linux/fs/notify
Jan Kara c915d8f591 inotify: Avoid reporting event with invalid wd
When inotify_freeing_mark() races with inotify_handle_inode_event() it
can happen that inotify_handle_inode_event() sees that i_mark->wd got
already reset to -1 and reports this value to userspace which can
confuse the inotify listener. Avoid the problem by validating that wd is
sensible (and pretend the mark got removed before the event got
generated otherwise).

CC: stable@vger.kernel.org
Fixes: 7e790dd5fc ("inotify: fix error paths in inotify_update_watch")
Message-Id: <20230424163219.9250-1-jack@suse.cz>
Reported-by: syzbot+4a06d4373fd52f0b2f9c@syzkaller.appspotmail.com
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
2023-04-25 12:36:55 +02:00
..
dnotify dnotify: use fsnotify group lock helpers 2022-04-25 14:37:34 +02:00
fanotify fanotify: use pidfd_prepare() 2023-04-03 11:16:57 +02:00
inotify inotify: Avoid reporting event with invalid wd 2023-04-25 12:36:55 +02:00
fdinfo.c fanotify: prepare for setting event flags in ignore mask 2022-07-01 14:51:13 +02:00
fdinfo.h
fsnotify.c fsnotify: Fix comment typo 2022-07-26 13:38:47 +02:00
fsnotify.h fsnotify: remove unused declaration 2022-09-09 11:40:03 +02:00
group.c fsnotify: create helpers for group mark_mutex lock 2022-04-25 14:37:22 +02:00
Kconfig fs/notify: Remove "select SRCU" 2023-02-02 16:26:06 -08:00
Makefile
mark.c fsnotify: allow adding an inode mark without pinning inode 2022-04-25 14:42:45 +02:00
notification.c fsnotify: Pass group argument to free_event 2021-10-27 12:34:18 +02:00