2 files changed, 34 insertions, 2 deletions
diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
index bbcb98e7fcc6..1c09e6321c5e 100644
--- a/fs/notify/fanotify/fanotify_user.c
+++ b/fs/notify/fanotify/fanotify_user.c
@@ -664,6 +664,20 @@ SYSCALL_DEFINE2(fanotify_init, unsigned int, flags, unsigned int, event_f_flags)
        init_waitqueue_head(&group->fanotify_data.access_waitq);
        INIT_LIST_HEAD(&group->fanotify_data.access_list);
 #endif
+        switch (flags & FAN_ALL_CLASS_BITS) {
+        case FAN_CLASS_NOTIF:
+                group->priority = FS_PRIO_0;
+                break;
+        case FAN_CLASS_CONTENT:
+                group->priority = FS_PRIO_1;
+                break;
+        case FAN_CLASS_PRE_CONTENT:
+                group->priority = FS_PRIO_2;
+                break;
+        default:
+                fd = -EINVAL;
+                goto out_put_group;
+        }
        fd = anon_inode_getfd("[fanotify]", &fanotify_fops, group, f_flags);
        if (fd < 0)
@@ -719,6 +733,16 @@ SYSCALL_DEFINE(fanotify_mark)(int fanotify_fd, unsigned int flags,
        ret = -EINVAL;
        if (unlikely(filp->f_op != &fanotify_fops))
                goto fput_and_out;
+        group = filp->private_data;
+        /*
+         * group->priority == FS_PRIO_0 == FAN_CLASS_NOTIF.  These are not
+         * allowed to set permissions events.
+         */
+        ret = -EINVAL;
+        if (mask & FAN_ALL_PERM_EVENTS &&
+            group->priority == FS_PRIO_0)
+                goto fput_and_out;
        ret = fanotify_find_path(dfd, pathname, &path, flags);
        if (ret)
@@ -729,7 +753,6 @@ SYSCALL_DEFINE(fanotify_mark)(int fanotify_fd, unsigned int flags,
                inode = path.dentry->d_inode;
        else
                mnt = path.mnt;
-        group = filp->private_data;
        /* create/update an inode mark */
        switch (flags & (FAN_MARK_ADD | FAN_MARK_REMOVE | FAN_MARK_FLUSH)) {
diff --git a/include/linux/fanotify.h b/include/linux/fanotify.h
index 63531a6b4d2a..2c89ce7b644e 100644
--- a/include/linux/fanotify.h
+++ b/include/linux/fanotify.h
@@ -25,7 +25,16 @@
 #define FAN_CLOEXEC             0x00000001
 #define FAN_NONBLOCK            0x00000002
-#define FAN_ALL_INIT_FLAGS      (FAN_CLOEXEC | FAN_NONBLOCK)
+/* These are NOT bitwise flags.  Both bits are used togther.  */
+#define FAN_CLASS_NOTIF         0x00000000
+#define FAN_CLASS_CONTENT       0x00000004
+#define FAN_CLASS_PRE_CONTENT   0x00000008
+#define FAN_ALL_CLASS_BITS      (FAN_CLASS_NOTIF | FAN_CLASS_CONTENT | \
+                                 FAN_CLASS_PRE_CONTENT)
+#define FAN_ALL_INIT_FLAGS      (FAN_CLOEXEC | FAN_NONBLOCK | \
+                                 FAN_ALL_CLASS_BITS)
 /* flags used for fanotify_modify_mark() */
 #define FAN_MARK_ADD            0x00000001

diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c index bbcb98e7fcc6..1c09e6321c5e 100644 --- a/fs/notify/fanotify/fanotify_user.c +++ b/fs/notify/fanotify/fanotify_user.c
@@ -664,6 +664,20 @@ SYSCALL_DEFINE2(fanotify_init, unsigned int, flags, unsigned int, event_f_flags)
664	init_waitqueue_head(&group->fanotify_data.access_waitq);	664	init_waitqueue_head(&group->fanotify_data.access_waitq);
665	INIT_LIST_HEAD(&group->fanotify_data.access_list);	665	INIT_LIST_HEAD(&group->fanotify_data.access_list);
666	#endif	666	#endif
		667	switch (flags & FAN_ALL_CLASS_BITS) {
		668	case FAN_CLASS_NOTIF:
		669	group->priority = FS_PRIO_0;
		670	break;
		671	case FAN_CLASS_CONTENT:
		672	group->priority = FS_PRIO_1;
		673	break;
		674	case FAN_CLASS_PRE_CONTENT:
		675	group->priority = FS_PRIO_2;
		676	break;
		677	default:
		678	fd = -EINVAL;
		679	goto out_put_group;
		680	}
667		681
668	fd = anon_inode_getfd("[fanotify]", &fanotify_fops, group, f_flags);	682	fd = anon_inode_getfd("[fanotify]", &fanotify_fops, group, f_flags);
669	if (fd < 0)	683	if (fd < 0)
@@ -719,6 +733,16 @@ SYSCALL_DEFINE(fanotify_mark)(int fanotify_fd, unsigned int flags,
719	ret = -EINVAL;	733	ret = -EINVAL;
720	if (unlikely(filp->f_op != &fanotify_fops))	734	if (unlikely(filp->f_op != &fanotify_fops))
721	goto fput_and_out;	735	goto fput_and_out;
		736	group = filp->private_data;
		737
		738	/*
		739	* group->priority == FS_PRIO_0 == FAN_CLASS_NOTIF. These are not
		740	* allowed to set permissions events.
		741	*/
		742	ret = -EINVAL;
		743	if (mask & FAN_ALL_PERM_EVENTS &&
		744	group->priority == FS_PRIO_0)
		745	goto fput_and_out;
722		746
723	ret = fanotify_find_path(dfd, pathname, &path, flags);	747	ret = fanotify_find_path(dfd, pathname, &path, flags);
724	if (ret)	748	if (ret)
@@ -729,7 +753,6 @@ SYSCALL_DEFINE(fanotify_mark)(int fanotify_fd, unsigned int flags,
729	inode = path.dentry->d_inode;	753	inode = path.dentry->d_inode;
730	else	754	else
731	mnt = path.mnt;	755	mnt = path.mnt;
732	group = filp->private_data;
733		756
734	/* create/update an inode mark */	757	/* create/update an inode mark */
735	switch (flags & (FAN_MARK_ADD \| FAN_MARK_REMOVE \| FAN_MARK_FLUSH)) {	758	switch (flags & (FAN_MARK_ADD \| FAN_MARK_REMOVE \| FAN_MARK_FLUSH)) {


diff --git a/include/linux/fanotify.h b/include/linux/fanotify.h index 63531a6b4d2a..2c89ce7b644e 100644 --- a/include/linux/fanotify.h +++ b/include/linux/fanotify.h
@@ -25,7 +25,16 @@
25	#define FAN_CLOEXEC 0x00000001	25	#define FAN_CLOEXEC 0x00000001
26	#define FAN_NONBLOCK 0x00000002	26	#define FAN_NONBLOCK 0x00000002
27		27
28	#define FAN_ALL_INIT_FLAGS (FAN_CLOEXEC \| FAN_NONBLOCK)	28	/* These are NOT bitwise flags. Both bits are used togther. */
		29	#define FAN_CLASS_NOTIF 0x00000000
		30	#define FAN_CLASS_CONTENT 0x00000004
		31	#define FAN_CLASS_PRE_CONTENT 0x00000008
		32
		33	#define FAN_ALL_CLASS_BITS (FAN_CLASS_NOTIF \| FAN_CLASS_CONTENT \| \
		34	FAN_CLASS_PRE_CONTENT)
		35
		36	#define FAN_ALL_INIT_FLAGS (FAN_CLOEXEC \| FAN_NONBLOCK \| \
		37	FAN_ALL_CLASS_BITS)
29		38
30	/* flags used for fanotify_modify_mark() */	39	/* flags used for fanotify_modify_mark() */
31	#define FAN_MARK_ADD 0x00000001	40	#define FAN_MARK_ADD 0x00000001