| Message ID | 20250409220534.3635801-1-song@kernel.org (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | fs: Fix filename init after recent refactoring | expand |
ouch, I'm so sorry :) On Thu, Apr 10, 2025 at 12:05 AM Song Liu <song@kernel.org> wrote: > > getname_flags() should save __user pointer "filename" in filename->uptr. > However, this logic is broken by a recent refactoring. Fix it by passing > __user pointer filename to helper initname(). > > Fixes: 611851010c74 ("fs: dedup handling of struct filename init and refcounts bumps") > Cc: Mateusz Guzik <mjguzik@gmail.com> > Cc: Christian Brauner <brauner@kernel.org> > Signed-off-by: Song Liu <song@kernel.org> > --- > fs/namei.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/fs/namei.c b/fs/namei.c > index 360a86ca1f02..8510ff53f12e 100644 > --- a/fs/namei.c > +++ b/fs/namei.c > @@ -125,9 +125,9 @@ > > #define EMBEDDED_NAME_MAX (PATH_MAX - offsetof(struct filename, iname)) > > -static inline void initname(struct filename *name) > +static inline void initname(struct filename *name, const char __user *uptr) > { > - name->uptr = NULL; > + name->uptr = uptr; > name->aname = NULL; > atomic_set(&name->refcnt, 1); > } > @@ -210,7 +210,7 @@ getname_flags(const char __user *filename, int flags) > return ERR_PTR(-ENAMETOOLONG); > } > } > - initname(result); > + initname(result, filename); > audit_getname(result); > return result; > } > @@ -268,7 +268,7 @@ struct filename *getname_kernel(const char * filename) > return ERR_PTR(-ENAMETOOLONG); > } > memcpy((char *)result->name, filename, len); > - initname(result); > + initname(result, NULL); > audit_getname(result); > return result; > } > -- > 2.47.1 >
On Wed, 09 Apr 2025 15:05:34 -0700, Song Liu wrote: > getname_flags() should save __user pointer "filename" in filename->uptr. > However, this logic is broken by a recent refactoring. Fix it by passing > __user pointer filename to helper initname(). > > Applied to the vfs.fixes branch of the vfs/vfs.git tree. Patches in the vfs.fixes branch should appear in linux-next soon. Please report any outstanding bugs that were missed during review in a new review to the original patch series allowing us to drop it. It's encouraged to provide Acked-bys and Reviewed-bys even though the patch has now been applied. If possible patch trailers will be updated. Note that commit hashes shown below are subject to change due to rebase, trailer updates or similar. If in doubt, please check the listed branch. tree: https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git branch: vfs.fixes [1/1] fs: Fix filename init after recent refactoring https://git.kernel.org/vfs/vfs/c/b463d7fd118b
diff --git a/fs/namei.c b/fs/namei.c index 360a86ca1f02..8510ff53f12e 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -125,9 +125,9 @@ #define EMBEDDED_NAME_MAX (PATH_MAX - offsetof(struct filename, iname)) -static inline void initname(struct filename *name) +static inline void initname(struct filename *name, const char __user *uptr) { - name->uptr = NULL; + name->uptr = uptr; name->aname = NULL; atomic_set(&name->refcnt, 1); } @@ -210,7 +210,7 @@ getname_flags(const char __user *filename, int flags) return ERR_PTR(-ENAMETOOLONG); } } - initname(result); + initname(result, filename); audit_getname(result); return result; } @@ -268,7 +268,7 @@ struct filename *getname_kernel(const char * filename) return ERR_PTR(-ENAMETOOLONG); } memcpy((char *)result->name, filename, len); - initname(result); + initname(result, NULL); audit_getname(result); return result; }
getname_flags() should save __user pointer "filename" in filename->uptr. However, this logic is broken by a recent refactoring. Fix it by passing __user pointer filename to helper initname(). Fixes: 611851010c74 ("fs: dedup handling of struct filename init and refcounts bumps") Cc: Mateusz Guzik <mjguzik@gmail.com> Cc: Christian Brauner <brauner@kernel.org> Signed-off-by: Song Liu <song@kernel.org> --- fs/namei.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)