Patch "fuse: fix root lookup with nonzero generation" has been added to the 6.1-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Wed, 27 Mar 2024 07:39:55 -0400

This is a note to let you know that I've just added the patch titled

    fuse: fix root lookup with nonzero generation

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     fuse-fix-root-lookup-with-nonzero-generation.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit d41f6e0bc9cccf96b9e8e05f8a564208198d3009
Author: Miklos Szeredi <mszeredi@xxxxxxxxxx>
Date:   Wed Feb 28 16:50:49 2024 +0100

    fuse: fix root lookup with nonzero generation
    
    [ Upstream commit 68ca1b49e430f6534d0774a94147a823e3b8b26e ]
    
    The root inode has a fixed nodeid and generation (1, 0).
    
    Prior to the commit 15db16837a35 ("fuse: fix illegal access to inode with
    reused nodeid") generation number on lookup was ignored.  After this commit
    lookup with the wrong generation number resulted in the inode being
    unhashed.  This is correct for non-root inodes, but replacing the root
    inode is wrong and results in weird behavior.
    
    Fix by reverting to the old behavior if ignoring the generation for the
    root inode, but issuing a warning in dmesg.
    
    Reported-by: Antonio SJ Musumeci <trapexit@xxxxxxxxxx>
    Closes: https://lore.kernel.org/all/CAOQ4uxhek5ytdN8Yz2tNEOg5ea4NkBb4nk0FGPjPk_9nz-VG3g@xxxxxxxxxxxxxx/
    Fixes: 15db16837a35 ("fuse: fix illegal access to inode with reused nodeid")
    Cc: <stable@xxxxxxxxxxxxxxx> # v5.14
    Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index 5e408e7ec4c6b..936a24b646cef 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -399,6 +399,10 @@ int fuse_lookup_name(struct super_block *sb, u64 nodeid, const struct qstr *name
 		goto out_put_forget;
 	if (fuse_invalid_attr(&outarg->attr))
 		goto out_put_forget;
+	if (outarg->nodeid == FUSE_ROOT_ID && outarg->generation != 0) {
+		pr_warn_once("root generation should be zero\n");
+		outarg->generation = 0;
+	}
 
 	*inode = fuse_iget(sb, outarg->nodeid, outarg->generation,
 			   &outarg->attr, entry_attr_timeout(outarg),







