Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp3923885pxj; Mon, 21 Jun 2021 09:28:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwfLn9e4Z/2CQ/1FxS2o7Vs/Syhbg8DJcfQwlnAVvx8eMm0uOdgNK/84hCz55s6AfeK6rcN X-Received: by 2002:a6b:7e47:: with SMTP id k7mr7187343ioq.108.1624292909709; Mon, 21 Jun 2021 09:28:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624292909; cv=none; d=google.com; s=arc-20160816; b=bdzaiqQuS8kb2Of7rk1obszTkVt2BsRK1bWLvJJkHRyVXUc1QpE2efDJCLCZ8qfp9i 7wNNVl42+radXSiE+Rnuj475AFwBFZAg/hJwOwgdlyqak9HeXYuwHpvvW6mVh4A5WI+c oP/zanYsIrgbkmQ3+DXczCNIu6fXDjBmPenm/fUA4UbU3k3UVAP3azTuhgBTJGBp6k1h Sjid9/YnFbtktlrVb0QEOk+Rx498f58p5qOHLQLNU+2XKSi3Jx8QvVpzEhWb2QM1Xu0L nVkTiBipfJc27VykOdLoxudczo9UoaAeFYvZU3DYNcRmHiP8HCDRC9e9omd2FDZWyu+h Qe4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=XzDjoF19xXtssL7gacp7uSvHj0BVScTEEtyt0J+E2fI=; b=s2n3lXmxhP7i57+GNlm3Zos8vsj969sEZQnrqrhA1to4/rbYKqqGe4oRl4/L9lY/sL qOwNOhT8GyTNxiJlS4mH1w2a8gjzig4R4GJZQ6iQkDsaYln9NBjMpRyDGdxSEU5gxMDY 26SC3kZeGLBV2oNxv5vg9ZwWhfIOV+AqLhrUvqMQ4KorwuELrbleWQHHa1d4wCnhOVc0 rcwWw7rPweF7rWo2Mz2smS8XMVwMdG/Cqxz8Rv4UJ9mU2ExUJ20M/AaJvYeBQ2o2YV1Z QvvlKKNYsC+b4c5t1CoAYLo7C0zia3VKZ8fG8GDr3Ow5a9nRYasfjWCm5YgJ52K++9vW aD9g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=WINcD6E8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g5si11499379ilk.102.2021.06.21.09.28.17; Mon, 21 Jun 2021 09:28:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=WINcD6E8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231145AbhFUQ2n (ORCPT + 99 others); Mon, 21 Jun 2021 12:28:43 -0400 Received: from mail.kernel.org ([198.145.29.99]:49228 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231589AbhFUQ1C (ORCPT ); Mon, 21 Jun 2021 12:27:02 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 170616128E; Mon, 21 Jun 2021 16:22:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1624292558; bh=hfnzbVWcwsH8/+bJTSjIfwRk3lyiI9VBxrhkZKJnFCI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WINcD6E8i8uAmID8FPmlxgkXw5B323pDTe8xWym2XVTezY0NJUj/CCZgLTgth3inr N5S+QGoyrOVczLpryCYbldlENY2aFLsHMg3Vstf9yoUiRV/okUUyNiolT2oXuSSwuk ihhDaM/bBqjNVErOj9TXoO6TJUruSE9wuFSX64jY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Matthew Bobrowski , Jan Kara , Sasha Levin Subject: [PATCH 5.10 011/146] fanotify: fix copy_event_to_user() fid error clean up Date: Mon, 21 Jun 2021 18:14:01 +0200 Message-Id: <20210621154911.643012865@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210621154911.244649123@linuxfoundation.org> References: <20210621154911.244649123@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Matthew Bobrowski [ Upstream commit f644bc449b37cc32d3ce7b36a88073873aa21bd5 ] Ensure that clean up is performed on the allocated file descriptor and struct file object in the event that an error is encountered while copying fid info objects. Currently, we return directly to the caller when an error is experienced in the fid info copying helper, which isn't ideal given that the listener process could be left with a dangling file descriptor in their fdtable. Fixes: 5e469c830fdb ("fanotify: copy event fid info to user") Fixes: 44d705b0370b ("fanotify: report name info for FAN_DIR_MODIFY event") Link: https://lore.kernel.org/linux-fsdevel/YMKv1U7tNPK955ho@google.com/T/#m15361cd6399dad4396aad650de25dbf6b312288e Link: https://lore.kernel.org/r/1ef8ae9100101eb1a91763c516c2e9a3a3b112bd.1623376346.git.repnop@google.com Signed-off-by: Matthew Bobrowski Signed-off-by: Jan Kara Signed-off-by: Sasha Levin --- fs/notify/fanotify/fanotify_user.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c index dcab112e1f00..086b6bacbad1 100644 --- a/fs/notify/fanotify/fanotify_user.c +++ b/fs/notify/fanotify/fanotify_user.c @@ -378,7 +378,7 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group, info_type, fanotify_info_name(info), info->name_len, buf, count); if (ret < 0) - return ret; + goto out_close_fd; buf += ret; count -= ret; @@ -426,7 +426,7 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group, fanotify_event_object_fh(event), info_type, dot, dot_len, buf, count); if (ret < 0) - return ret; + goto out_close_fd; buf += ret; count -= ret; -- 2.30.2