From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 15 Nov 2024 06:08:42 +0000 (+0100)
Subject: 6.6-stable patches
X-Git-Tag: v4.19.324~9
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=38ec7d4e2d4a284c3da45afd8b4dc67d277515ec;p=thirdparty%2Fkernel%2Fstable-queue.git

6.6-stable patches

added patches:
	9p-fix-slab-cache-name-creation-for-real.patch
---

diff --git a/queue-6.6/9p-fix-slab-cache-name-creation-for-real.patch b/queue-6.6/9p-fix-slab-cache-name-creation-for-real.patch
new file mode 100644
index 00000000000..0b1e7a1a822
--- /dev/null
+++ b/queue-6.6/9p-fix-slab-cache-name-creation-for-real.patch
@@ -0,0 +1,49 @@
+From a360f311f57a36e96d88fa8086b749159714dcd2 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Mon, 21 Oct 2024 11:57:38 -0700
+Subject: 9p: fix slab cache name creation for real
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit a360f311f57a36e96d88fa8086b749159714dcd2 upstream.
+
+This was attempted by using the dev_name in the slab cache name, but as
+Omar Sandoval pointed out, that can be an arbitrary string, eg something
+like "/dev/root".  Which in turn trips verify_dirent_name(), which fails
+if a filename contains a slash.
+
+So just make it use a sequence counter, and make it an atomic_t to avoid
+any possible races or locking issues.
+
+Reported-and-tested-by: Omar Sandoval <osandov@fb.com>
+Link: https://lore.kernel.org/all/ZxafcO8KWMlXaeWE@telecaster.dhcp.thefacebook.com/
+Fixes: 79efebae4afc ("9p: Avoid creating multiple slab caches with the same name")
+Acked-by: Vlastimil Babka <vbabka@suse.cz>
+Cc: Dominique Martinet <asmadeus@codewreck.org>
+Cc: Thorsten Leemhuis <regressions@leemhuis.info>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/9p/client.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/net/9p/client.c
++++ b/net/9p/client.c
+@@ -976,6 +976,7 @@ error:
+ struct p9_client *p9_client_create(const char *dev_name, char *options)
+ {
+ 	int err;
++	static atomic_t seqno = ATOMIC_INIT(0);
+ 	struct p9_client *clnt;
+ 	char *client_id;
+ 	char *cache_name;
+@@ -1035,7 +1036,8 @@ struct p9_client *p9_client_create(const
+ 	if (err)
+ 		goto close_trans;
+ 
+-	cache_name = kasprintf(GFP_KERNEL, "9p-fcall-cache-%s", dev_name);
++	cache_name = kasprintf(GFP_KERNEL,
++		"9p-fcall-cache-%u", atomic_inc_return(&seqno));
+ 	if (!cache_name) {
+ 		err = -ENOMEM;
+ 		goto close_trans;
diff --git a/queue-6.6/series b/queue-6.6/series
index 1738be0d93e..ac17c6ce784 100644
--- a/queue-6.6/series
+++ b/queue-6.6/series
@@ -45,3 +45,4 @@ mm-support-order-1-folios-in-the-page-cache.patch
 mm-always-initialise-folio-_deferred_list.patch
 mm-refactor-folio_undo_large_rmappable.patch
 mm-thp-fix-deferred-split-unqueue-naming-and-locking.patch
+9p-fix-slab-cache-name-creation-for-real.patch