From 8165ed2cdaa45efd01bc9321ee470d86c7eb6cef Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 19 Jun 2024 13:41:39 +0200
Subject: [PATCH] 6.1-stable patches

added patches:
	cachefiles-erofs-fix-null-deref-in-when-cachefiles-is-not-doing-ondemand-mode.patch
---
 ...achefiles-is-not-doing-ondemand-mode.patch | 57 +++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 queue-6.1/cachefiles-erofs-fix-null-deref-in-when-cachefiles-is-not-doing-ondemand-mode.patch

diff --git a/queue-6.1/cachefiles-erofs-fix-null-deref-in-when-cachefiles-is-not-doing-ondemand-mode.patch b/queue-6.1/cachefiles-erofs-fix-null-deref-in-when-cachefiles-is-not-doing-ondemand-mode.patch
new file mode 100644
index 00000000000..952a1f202c2
--- /dev/null
+++ b/queue-6.1/cachefiles-erofs-fix-null-deref-in-when-cachefiles-is-not-doing-ondemand-mode.patch
@@ -0,0 +1,57 @@
+From c3d6569a43322f371e7ba0ad386112723757ac8f Mon Sep 17 00:00:00 2001
+From: David Howells <dhowells@redhat.com>
+Date: Fri, 19 Jan 2024 20:49:34 +0000
+Subject: cachefiles, erofs: Fix NULL deref in when cachefiles is not doing ondemand-mode
+
+From: David Howells <dhowells@redhat.com>
+
+commit c3d6569a43322f371e7ba0ad386112723757ac8f upstream.
+
+cachefiles_ondemand_init_object() as called from cachefiles_open_file() and
+cachefiles_create_tmpfile() does not check if object->ondemand is set
+before dereferencing it, leading to an oops something like:
+
+	RIP: 0010:cachefiles_ondemand_init_object+0x9/0x41
+	...
+	Call Trace:
+	 <TASK>
+	 cachefiles_open_file+0xc9/0x187
+	 cachefiles_lookup_cookie+0x122/0x2be
+	 fscache_cookie_state_machine+0xbe/0x32b
+	 fscache_cookie_worker+0x1f/0x2d
+	 process_one_work+0x136/0x208
+	 process_scheduled_works+0x3a/0x41
+	 worker_thread+0x1a2/0x1f6
+	 kthread+0xca/0xd2
+	 ret_from_fork+0x21/0x33
+
+Fix this by making cachefiles_ondemand_init_object() return immediately if
+cachefiles->ondemand is NULL.
+
+Fixes: 3c5ecfe16e76 ("cachefiles: extract ondemand info field from cachefiles_object")
+Reported-by: Marc Dionne <marc.dionne@auristor.com>
+Signed-off-by: David Howells <dhowells@redhat.com>
+cc: Gao Xiang <xiang@kernel.org>
+cc: Chao Yu <chao@kernel.org>
+cc: Yue Hu <huyue2@coolpad.com>
+cc: Jeffle Xu <jefflexu@linux.alibaba.com>
+cc: linux-erofs@lists.ozlabs.org
+cc: netfs@lists.linux.dev
+cc: linux-fsdevel@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/cachefiles/ondemand.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/fs/cachefiles/ondemand.c
++++ b/fs/cachefiles/ondemand.c
+@@ -611,6 +611,9 @@ int cachefiles_ondemand_init_object(stru
+ 	struct fscache_volume *volume = object->volume->vcookie;
+ 	size_t volume_key_size, cookie_key_size, data_len;
+ 
++	if (!object->ondemand)
++		return 0;
++
+ 	/*
+ 	 * CacheFiles will firstly check the cache file under the root cache
+ 	 * directory. If the coherency check failed, it will fallback to
-- 
2.47.3