fanotify: Taint on use of FANOTIFY_ACCESS_PERMISSIONS

Various free and proprietary AV products use this feature and users
apparently want it.  But punting access checks to userland seems like
an easy way to deadlock the system, and there will be nothing we can
do about that.  So warn and taint the kernel if this feature is
actually used.

Gbp-Pq: Topic debian
Gbp-Pq: Name fanotify-taint-on-use-of-fanotify_access_permissions.patch

diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
index 4b3437d70e7ef804ece9f092880e61ee9ac3db40..cea26c0c75180cf058ac9dc2f57746f7ef10ab1f 100644 (file)
--- a/fs/notify/fanotify/fanotify_user.c
+++ b/fs/notify/fanotify/fanotify_user.c
@@ -869,6 +869,14 @@ SYSCALL_DEFINE5(fanotify_mark, int, fanotify_fd, unsigned int, flags,
 #endif
                return -EINVAL;
 
+#ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS
+       if (mask & FAN_ALL_PERM_EVENTS) {
+               pr_warn_once("%s (%d): Using fanotify permission checks may lead to deadlock; tainting kernel\n",
+                            current->comm, current->pid);
+               add_taint(TAINT_USER, LOCKDEP_STILL_OK);
+       }
+#endif
+
        f = fdget(fanotify_fd);
        if (unlikely(!f.file))
                return -EBADF;