From 2c91fe73746f18a32314c7be4f35fbbf9525e98a Mon Sep 17 00:00:00 2001
From: Joakim Sindholt <opensource@zhasha.com>
Date: Wed, 5 Jun 2024 09:50:31 +0800
Subject: [PATCH] fs/9p: only translate RWX permissions for plain 9P2000

mainline inclusion
from mainline-v6.9-rc5
commit cd25e15e57e68a6b18dc9323047fe9c68b99290b
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9UNVB
CVE: CVE-2024-36964

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cd25e15e57e68a6b18dc9323047fe9c68b99290b

--------------------------------

Garbage in plain 9P2000's perm bits is allowed through, which causes it
to be able to set (among others) the suid bit. This was presumably not
the intent since the unix extended bits are handled explicitly and
conditionally on .u.

Signed-off-by: Joakim Sindholt <opensource@zhasha.com>
Signed-off-by: Eric Van Hensbergen <ericvh@kernel.org>
Signed-off-by: Ye Bin <yebin@huaweicloud.com>
---
 fs/9p/vfs_inode.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c
index 0791480bf922..88ca5015f987 100644
--- a/fs/9p/vfs_inode.c
+++ b/fs/9p/vfs_inode.c
@@ -86,7 +86,7 @@ static int p9mode2perm(struct v9fs_session_info *v9ses,
 	int res;
 	int mode = stat->mode;
 
-	res = mode & S_IALLUGO;
+	res = mode & 0777; /* S_IRWXUGO */
 	if (v9fs_proto_dotu(v9ses)) {
 		if ((mode & P9_DMSETUID) == P9_DMSETUID)
 			res |= S_ISUID;
-- 
Gitee