fanotify: Taint on use of FANOTIFY_ACCESS_PERMISSIONS

Forwarded: not-needed

Various free and proprietary AV products use this feature and users
apparently want it.  But punting access checks to userland seems like
an easy way to deadlock the system, and there will be nothing we can
do about that.  So warn and taint the kernel if this feature is
actually used.

Gbp-Pq: Topic debian
Gbp-Pq: Name fanotify-taint-on-use-of-fanotify_access_permissions.patch

diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
index 3e01d8f2ab9061faa43f865e1f9f3dc2868e5dbc..84f43818a6b91bdc54a0f017d3950a273efe85ae 100644 (file)
--- a/fs/notify/fanotify/fanotify_user.c
+++ b/fs/notify/fanotify/fanotify_user.c
@@ -1170,6 +1170,14 @@ static int do_fanotify_mark(int fanotify_fd, unsigned int flags, __u64 mask,
        if (ignored)
                mask &= ~FANOTIFY_EVENT_FLAGS;
 
+#ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS
+       if (mask & FANOTIFY_PERM_EVENTS) {
+               pr_warn_once("%s (%d): Using fanotify permission checks may lead to deadlock; tainting kernel\n",
+                            current->comm, current->pid);
+               add_taint(TAINT_AUX, LOCKDEP_STILL_OK);
+       }
+#endif
+
        f = fdget(fanotify_fd);
        if (unlikely(!f.file))
                return -EBADF;