fanotify: fix false positive on permission events

fsnotify_get_mark_safe() may return false for a mark on an unrelated group, which results in bypassing the permission check. Fix by skipping over detached marks that are not in the current group. CC: stable@vger.kernel.org Fixes: abc77577a669 ("fsnotify: Provide framework for dropping SRCU lock in ->handle_event") Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Link: https://patch.msgid.link/20260410144950.156160-1-mszeredi@redhat.com Signed-off-by: Jan Kara <jack@suse.cz>
author: Miklos Szeredi <mszeredi@redhat.com> 2026-04-10 16:49:47 +0200
committer: Jan Kara <jack@suse.cz> 2026-04-16 13:31:04 +0200
commit: 7746e3bd4cc19b5092e00d32d676e329bfcb6900 (patch)
tree: 24ef14a73886f092021bf23c8b13eb1a15d7e8c1 /include/linux
parent: 1d51b370a0f8f642f4fc84c795fbedac0fcdbbd2 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/fsnotify_backend.h b/include/linux/fsnotify_backend.h
index 95985400d3d8..e5cde39d6e85 100644
--- a/include/linux/fsnotify_backend.h
+++ b/include/linux/fsnotify_backend.h
@@ -915,6 +915,7 @@ extern void fsnotify_clear_marks_by_group(struct fsnotify_group *group,
 					  unsigned int obj_type);
 extern void fsnotify_get_mark(struct fsnotify_mark *mark);
 extern void fsnotify_put_mark(struct fsnotify_mark *mark);
+struct fsnotify_mark *fsnotify_next_mark(struct fsnotify_mark *mark);
 extern void fsnotify_finish_user_wait(struct fsnotify_iter_info *iter_info);
 extern bool fsnotify_prepare_user_wait(struct fsnotify_iter_info *iter_info);
author	Miklos Szeredi <mszeredi@redhat.com>	2026-04-10 16:49:47 +0200
committer	Jan Kara <jack@suse.cz>	2026-04-16 13:31:04 +0200
commit	7746e3bd4cc19b5092e00d32d676e329bfcb6900 (patch)
tree	24ef14a73886f092021bf23c8b13eb1a15d7e8c1 /include/linux
parent	1d51b370a0f8f642f4fc84c795fbedac0fcdbbd2 (diff)