tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

9p: fix access mode flags being ORed instead of replaced

Since commit 1f3e4142c0eb ("9p: convert to the new mount API"),
v9fs_apply_options() applies parsed mount flags with |= onto flags
already set by v9fs_session_init(). For 9P2000.L, session_init sets
V9FS_ACCESS_CLIENT as the default, so when the user mounts with
"access=user", both bits end up set. Access mode checks compare
against exact values, so having both bits set matches neither mode.

This causes v9fs_fid_lookup() to fall through to the default switch
case, using INVALID_UID (nobody/65534) instead of current_fsuid()
for all fid lookups. Root is then unable to chown or perform other
privileged operations.

Fix by clearing the access mask before applying the user's choice.

Fixes: 1f3e4142c0eb ("9p: convert to the new mount API")
Signed-off-by: Pierre Barre <pierre@barre.sh>
Reviewed-by: Christian Schoenebeck <linux_oss@crudebyte.com>
Message-ID: <0ddc72da-d196-4f01-8755-0086f670e779@app.fastmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>

authored by

Pierre Barre and committed by
Dominique Martinet da2346a4 0fd76f1b

+4
+4
fs/9p/v9fs.c
··· 413 413 /* 414 414 * Note that we must |= flags here as session_init already 415 415 * set basic flags. This adds in flags from parsed options. 416 + * Default access flags must be cleared if session options 417 + * changes them to avoid mangling the setting. 416 418 */ 419 + if (ctx->session_opts.flags & V9FS_ACCESS_MASK) 420 + v9ses->flags &= ~V9FS_ACCESS_MASK; 417 421 v9ses->flags |= ctx->session_opts.flags; 418 422 #ifdef CONFIG_9P_FSCACHE 419 423 v9ses->cachetag = ctx->session_opts.cachetag;