Skip to content

Commit

Permalink
Merge tag 'fsnotify_for_v6.6-rc7' of git://git.kernel.org/pub/scm/lin…
Browse files Browse the repository at this point in the history 
…ux/kernel/git/jack/linux-fs

Pull fanotify fix from Jan Kara:
 "Disable superblock / mount marks for filesystems that can encode file
  handles but not open them (currently only overlayfs).

  It is not clear the functionality is useful in any way so let's better
  disable it before someone comes up with some creative misuse"

* tag 'fsnotify_for_v6.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
  fanotify: limit reporting of event with non-decodeable file handles
  • Loading branch information
Linus Torvalds committed Oct 20, 2023
2 parents f20f29c + 97ac489 commit 0e97fd2
Showing 1 changed file with 17 additions and 8 deletions.
25 changes: 17 additions & 8 deletions fs/notify/fanotify/fanotify_user.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1585,16 +1585,25 @@ static int fanotify_test_fsid(struct dentry *dentry, __kernel_fsid_t *fsid)
}

/* Check if filesystem can encode a unique fid */
static int fanotify_test_fid(struct dentry *dentry)
static int fanotify_test_fid(struct dentry *dentry, unsigned int flags)
{
unsigned int mark_type = flags & FANOTIFY_MARK_TYPE_BITS;
const struct export_operations *nop = dentry->d_sb->s_export_op;

/*
* We need to make sure that the filesystem supports encoding of
* file handles so user can use name_to_handle_at() to compare fids
* reported with events to the file handle of watched objects.
*/
if (!nop)
return -EOPNOTSUPP;

/*
* We need to make sure that the file system supports at least
* encoding a file handle so user can use name_to_handle_at() to
* compare fid returned with event to the file handle of watched
* objects. However, even the relaxed AT_HANDLE_FID flag requires
* at least empty export_operations for ecoding unique file ids.
* For sb/mount mark, we also need to make sure that the filesystem
* supports decoding file handles, so user has a way to map back the
* reported fids to filesystem objects.
*/
if (!dentry->d_sb->s_export_op)
if (mark_type != FAN_MARK_INODE && !nop->fh_to_dentry)
return -EOPNOTSUPP;

return 0;
Expand Down Expand Up @@ -1812,7 +1821,7 @@ static int do_fanotify_mark(int fanotify_fd, unsigned int flags, __u64 mask,
if (ret)
goto path_put_and_out;

ret = fanotify_test_fid(path.dentry);
ret = fanotify_test_fid(path.dentry, flags);
if (ret)
goto path_put_and_out;

Expand Down

0 comments on commit 0e97fd2

Please sign in to comment.