47 lines
1.5 KiB
Diff
47 lines
1.5 KiB
Diff
From: ZhangXiaoxu <zhangxiaoxu5@huawei.com>
|
|
Date: Sat, 2 Mar 2019 09:17:32 +0800
|
|
Subject: inotify: Fix fsnotify_mark refcount leak in
|
|
inotify_update_existing_watch()
|
|
Origin: https://git.kernel.org/linus/62c9d2674b31d4c8a674bee86b7edc6da2803aea
|
|
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-9857
|
|
|
|
Commit 4d97f7d53da7dc83 ("inotify: Add flag IN_MASK_CREATE for
|
|
inotify_add_watch()") forgot to call fsnotify_put_mark() with
|
|
IN_MASK_CREATE after fsnotify_find_mark()
|
|
|
|
Fixes: 4d97f7d53da7dc83 ("inotify: Add flag IN_MASK_CREATE for inotify_add_watch()")
|
|
Signed-off-by: ZhangXiaoxu <zhangxiaoxu5@huawei.com>
|
|
Signed-off-by: Jan Kara <jack@suse.cz>
|
|
---
|
|
fs/notify/inotify/inotify_user.c | 7 +++++--
|
|
1 file changed, 5 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c
|
|
index e2901fbb9f76..7b53598c8804 100644
|
|
--- a/fs/notify/inotify/inotify_user.c
|
|
+++ b/fs/notify/inotify/inotify_user.c
|
|
@@ -519,8 +519,10 @@ static int inotify_update_existing_watch(struct fsnotify_group *group,
|
|
fsn_mark = fsnotify_find_mark(&inode->i_fsnotify_marks, group);
|
|
if (!fsn_mark)
|
|
return -ENOENT;
|
|
- else if (create)
|
|
- return -EEXIST;
|
|
+ else if (create) {
|
|
+ ret = -EEXIST;
|
|
+ goto out;
|
|
+ }
|
|
|
|
i_mark = container_of(fsn_mark, struct inotify_inode_mark, fsn_mark);
|
|
|
|
@@ -548,6 +550,7 @@ static int inotify_update_existing_watch(struct fsnotify_group *group,
|
|
/* return the wd */
|
|
ret = i_mark->wd;
|
|
|
|
+out:
|
|
/* match the get from fsnotify_find_mark() */
|
|
fsnotify_put_mark(fsn_mark);
|
|
|
|
--
|
|
2.11.0
|
|
|