Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp3923885pxj;
        Mon, 21 Jun 2021 09:28:29 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwfLn9e4Z/2CQ/1FxS2o7Vs/Syhbg8DJcfQwlnAVvx8eMm0uOdgNK/84hCz55s6AfeK6rcN
X-Received: by 2002:a6b:7e47:: with SMTP id k7mr7187343ioq.108.1624292909709;
        Mon, 21 Jun 2021 09:28:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1624292909; cv=none;
        d=google.com; s=arc-20160816;
        b=bdzaiqQuS8kb2Of7rk1obszTkVt2BsRK1bWLvJJkHRyVXUc1QpE2efDJCLCZ8qfp9i
         7wNNVl42+radXSiE+Rnuj475AFwBFZAg/hJwOwgdlyqak9HeXYuwHpvvW6mVh4A5WI+c
         oP/zanYsIrgbkmQ3+DXczCNIu6fXDjBmPenm/fUA4UbU3k3UVAP3azTuhgBTJGBp6k1h
         Sjid9/YnFbtktlrVb0QEOk+Rx498f58p5qOHLQLNU+2XKSi3Jx8QvVpzEhWb2QM1Xu0L
         nVkTiBipfJc27VykOdLoxudczo9UoaAeFYvZU3DYNcRmHiP8HCDRC9e9omd2FDZWyu+h
         Qe4w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=XzDjoF19xXtssL7gacp7uSvHj0BVScTEEtyt0J+E2fI=;
        b=s2n3lXmxhP7i57+GNlm3Zos8vsj969sEZQnrqrhA1to4/rbYKqqGe4oRl4/L9lY/sL
         qOwNOhT8GyTNxiJlS4mH1w2a8gjzig4R4GJZQ6iQkDsaYln9NBjMpRyDGdxSEU5gxMDY
         26SC3kZeGLBV2oNxv5vg9ZwWhfIOV+AqLhrUvqMQ4KorwuELrbleWQHHa1d4wCnhOVc0
         rcwWw7rPweF7rWo2Mz2smS8XMVwMdG/Cqxz8Rv4UJ9mU2ExUJ20M/AaJvYeBQ2o2YV1Z
         QvvlKKNYsC+b4c5t1CoAYLo7C0zia3VKZ8fG8GDr3Ow5a9nRYasfjWCm5YgJ52K++9vW
         aD9g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=WINcD6E8;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id g5si11499379ilk.102.2021.06.21.09.28.17;
        Mon, 21 Jun 2021 09:28:29 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=WINcD6E8;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231145AbhFUQ2n (ORCPT <rfc822;lwx169@gmail.com> + 99 others);
        Mon, 21 Jun 2021 12:28:43 -0400
Received: from mail.kernel.org ([198.145.29.99]:49228 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S231589AbhFUQ1C (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 21 Jun 2021 12:27:02 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id 170616128E;
        Mon, 21 Jun 2021 16:22:37 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1624292558;
        bh=hfnzbVWcwsH8/+bJTSjIfwRk3lyiI9VBxrhkZKJnFCI=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=WINcD6E8i8uAmID8FPmlxgkXw5B323pDTe8xWym2XVTezY0NJUj/CCZgLTgth3inr
         N5S+QGoyrOVczLpryCYbldlENY2aFLsHMg3Vstf9yoUiRV/okUUyNiolT2oXuSSwuk
         ihhDaM/bBqjNVErOj9TXoO6TJUruSE9wuFSX64jY=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Matthew Bobrowski <repnop@google.com>,
        Jan Kara <jack@suse.cz>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.10 011/146] fanotify: fix copy_event_to_user() fid error clean up
Date:   Mon, 21 Jun 2021 18:14:01 +0200
Message-Id: <20210621154911.643012865@linuxfoundation.org>
X-Mailer: git-send-email 2.32.0
In-Reply-To: <20210621154911.244649123@linuxfoundation.org>
References: <20210621154911.244649123@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Matthew Bobrowski <repnop@google.com>

[ Upstream commit f644bc449b37cc32d3ce7b36a88073873aa21bd5 ]

Ensure that clean up is performed on the allocated file descriptor and
struct file object in the event that an error is encountered while copying
fid info objects. Currently, we return directly to the caller when an error
is experienced in the fid info copying helper, which isn't ideal given that
the listener process could be left with a dangling file descriptor in their
fdtable.

Fixes: 5e469c830fdb ("fanotify: copy event fid info to user")
Fixes: 44d705b0370b ("fanotify: report name info for FAN_DIR_MODIFY event")
Link: https://lore.kernel.org/linux-fsdevel/YMKv1U7tNPK955ho@google.com/T/#m15361cd6399dad4396aad650de25dbf6b312288e
Link: https://lore.kernel.org/r/1ef8ae9100101eb1a91763c516c2e9a3a3b112bd.1623376346.git.repnop@google.com
Signed-off-by: Matthew Bobrowski <repnop@google.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/notify/fanotify/fanotify_user.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
index dcab112e1f00..086b6bacbad1 100644
--- a/fs/notify/fanotify/fanotify_user.c
+++ b/fs/notify/fanotify/fanotify_user.c
@@ -378,7 +378,7 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group,
 					info_type, fanotify_info_name(info),
 					info->name_len, buf, count);
 		if (ret < 0)
-			return ret;
+			goto out_close_fd;
 
 		buf += ret;
 		count -= ret;
@@ -426,7 +426,7 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group,
 					fanotify_event_object_fh(event),
 					info_type, dot, dot_len, buf, count);
 		if (ret < 0)
-			return ret;
+			goto out_close_fd;
 
 		buf += ret;
 		count -= ret;
-- 
2.30.2