Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v7.1 2026-04-27T23:40:24+00:00 2026-04-27T23:40:24+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-04-27T23:40:24+00:00 urn:sha1:53b6156308e5ec9f4440e7cd3e84c6d1775167b1 Pull fsnotify fixes from Jan Kara: "Three fixes for fsnotify / fanotify" * tag 'fsnotify_for_v7.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: fsnotify: fix inode reference leak in fsnotify_recalc_mask() fanotify: Fix spelling mistake "enforecement" -> "enforcement" fanotify: fix false positive on permission events 2026-04-16T11:31:04+00:00 Miklos Szeredi mszeredi@redhat.com 2026-04-10T14:49:47+00:00 urn:sha1:7746e3bd4cc19b5092e00d32d676e329bfcb6900 fsnotify_get_mark_safe() may return false for a mark on an unrelated group, which results in bypassing the permission check. Fix by skipping over detached marks that are not in the current group. CC: stable@vger.kernel.org Fixes: abc77577a669 ("fsnotify: Provide framework for dropping SRCU lock in ->handle_event") Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Link: https://patch.msgid.link/20260410144950.156160-1-mszeredi@redhat.com Signed-off-by: Jan Kara <jack@suse.cz> 2026-04-02T07:45:02+00:00 Al Viro viro@zeniv.linux.org.uk 2026-01-24T22:58:48+00:00 urn:sha1:408d8af01f3a4d666620029a85e741906ff96f47 Most of the places using d_alias are loops iterating through all aliases for given inode; introduce a helper macro (for_each_alias(dentry, inode)) and convert open-coded instances of such loop to it. They are easier to read that way and it reduces the noise on the next steps. You _must_ hold inode->i_lock over that thing. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2026-01-23T12:26:37+00:00 Jan Kara jack@suse.cz 2025-10-15T14:02:47+00:00 urn:sha1:a05fc7edd988c176491487ef0ae4dbf5f7a64cd7 Instead of iterating all inodes belonging to a superblock to find inode marks and remove them on umount, iterate all inode connectors for the superblock. This may be substantially faster since there are generally much less inodes with fsnotify marks than all inodes. It also removes one use of sb->s_inodes list which we strive to ultimately remove. Reviewed-by: Amir Goldstein <amir73il@gmail.com> Reviewed-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Jan Kara <jack@suse.cz> 2026-01-23T12:26:20+00:00 Jan Kara jack@suse.cz 2026-01-19T14:54:33+00:00 urn:sha1:94bd01253c3d5b1cd8955bdadeed24af02088094 Introduce a linked list tracking all inode connectors for a superblock. We will use this list when the superblock is getting shutdown to properly clean up all the inode marks instead of relying on scanning all inodes in the superblock which can get rather slow. Suggested-by: Amir Goldstein <amir73il@gmail.com> Reviewed-by: Amir Goldstein <amir73il@gmail.com> Reviewed-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Jan Kara <jack@suse.cz> 2025-12-18T19:41:17+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-12-18T19:41:17+00:00 urn:sha1:9a903e6d9649e45cee9a8588fa3793fdfc5408ee Pull fsnotify fixes from Jan Kara: "Two fsnotify fixes. The fix from Ahelenia makes sure we generate event when modifying inode flags, the fix from Amir disables sending of events from device inodes to their parent directory as it could concievably create a usable side channel attack in case of some devices and so far we aren't aware of anybody depending on the functionality" * tag 'fsnotify_for_v6.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: fs: send fsnotify_xattr()/IN_ATTRIB from vfs_fileattr_set()/chattr(1) fsnotify: do not generate ACCESS/MODIFY events on child for special files 2025-12-15T09:18:46+00:00 Amir Goldstein amir73il@gmail.com 2025-12-07T10:44:55+00:00 urn:sha1:635bc4def026a24e071436f4f356ea08c0eed6ff inotify/fanotify do not allow users with no read access to a file to subscribe to events (e.g. IN_ACCESS/IN_MODIFY), but they do allow the same user to subscribe for watching events on children when the user has access to the parent directory (e.g. /dev). Users with no read access to a file but with read access to its parent directory can still stat the file and see if it was accessed/modified via atime/mtime change. The same is not true for special files (e.g. /dev/null). Users will not generally observe atime/mtime changes when other users read/write to special files, only when someone sets atime/mtime via utimensat(). Align fsnotify events with this stat behavior and do not generate ACCESS/MODIFY events to parent watchers on read/write of special files. The events are still generated to parent watchers on utimensat(). This closes some side-channels that could be possibly used for information exfiltration [1]. [1] https://snee.la/pdf/pubs/file-notification-attacks.pdf Reported-by: Sudheendra Raghav Neela <sneela@tugraz.at> CC: stable@vger.kernel.org Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz> 2025-10-20T18:22:26+00:00 Mateusz Guzik mjguzik@gmail.com 2025-10-09T07:59:18+00:00 urn:sha1:b4dbfd8653b34b0ab6c024ceda32af488c9b5602 All places were patched by coccinelle with the default expecting that ->i_lock is held, afterwards entries got fixed up by hand to use unlocked variants as needed. The script: @@ expression inode, flags; @@ - inode->i_state & flags + inode_state_read(inode) & flags @@ expression inode, flags; @@ - inode->i_state &= ~flags + inode_state_clear(inode, flags) @@ expression inode, flag1, flag2; @@ - inode->i_state &= ~flag1 & ~flag2 + inode_state_clear(inode, flag1 | flag2) @@ expression inode, flags; @@ - inode->i_state |= flags + inode_state_set(inode, flags) @@ expression inode, flags; @@ - inode->i_state = flags + inode_state_assign(inode, flags) @@ expression inode, flags; @@ - flags = inode->i_state + flags = inode_state_read(inode) @@ expression inode, flags; @@ - READ_ONCE(inode->i_state) & flags + inode_state_read(inode) & flags Signed-off-by: Mateusz Guzik <mjguzik@gmail.com> Signed-off-by: Christian Brauner <brauner@kernel.org> 2025-09-01T10:41:09+00:00 Josef Bacik josef@toxicpanda.com 2025-08-26T15:39:02+00:00 urn:sha1:37b27bd5d6217b75d315f28b4399aad0a336f299 Instead of doing direct access to ->i_count, add a helper to handle this. This will make it easier to convert i_count to a refcount later. Signed-off-by: Josef Bacik <josef@toxicpanda.com> Link: https://lore.kernel.org/9bc62a84c6b9d6337781203f60837bd98fbc4a96.1756222464.git.josef@toxicpanda.com Signed-off-by: Christian Brauner <brauner@kernel.org> 2025-07-28T16:14:38+00:00 Amir Goldstein amir73il@gmail.com 2025-07-08T14:36:41+00:00 urn:sha1:0d4c4d4ea443babab6ec1a79f481260963fc969a The most unlikely watched permission event is FAN_ACCESS_PERM, because at the time that it was introduced there were no evictable ignore mark, so subscribing to FAN_ACCESS_PERM would have incured a very high overhead. Yet, when we set the fmode to FMODE_NOTIFY_HSM(), we never skip trying to send FAN_ACCESS_PERM, which is almost always a waste of cycles. We got to this logic because of bundling FAN_OPEN*_PERM and FAN_ACCESS_PERM in the same category and because FAN_OPEN_PERM is a commonly used event. By open coding fsnotify_open_perm() in fsnotify_open_perm_and_set_mode(), we no longer need to regard FAN_OPEN*_PERM when calculating fmode. This leaves the case of having pre-content events and not having any other permission event in the object masks a more likely case than the other way around. Rework the fmode macros and code so that their meaning now refers only to hooks on an already open file: - FMODE_NOTIFY_NONE() skip all events - FMODE_NOTIFY_ACCESS_PERM() send all permission events including FAN_ACCESS_PERM - FMODE_NOTIFY_HSM() send pre-content permission events Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz> Link: https://patch.msgid.link/20250708143641.418603-3-amir73il@gmail.com