From: Greg Kroah-Hartman Date: Fri, 15 Nov 2024 06:23:59 +0000 (+0100) Subject: 5.10-stable patches X-Git-Tag: v4.19.324~4 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d5d767bccaae940bcf8165fc35643ca6fc1c7dfd;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: 9p-fix-slab-cache-name-creation-for-real.patch --- diff --git a/queue-5.10/9p-fix-slab-cache-name-creation-for-real.patch b/queue-5.10/9p-fix-slab-cache-name-creation-for-real.patch new file mode 100644 index 00000000000..4d0aca58a61 --- /dev/null +++ b/queue-5.10/9p-fix-slab-cache-name-creation-for-real.patch @@ -0,0 +1,49 @@ +From a360f311f57a36e96d88fa8086b749159714dcd2 Mon Sep 17 00:00:00 2001 +From: Linus Torvalds +Date: Mon, 21 Oct 2024 11:57:38 -0700 +Subject: 9p: fix slab cache name creation for real + +From: Linus Torvalds + +commit a360f311f57a36e96d88fa8086b749159714dcd2 upstream. + +This was attempted by using the dev_name in the slab cache name, but as +Omar Sandoval pointed out, that can be an arbitrary string, eg something +like "/dev/root". Which in turn trips verify_dirent_name(), which fails +if a filename contains a slash. + +So just make it use a sequence counter, and make it an atomic_t to avoid +any possible races or locking issues. + +Reported-and-tested-by: Omar Sandoval +Link: https://lore.kernel.org/all/ZxafcO8KWMlXaeWE@telecaster.dhcp.thefacebook.com/ +Fixes: 79efebae4afc ("9p: Avoid creating multiple slab caches with the same name") +Acked-by: Vlastimil Babka +Cc: Dominique Martinet +Cc: Thorsten Leemhuis +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + net/9p/client.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/net/9p/client.c ++++ b/net/9p/client.c +@@ -1004,6 +1004,7 @@ error: + struct p9_client *p9_client_create(const char *dev_name, char *options) + { + int err; ++ static atomic_t seqno = ATOMIC_INIT(0); + struct p9_client *clnt; + char *client_id; + char *cache_name; +@@ -1059,7 +1060,8 @@ struct p9_client *p9_client_create(const + if (err) + goto close_trans; + +- cache_name = kasprintf(GFP_KERNEL, "9p-fcall-cache-%s", dev_name); ++ cache_name = kasprintf(GFP_KERNEL, ++ "9p-fcall-cache-%u", atomic_inc_return(&seqno)); + if (!cache_name) { + err = -ENOMEM; + goto close_trans; diff --git a/queue-5.10/series b/queue-5.10/series index c940dafca28..2c6d1537312 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -79,3 +79,4 @@ net-usb-qmi_wwan-add-fibocom-fg132-0x0112-compositio.patch md-raid10-improve-code-of-mrdev-in-raid10_sync_request.patch io_uring-fix-possible-deadlock-in-io_register_iowq_max_workers.patch mm-krealloc-fix-mte-false-alarm-in-__do_krealloc.patch +9p-fix-slab-cache-name-creation-for-real.patch