linux-hardened/fs/notify
Amir Goldstein 4ff33aafd3 fanotify: don't expose EOPENSTALE to userspace
When delivering an event to userspace for a file on an NFS share,
if the file is deleted on server side before user reads the event,
user will not get the event.

If the event queue contained several events, the stale event is
quietly dropped and read() returns to user with events read so far
in the buffer.

If the event queue contains a single stale event or if the stale
event is a permission event, read() returns to user with the kernel
internal error code 518 (EOPENSTALE), which is not a POSIX error code.

Check the internal return value -EOPENSTALE in fanotify_read(), just
the same as it is checked in path_openat() and drop the event in the
cases that it is not already dropped.

This is a reproducer from Marko Rauhamaa:

Just take the example program listed under "man fanotify" ("fantest")
and follow these steps:

    ==============================================================
    NFS Server    NFS Client(1)     NFS Client(2)
    ==============================================================
    # echo foo >/nfsshare/bar.txt
                  # cat /nfsshare/bar.txt
                  foo
                                    # ./fantest /nfsshare
                                    Press enter key to terminate.
                                    Listening for events.
    # rm -f /nfsshare/bar.txt
                  # cat /nfsshare/bar.txt
                                    read: Unknown error 518
                  cat: /nfsshare/bar.txt: Operation not permitted
    ==============================================================

where NFS Client (1) and (2) are two terminal sessions on a single NFS
Client machine.

Reported-by: Marko Rauhamaa <marko.rauhamaa@f-secure.com>
Tested-by: Marko Rauhamaa <marko.rauhamaa@f-secure.com>
Cc: <linux-api@vger.kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
2017-04-25 15:48:06 +02:00
..
dnotify fsnotify: Move ->free_mark callback to fsnotify_ops 2017-04-10 17:37:36 +02:00
fanotify fanotify: don't expose EOPENSTALE to userspace 2017-04-25 15:48:06 +02:00
inotify fsnotify: Move ->free_mark callback to fsnotify_ops 2017-04-10 17:37:36 +02:00
fdinfo.c fsnotify: Move object pointer to fsnotify_mark_connector 2017-04-10 17:37:35 +02:00
fdinfo.h fs: Convert show_fdinfo functions to void 2014-11-05 14:13:23 -05:00
fsnotify.c fsnotify: Drop inode_mark.c 2017-04-10 17:37:36 +02:00
fsnotify.h fsnotify: Remove fsnotify_find_{inode|vfsmount}_mark() 2017-04-10 17:37:36 +02:00
group.c fsnotify: Remove fsnotify_detach_group_marks() 2017-04-10 17:37:36 +02:00
Kconfig rcu: Make SRCU optional by using CONFIG_SRCU 2015-01-06 11:04:29 -08:00
Makefile fsnotify: Drop inode_mark.c 2017-04-10 17:37:36 +02:00
mark.c fsnotify: remove a stray unlock 2017-04-24 16:41:28 +02:00
notification.c fsnotify: clean up spinlock assertions 2016-10-07 18:46:26 -07:00