reconnecting.patch drivers-core-remove-glue-dirs-from-sysfs-earlier.patch +fanotify-fix-handling-of-events-on-child-sub-directory.patch