| Message ID | 20241126145342.364869-1-amir73il@gmail.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | fs/backing_file: fix wrong argument in callback | expand |
On Tue, 26 Nov 2024 at 15:53, Amir Goldstein <amir73il@gmail.com> wrote: > > Commit 48b50624aec4 ("backing-file: clean up the API") unintentionally > changed the argument in the ->accessed() callback from the user file to > the backing file. > > Fixes: 48b50624aec4 ("backing-file: clean up the API") > Reported-by: syzbot+8d1206605b05ca9a0e6a@syzkaller.appspotmail.com > Closes: https://lore.kernel.org/linux-unionfs/67447b3c.050a0220.1cc393.0085.GAE@google.com/ > Tested-by: syzbot+8d1206605b05ca9a0e6a@syzkaller.appspotmail.com > Signed-off-by: Amir Goldstein <amir73il@gmail.com> Acked-by: Miklos Szeredi <mszeredi@redhat.com> Thanks for fixing. Miklos
diff --git a/fs/backing-file.c b/fs/backing-file.c index 526ddb4d6f76..cbdad8b68474 100644 --- a/fs/backing-file.c +++ b/fs/backing-file.c @@ -327,6 +327,7 @@ int backing_file_mmap(struct file *file, struct vm_area_struct *vma, struct backing_file_ctx *ctx) { const struct cred *old_cred; + struct file *user_file = vma->vm_file; int ret; if (WARN_ON_ONCE(!(file->f_mode & FMODE_BACKING))) @@ -342,7 +343,7 @@ int backing_file_mmap(struct file *file, struct vm_area_struct *vma, revert_creds_light(old_cred); if (ctx->accessed) - ctx->accessed(vma->vm_file); + ctx->accessed(user_file); return ret; }
Commit 48b50624aec4 ("backing-file: clean up the API") unintentionally changed the argument in the ->accessed() callback from the user file to the backing file. Fixes: 48b50624aec4 ("backing-file: clean up the API") Reported-by: syzbot+8d1206605b05ca9a0e6a@syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-unionfs/67447b3c.050a0220.1cc393.0085.GAE@google.com/ Tested-by: syzbot+8d1206605b05ca9a0e6a@syzkaller.appspotmail.com Signed-off-by: Amir Goldstein <amir73il@gmail.com> --- fs/backing-file.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)