In mark_remove_from_mask() we destroy marks that have their event mask cleared.
Thus we should not allow the creation of those marks in the first place.
With this patch we check if the mask given from user is 0 in case of FAN_MARK_ADD.
If so we return an error. Same for FAN_MARK_REMOVE since this does not have any
effect.
Signed-off-by: Lino Sanfilippo <[email protected]>
---
fs/notify/fanotify/fanotify_user.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
This patch depends on patch "on group destroy allow all waiters to bypass permission
check" i sent on Nov 19.
diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
index 342d22e..207cdeb 100644
--- a/fs/notify/fanotify/fanotify_user.c
+++ b/fs/notify/fanotify/fanotify_user.c
@@ -780,8 +780,10 @@ SYSCALL_DEFINE(fanotify_mark)(int fanotify_fd, unsigned int flags,
if (flags & ~FAN_ALL_MARK_FLAGS)
return -EINVAL;
switch (flags & (FAN_MARK_ADD | FAN_MARK_REMOVE | FAN_MARK_FLUSH)) {
- case FAN_MARK_ADD:
+ case FAN_MARK_ADD: /* fallthrough */
case FAN_MARK_REMOVE:
+ if (!mask)
+ return -EINVAL;
case FAN_MARK_FLUSH:
break;
default:
--
1.5.6.5
On Mon, 2010-11-22 at 18:46 +0100, Lino Sanfilippo wrote:
> In mark_remove_from_mask() we destroy marks that have their event mask cleared.
> Thus we should not allow the creation of those marks in the first place.
> With this patch we check if the mask given from user is 0 in case of FAN_MARK_ADD.
> If so we return an error. Same for FAN_MARK_REMOVE since this does not have any
> effect.
>
> Signed-off-by: Lino Sanfilippo <[email protected]>
applied. Thanks.