linux/fs/9p
Lizhi Xu 11763a8598
fs/9p: fix uaf in in v9fs_stat2inode_dotl
The incorrect logical order of accessing the st object code in v9fs_fid_iget_dotl
is causing this uaf.

Fixes: 724a08450f ("fs/9p: simplify iget to remove unnecessary paths")
Reported-and-tested-by: syzbot+7a3d75905ea1a830dbe5@syzkaller.appspotmail.com
Signed-off-by: Lizhi Xu <lizhi.xu@windriver.com>
Tested-by: Breno Leitao <leitao@debian.org>
Reviewed-by: Dominique Martinet <asmadeus@codewreck.org>
Signed-off-by: Eric Van Hensbergen <ericvh@kernel.org>
2024-03-25 00:34:35 +00:00
..
acl.c fs: port inode_owner_or_capable() to mnt_idmap 2023-01-19 09:24:29 +01:00
acl.h fs: port ->set_acl() to pass mnt_idmap 2023-01-19 09:24:27 +01:00
cache.c mm, netfs, fscache: stop read optimisation when folio removed from pagecache 2023-08-18 10:12:13 -07:00
cache.h fs/9p: Rework cache modes and add new options to Documentation 2023-04-09 21:41:21 +00:00
fid.c fs/9p: remove writeback fid and fix per-file modes 2023-03-27 02:33:48 +00:00
fid.h fs/9p: fix type mismatch in file cache mode helper 2023-07-20 16:15:15 +00:00
Kconfig 9p: Remove INET dependency 2023-05-04 21:46:57 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
v9fs_vfs.h fs/9p: simplify iget to remove unnecessary paths 2024-01-26 16:46:56 +00:00
v9fs.c mm, slab: remove last vestiges of SLAB_MEM_SPREAD 2024-03-12 20:32:19 -07:00
v9fs.h fs/9p: simplify iget to remove unnecessary paths 2024-01-26 16:46:56 +00:00
vfs_addr.c 9p: Use length of data written to the server in preference to error 2024-01-04 13:15:31 +00:00
vfs_dentry.c 9p: Remove INET dependency 2023-05-04 21:46:57 +01:00
vfs_dir.c fs/9p: rework qid2ino logic 2024-01-26 16:46:56 +00:00
vfs_file.c 9p: adapt to breakup of struct file_lock 2024-02-05 13:11:41 +01:00
vfs_inode_dotl.c fs/9p: fix uaf in in v9fs_stat2inode_dotl 2024-03-25 00:34:35 +00:00
vfs_inode.c fs/9p: simplify iget to remove unnecessary paths 2024-01-26 16:46:56 +00:00
vfs_super.c fs/9p: fix dups even in uncached mode 2024-01-26 16:46:56 +00:00
xattr.c Bunch of small fixes: 2023-11-04 09:20:04 -10:00
xattr.h 9p: move xattr-related structs to .rodata 2023-10-09 16:24:16 +02:00