1. 25 Apr, 2017 1 commit
    • Amir Goldstein's avatar
      fanotify: don't expose EOPENSTALE to userspace · 4ff33aaf
      Amir Goldstein authored
      When delivering an event to userspace for a file on an NFS share,
      if the file is deleted on server side before user reads the event,
      user will not get the event.
      
      If the event queue contained several events, the stale event is
      quietly dropped and read() returns to user with events read so far
      in the buffer.
      
      If the event queue contains a single stale event or if the stale
      event is a permission event, read() returns to user with the kernel
      internal error code 518 (EOPENSTALE), which is not a POSIX error code.
      
      Check the internal return value -EOPENSTALE in fanotify_read(), just
      the same as it is checked in path_openat() and drop the event in the
      cases that it is not already dropped.
      
      This is a reproducer from Marko Rauhamaa:
      
      Just take the example program listed under "man fanotify" ("fantest")
      and follow these steps:
      
          ==============================================================
          NFS Server    NFS Client(1)     NFS Client(2)
          ==============================================================
          # echo foo >/nfsshare/bar.txt
                        # cat /nfsshare/bar.txt
                        foo
                                          # ./fantest /nfsshare
                                          Press enter key to terminate.
                                          Listening for events.
          # rm -f /nfsshare/bar.txt
                        # cat /nfsshare/bar.txt
                                          read: Unknown error 518
                        cat: /nfsshare/bar.txt: Operation not permitted
          ==============================================================
      
      where NFS Client (1) and (2) are two terminal sessions on a single NFS
      Client machine.
      Reported-by: default avatarMarko Rauhamaa <marko.rauhamaa@f-secure.com>
      Tested-by: default avatarMarko Rauhamaa <marko.rauhamaa@f-secure.com>
      Cc: <linux-api@vger.kernel.org>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAmir Goldstein <amir73il@gmail.com>
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      4ff33aaf
  2. 24 Apr, 2017 1 commit
  3. 10 Apr, 2017 30 commits
  4. 03 Apr, 2017 3 commits
  5. 02 Mar, 2017 2 commits
  6. 09 Feb, 2017 1 commit
  7. 23 Jan, 2017 1 commit
    • Nikolay Borisov's avatar
      inotify: Convert to using per-namespace limits · 1cce1eea
      Nikolay Borisov authored
      This patchset converts inotify to using the newly introduced
      per-userns sysctl infrastructure.
      
      Currently the inotify instances/watches are being accounted in the
      user_struct structure. This means that in setups where multiple
      users in unprivileged containers map to the same underlying
      real user (i.e. pointing to the same user_struct) the inotify limits
      are going to be shared as well, allowing one user(or application) to exhaust
      all others limits.
      
      Fix this by switching the inotify sysctls to using the
      per-namespace/per-user limits. This will allow the server admin to
      set sensible global limits, which can further be tuned inside every
      individual user namespace. Additionally, in order to preserve the
      sysctl ABI make the existing inotify instances/watches sysctls
      modify the values of the initial user namespace.
      Signed-off-by: default avatarNikolay Borisov <n.borisov.lkml@gmail.com>
      Acked-by: default avatarJan Kara <jack@suse.cz>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
      1cce1eea
  8. 23 Dec, 2016 1 commit
    • Jan Kara's avatar
      fsnotify: Remove fsnotify_duplicate_mark() · e3ba7307
      Jan Kara authored
      There are only two calls sites of fsnotify_duplicate_mark(). Those are
      in kernel/audit_tree.c and both are bogus. Vfsmount pointer is unused
      for audit tree, inode pointer and group gets set in
      fsnotify_add_mark_locked() later anyway, mask and free_mark are already
      set in alloc_chunk(). In fact, calling fsnotify_duplicate_mark() is
      actively harmful because following fsnotify_add_mark_locked() will leak
      group reference by overwriting the group pointer. So just remove the two
      calls to fsnotify_duplicate_mark() and the function.
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      [PM: line wrapping to fit in 80 chars]
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      e3ba7307