The last member is normally written by link_path_walk(), before being
read by __lookup_hash, among others.
In the special case of calling open() on "/", link_path_walk() will
terminate early without setting the last member, leading __d_alloc
called by __lookup_hash to read uninitialized memory.
Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
---
fs/fs.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/fs.c b/fs/fs.c
index bd6b9f504adb..74ece0e9a7d0 100644
--- a/fs/fs.c
+++ b/fs/fs.c
@@ -1631,6 +1631,7 @@ struct filename {
static void set_nameidata(struct nameidata *p, struct filename *name)
{
+ p->last = slash_name;
p->stack = p->internal;
p->name = name;
p->total_link_count = 0;
--
2.39.2
