From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 15 Nov 2024 06:23:36 +0000 (+0100)
Subject: 4.19-stable patches
X-Git-Tag: v4.19.324~6
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3bbcdf776daa823046415542d334e6840c50756e;p=thirdparty%2Fkernel%2Fstable-queue.git

4.19-stable patches

added patches:
	9p-fix-slab-cache-name-creation-for-real.patch
---

diff --git a/queue-4.19/9p-fix-slab-cache-name-creation-for-real.patch b/queue-4.19/9p-fix-slab-cache-name-creation-for-real.patch
new file mode 100644
index 00000000000..85df721e43b
--- /dev/null
+++ b/queue-4.19/9p-fix-slab-cache-name-creation-for-real.patch
@@ -0,0 +1,49 @@
+From a360f311f57a36e96d88fa8086b749159714dcd2 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Mon, 21 Oct 2024 11:57:38 -0700
+Subject: 9p: fix slab cache name creation for real
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit a360f311f57a36e96d88fa8086b749159714dcd2 upstream.
+
+This was attempted by using the dev_name in the slab cache name, but as
+Omar Sandoval pointed out, that can be an arbitrary string, eg something
+like "/dev/root".  Which in turn trips verify_dirent_name(), which fails
+if a filename contains a slash.
+
+So just make it use a sequence counter, and make it an atomic_t to avoid
+any possible races or locking issues.
+
+Reported-and-tested-by: Omar Sandoval <osandov@fb.com>
+Link: https://lore.kernel.org/all/ZxafcO8KWMlXaeWE@telecaster.dhcp.thefacebook.com/
+Fixes: 79efebae4afc ("9p: Avoid creating multiple slab caches with the same name")
+Acked-by: Vlastimil Babka <vbabka@suse.cz>
+Cc: Dominique Martinet <asmadeus@codewreck.org>
+Cc: Thorsten Leemhuis <regressions@leemhuis.info>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/9p/client.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/net/9p/client.c
++++ b/net/9p/client.c
+@@ -1016,6 +1016,7 @@ error:
+ struct p9_client *p9_client_create(const char *dev_name, char *options)
+ {
+ 	int err;
++	static atomic_t seqno = ATOMIC_INIT(0);
+ 	struct p9_client *clnt;
+ 	char *client_id;
+ 	char *cache_name;
+@@ -1071,7 +1072,8 @@ struct p9_client *p9_client_create(const
+ 	if (err)
+ 		goto close_trans;
+ 
+-	cache_name = kasprintf(GFP_KERNEL, "9p-fcall-cache-%s", dev_name);
++	cache_name = kasprintf(GFP_KERNEL,
++		"9p-fcall-cache-%u", atomic_inc_return(&seqno));
+ 	if (!cache_name) {
+ 		err = -ENOMEM;
+ 		goto close_trans;
diff --git a/queue-4.19/series b/queue-4.19/series
index 015327a049a..601f1f3590c 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -49,3 +49,4 @@ sound-make-config_snd-depend-on-indirect_iomem-inste.patch
 powerpc-powernv-free-name-on-error-in-opal_event_ini.patch
 fs-fix-uninitialized-value-issue-in-from_kuid-and-fr.patch
 net-usb-qmi_wwan-add-fibocom-fg132-0x0112-compositio.patch
+9p-fix-slab-cache-name-creation-for-real.patch