From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 15 Nov 2024 06:09:19 +0000 (+0100)
Subject: 5.15-stable patches
X-Git-Tag: v4.19.324~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=386be00b85ec0974dc4d10dc8d58619d0fe9c92f;p=thirdparty%2Fkernel%2Fstable-queue.git

5.15-stable patches

added patches:
	9p-fix-slab-cache-name-creation-for-real.patch
---

diff --git a/queue-5.15/9p-fix-slab-cache-name-creation-for-real.patch b/queue-5.15/9p-fix-slab-cache-name-creation-for-real.patch
new file mode 100644
index 00000000000..afc1f509266
--- /dev/null
+++ b/queue-5.15/9p-fix-slab-cache-name-creation-for-real.patch
@@ -0,0 +1,49 @@
+From a360f311f57a36e96d88fa8086b749159714dcd2 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Mon, 21 Oct 2024 11:57:38 -0700
+Subject: 9p: fix slab cache name creation for real
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit a360f311f57a36e96d88fa8086b749159714dcd2 upstream.
+
+This was attempted by using the dev_name in the slab cache name, but as
+Omar Sandoval pointed out, that can be an arbitrary string, eg something
+like "/dev/root".  Which in turn trips verify_dirent_name(), which fails
+if a filename contains a slash.
+
+So just make it use a sequence counter, and make it an atomic_t to avoid
+any possible races or locking issues.
+
+Reported-and-tested-by: Omar Sandoval <osandov@fb.com>
+Link: https://lore.kernel.org/all/ZxafcO8KWMlXaeWE@telecaster.dhcp.thefacebook.com/
+Fixes: 79efebae4afc ("9p: Avoid creating multiple slab caches with the same name")
+Acked-by: Vlastimil Babka <vbabka@suse.cz>
+Cc: Dominique Martinet <asmadeus@codewreck.org>
+Cc: Thorsten Leemhuis <regressions@leemhuis.info>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/9p/client.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/net/9p/client.c
++++ b/net/9p/client.c
+@@ -1003,6 +1003,7 @@ error:
+ struct p9_client *p9_client_create(const char *dev_name, char *options)
+ {
+ 	int err;
++	static atomic_t seqno = ATOMIC_INIT(0);
+ 	struct p9_client *clnt;
+ 	char *client_id;
+ 	char *cache_name;
+@@ -1058,7 +1059,8 @@ struct p9_client *p9_client_create(const
+ 	if (err)
+ 		goto close_trans;
+ 
+-	cache_name = kasprintf(GFP_KERNEL, "9p-fcall-cache-%s", dev_name);
++	cache_name = kasprintf(GFP_KERNEL,
++		"9p-fcall-cache-%u", atomic_inc_return(&seqno));
+ 	if (!cache_name) {
+ 		err = -ENOMEM;
+ 		goto close_trans;
diff --git a/queue-5.15/series b/queue-5.15/series
index 7b36ed2480b..c9ea9ac67a1 100644
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -19,3 +19,4 @@ mm-krealloc-fix-mte-false-alarm-in-__do_krealloc.patch
 mm-memory-add-non-anonymous-page-check-in-the-copy_present_page.patch
 udf-allocate-name-buffer-in-directory-iterator-on-heap.patch
 udf-avoid-directory-type-conversion-failure-due-to-enomem.patch
+9p-fix-slab-cache-name-creation-for-real.patch