ouch, I'm so sorry :)
On Thu, Apr 10, 2025 at 12:05 AM Song Liu <song@xxxxxxxxxx> wrote:
>
> getname_flags() should save __user pointer "filename" in filename->uptr.
> However, this logic is broken by a recent refactoring. Fix it by passing
> __user pointer filename to helper initname().
>
> Fixes: 611851010c74 ("fs: dedup handling of struct filename init and refcounts bumps")
> Cc: Mateusz Guzik <mjguzik@xxxxxxxxx>
> Cc: Christian Brauner <brauner@xxxxxxxxxx>
> Signed-off-by: Song Liu <song@xxxxxxxxxx>
> ---
> fs/namei.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/fs/namei.c b/fs/namei.c
> index 360a86ca1f02..8510ff53f12e 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -125,9 +125,9 @@
>
> #define EMBEDDED_NAME_MAX (PATH_MAX - offsetof(struct filename, iname))
>
> -static inline void initname(struct filename *name)
> +static inline void initname(struct filename *name, const char __user *uptr)
> {
> - name->uptr = NULL;
> + name->uptr = uptr;
> name->aname = NULL;
> atomic_set(&name->refcnt, 1);
> }
> @@ -210,7 +210,7 @@ getname_flags(const char __user *filename, int flags)
> return ERR_PTR(-ENAMETOOLONG);
> }
> }
> - initname(result);
> + initname(result, filename);
> audit_getname(result);
> return result;
> }
> @@ -268,7 +268,7 @@ struct filename *getname_kernel(const char * filename)
> return ERR_PTR(-ENAMETOOLONG);
> }
> memcpy((char *)result->name, filename, len);
> - initname(result);
> + initname(result, NULL);
> audit_getname(result);
> return result;
> }
> --
> 2.47.1
>
--
Mateusz Guzik <mjguzik gmail.com>
