9p: Fix writeback fid incorrectly being attached to dentry

v9fs_dir_release needs fid->ilist to have been initialized for filp's
fid, not the inode's writeback fid's.

With refcounting this can be improved on later but this appears to fix
null deref issues.

Link: http://lkml.kernel.org/r/1605802012-31133-3-git-send-email-asmadeus@codewreck.org
Fixes: 6636b6dcc3db ("fs/9p: track open fids")
Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>

diff --git a/fs/9p/vfs_file.c b/fs/9p/vfs_file.c
index b0ef225cecd001920e04ce13ffc3fa652c5b454f..c5e49c88688db008fb93f408cc2b7d488838e2be 100644 (file)
--- a/fs/9p/vfs_file.c
+++ b/fs/9p/vfs_file.c
@@ -46,7 +46,7 @@ int v9fs_file_open(struct inode *inode, struct file *file)
        int err;
        struct v9fs_inode *v9inode;
        struct v9fs_session_info *v9ses;
-       struct p9_fid *fid;
+       struct p9_fid *fid, *writeback_fid;
        int omode;
 
        p9_debug(P9_DEBUG_VFS, "inode: %p file: %p\n", inode, file);
@@ -85,13 +85,13 @@ int v9fs_file_open(struct inode *inode, struct file *file)
                 * because we want write after unlink usecase
                 * to work.
                 */
-               fid = v9fs_writeback_fid(file_dentry(file));
+               writeback_fid = v9fs_writeback_fid(file_dentry(file));
                if (IS_ERR(fid)) {
                        err = PTR_ERR(fid);
                        mutex_unlock(&v9inode->v_mutex);
                        goto out_error;
                }
-               v9inode->writeback_fid = (void *) fid;
+               v9inode->writeback_fid = (void *) writeback_fid;
        }
        mutex_unlock(&v9inode->v_mutex);
        if (v9ses->cache == CACHE_LOOSE || v9ses->cache == CACHE_FSCACHE)