[PATCH] 9p: fix access mode flags being ORed instead of replaced

Next message: Sherry Sun: "[PATCH V10 03/13] PCI: dwc: Parse Root Port nodes in dw_pcie_host_init()"
Previous message: Sherry Sun: "[PATCH V10 01/13] dt-bindings: PCI: fsl,imx6q-pcie: Add reset GPIO in Root Port node"
Next in thread: Pierre Barre: "Re: [PATCH] 9p: fix access mode flags being ORed instead of replaced"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Pierre Barre

Date: Thu Apr 02 2026 - 06:08:40 EST

Since commit 1f3e4142c0eb ("9p: convert to the new mount API"),
v9fs_apply_options() applies parsed mount flags with |= onto flags
already set by v9fs_session_init(). For 9P2000.L, session_init sets
V9FS_ACCESS_CLIENT as the default, so when the user mounts with
"access=user", both bits end up set. Access mode checks compare
against exact values, so having both bits set matches neither mode.

This causes v9fs_fid_lookup() to fall through to the default switch
case, using INVALID_UID (nobody/65534) instead of current_fsuid()
for all fid lookups. Root is then unable to chown or perform other
privileged operations.

Fix by clearing the access mask before applying the user's choice.

Fixes: 1f3e4142c0eb ("9p: convert to the new mount API")
Signed-off-by: Pierre Barre <pierre@xxxxxxxx>
---
fs/9p/v9fs.c | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/fs/9p/v9fs.c b/fs/9p/v9fs.c
index 057487efaaeb..05a5e1c4df35 100644
--- a/fs/9p/v9fs.c
+++ b/fs/9p/v9fs.c
@@ -413,7 +413,11 @@ static void v9fs_apply_options(struct v9fs_session_info *v9ses,
/*
* Note that we must |= flags here as session_init already
* set basic flags. This adds in flags from parsed options.
+ * Access flags are mutually exclusive, so clear any access
+ * bits set by session_init before applying the user's choice.
*/
+ if (ctx->session_opts.flags & V9FS_ACCESS_MASK)
+ v9ses->flags &= ~V9FS_ACCESS_MASK;
v9ses->flags |= ctx->session_opts.flags;
#ifdef CONFIG_9P_FSCACHE
v9ses->cachetag = ctx->session_opts.cachetag;
--
2.51.0