fanotify: call fanotify_events_supported() before path_permission() and security_path_notify() (66052a76) · Commits · git / linux-net

fs/notify/fanotify/fanotify_user.c

+10 −15

Original line number	Diff line number	Diff line
		@@ -1210,6 +1210,7 @@ static int fanotify_find_path(int dfd, const char __user *filename,

		*path = fd_file(f)->f_path;
		path_get(path);
		ret = 0;
		} else {
		unsigned int lookup_flags = 0;

		@@ -1219,22 +1220,7 @@ static int fanotify_find_path(int dfd, const char __user *filename,
		lookup_flags \|= LOOKUP_DIRECTORY;

		ret = user_path_at(dfd, filename, lookup_flags, path);
		if (ret)
		goto out;
		}

		/* you can only watch an inode if you have read permissions on it */
		ret = path_permission(path, MAY_READ);
		if (ret) {
		path_put(path);
		goto out;
		}

		ret = security_path_notify(path, mask, obj_type);
		if (ret)
		path_put(path);

		out:
		return ret;
		}

		@@ -2058,6 +2044,15 @@ static int do_fanotify_mark(int fanotify_fd, unsigned int flags, __u64 mask,
		goto path_put_and_out;
		}

		/* you can only watch an inode if you have read permissions on it */
		ret = path_permission(&path, MAY_READ);
		if (ret)
		goto path_put_and_out;

		ret = security_path_notify(&path, mask, obj_type);
		if (ret)
		goto path_put_and_out;

		if (fid_mode) {
		ret = fanotify_test_fsid(path.dentry, flags, &__fsid);
		if (ret)