fs/9p: fix uaf in in v9fs_stat2inode_dotl

The incorrect logical order of accessing the st object code in v9fs_fid_iget_dotl is causing this uaf. Fixes: 724a084 ("fs/9p: simplify iget to remove unnecessary paths") Reported-and-tested-by: [email protected] Signed-off-by: Lizhi Xu <[email protected]> Tested-by: Breno Leitao <[email protected]> Reviewed-by: Dominique Martinet <[email protected]> Signed-off-by: Eric Van Hensbergen <[email protected]>
koverstreet · Mar 25, 2024 · 11763a8 · 11763a8
1 parent 4cece76
commit 11763a8
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/fs/9p/vfs_inode_dotl.c b/fs/9p/vfs_inode_dotl.c
@@ -78,11 +78,11 @@ struct inode *v9fs_fid_iget_dotl(struct super_block *sb, struct p9_fid *fid)
 
 	retval = v9fs_init_inode(v9ses, inode, &fid->qid,
 				 st->st_mode, new_decode_dev(st->st_rdev));
+	v9fs_stat2inode_dotl(st, inode, 0);
 	kfree(st);
 	if (retval)
 		goto error;
 
-	v9fs_stat2inode_dotl(st, inode, 0);
 	v9fs_set_netfs_context(inode);
 	v9fs_cache_inode_get_cookie(inode);
 	retval = v9fs_get_acl(inode, fid);