tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag '9p-fixes-for-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs

Pull 9p fixes from Eric Van Hensbergen:
"Two of these fix syzbot reported issues, and the other fixes a unused
variable in some configurations"

* tag '9p-fixes-for-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs:
fs/9p: fix uninitialized values during inode evict
fs/9p: remove redundant pointer v9ses
fs/9p: fix uaf in in v9fs_stat2inode_dotl

Linus Torvalds 4076fa16 400dd456

+11 -11
+10 -6
fs/9p/vfs_inode.c
··· 344 344 struct v9fs_inode __maybe_unused *v9inode = V9FS_I(inode); 345 345 __le32 __maybe_unused version; 346 346 347 - truncate_inode_pages_final(&inode->i_data); 347 + if (!is_bad_inode(inode)) { 348 + truncate_inode_pages_final(&inode->i_data); 348 349 349 - version = cpu_to_le32(v9inode->qid.version); 350 - netfs_clear_inode_writeback(inode, &version); 350 + version = cpu_to_le32(v9inode->qid.version); 351 + netfs_clear_inode_writeback(inode, &version); 351 352 352 - clear_inode(inode); 353 - filemap_fdatawrite(&inode->i_data); 353 + clear_inode(inode); 354 + filemap_fdatawrite(&inode->i_data); 354 355 355 356 #ifdef CONFIG_9P_FSCACHE 356 - fscache_relinquish_cookie(v9fs_inode_cookie(v9inode), false); 357 + if (v9fs_inode_cookie(v9inode)) 358 + fscache_relinquish_cookie(v9fs_inode_cookie(v9inode), false); 357 359 #endif 360 + } else 361 + clear_inode(inode); 358 362 } 359 363 360 364 struct inode *v9fs_fid_iget(struct super_block *sb, struct p9_fid *fid)
+1 -5
fs/9p/vfs_inode_dotl.c
··· 78 78 79 79 retval = v9fs_init_inode(v9ses, inode, &fid->qid, 80 80 st->st_mode, new_decode_dev(st->st_rdev)); 81 + v9fs_stat2inode_dotl(st, inode, 0); 81 82 kfree(st); 82 83 if (retval) 83 84 goto error; 84 85 85 - v9fs_stat2inode_dotl(st, inode, 0); 86 86 v9fs_set_netfs_context(inode); 87 87 v9fs_cache_inode_get_cookie(inode); 88 88 retval = v9fs_get_acl(inode, fid); ··· 297 297 umode_t omode) 298 298 { 299 299 int err; 300 - struct v9fs_session_info *v9ses; 301 300 struct p9_fid *fid = NULL, *dfid = NULL; 302 301 kgid_t gid; 303 302 const unsigned char *name; ··· 306 307 struct posix_acl *dacl = NULL, *pacl = NULL; 307 308 308 309 p9_debug(P9_DEBUG_VFS, "name %pd\n", dentry); 309 - v9ses = v9fs_inode2v9ses(dir); 310 310 311 311 omode |= S_IFDIR; 312 312 if (dir->i_mode & S_ISGID) ··· 737 739 kgid_t gid; 738 740 const unsigned char *name; 739 741 umode_t mode; 740 - struct v9fs_session_info *v9ses; 741 742 struct p9_fid *fid = NULL, *dfid = NULL; 742 743 struct inode *inode; 743 744 struct p9_qid qid; ··· 746 749 dir->i_ino, dentry, omode, 747 750 MAJOR(rdev), MINOR(rdev)); 748 751 749 - v9ses = v9fs_inode2v9ses(dir); 750 752 dfid = v9fs_parent_fid(dentry); 751 753 if (IS_ERR(dfid)) { 752 754 err = PTR_ERR(dfid);