From: Pierre Barre Date: Thu, 2 Apr 2026 10:03:12 +0000 (+0200) Subject: 9p: fix access mode flags being ORed instead of replaced X-Git-Tag: v7.1-rc1~15^2~3 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=da2346a48a5a1fed86c3fe3d73c0b60e7b3027c9;p=thirdparty%2Fkernel%2Flinux.git 9p: fix access mode flags being ORed instead of replaced Since commit 1f3e4142c0eb ("9p: convert to the new mount API"), v9fs_apply_options() applies parsed mount flags with |= onto flags already set by v9fs_session_init(). For 9P2000.L, session_init sets V9FS_ACCESS_CLIENT as the default, so when the user mounts with "access=user", both bits end up set. Access mode checks compare against exact values, so having both bits set matches neither mode. This causes v9fs_fid_lookup() to fall through to the default switch case, using INVALID_UID (nobody/65534) instead of current_fsuid() for all fid lookups. Root is then unable to chown or perform other privileged operations. Fix by clearing the access mask before applying the user's choice. Fixes: 1f3e4142c0eb ("9p: convert to the new mount API") Signed-off-by: Pierre Barre Reviewed-by: Christian Schoenebeck Message-ID: <0ddc72da-d196-4f01-8755-0086f670e779@app.fastmail.com> Cc: stable@vger.kernel.org Signed-off-by: Dominique Martinet --- diff --git a/fs/9p/v9fs.c b/fs/9p/v9fs.c index 057487efaaeb..acda42499ca9 100644 --- a/fs/9p/v9fs.c +++ b/fs/9p/v9fs.c @@ -413,7 +413,11 @@ static void v9fs_apply_options(struct v9fs_session_info *v9ses, /* * Note that we must |= flags here as session_init already * set basic flags. This adds in flags from parsed options. + * Default access flags must be cleared if session options + * changes them to avoid mangling the setting. */ + if (ctx->session_opts.flags & V9FS_ACCESS_MASK) + v9ses->flags &= ~V9FS_ACCESS_MASK; v9ses->flags |= ctx->session_opts.flags; #ifdef CONFIG_9P_FSCACHE v9ses->cachetag = ctx->session_opts.cachetag;