git.hungrycats.org Git - linux/commit

author	Jan Kara <jack@suse.cz>
	Wed, 17 Jul 2024 14:06:23 +0000 (16:06 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 1 Nov 2024 01:02:34 +0000 (02:02 +0100)
commit	19d0a5b94ffb965bd82b6a4faa71e61f64a0397b
tree	9520adbef2174eb9683e1e4f77d114c931b18850	tree \| snapshot
parent	8da8200ca834fb4af04b7adfeeb414391a6cc2d6	commit \| diff

fsnotify: Avoid data race between fsnotify_recalc_mask() and fsnotify_object_watched()

[ Upstream commit 35ceae44742e1101f9d20adadbbbd92c05d7d659 ]

When __fsnotify_recalc_mask() recomputes the mask on the watched object,
the compiler can "optimize" the code to perform partial updates to the
mask (including zeroing it at the beginning). Thus places checking
the object mask without conn->lock such as fsnotify_object_watched()
could see invalid states of the mask. Make sure the mask update is
performed by one memory store using WRITE_ONCE().

Reported-by: syzbot+701037856c25b143f1ad@syzkaller.appspotmail.com
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Link: https://lore.kernel.org/all/CACT4Y+Zk0ohwwwHSD63U2-PQ=UuamXczr1mKBD6xtj2dyYKBvA@mail.gmail.com
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://patch.msgid.link/20240717140623.27768-1-jack@suse.cz
Signed-off-by: Sasha Levin <sashal@kernel.org>

fs/notify/fsnotify.c		diff \| blob \| history
fs/notify/inotify/inotify_user.c		diff \| blob \| history
fs/notify/mark.c		diff \| blob \| history