ACK: [PATCH 1/1][T/X/B] xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE
Stefan Bader
stefan.bader at canonical.com
Tue Nov 20 10:59:02 UTC 2018
On 20.11.18 02:31, Tyler Hicks wrote:
> From: "Darrick J. Wong" <darrick.wong at oracle.com>
>
> Kanda Motohiro reported that expanding a tiny xattr into a large xattr
> fails on XFS because we remove the tiny xattr from a shortform fork and
> then try to re-add it after converting the fork to extents format having
> not removed the ATTR_REPLACE flag. This fails because the attr is no
> longer present, causing a fs shutdown.
>
> This is derived from the patch in his bug report, but we really
> shouldn't ignore a nonzero retval from the remove call.
>
> Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199119
> Reported-by: kanda.motohiro at gmail.com
> Reviewed-by: Dave Chinner <dchinner at redhat.com>
> Reviewed-by: Christoph Hellwig <hch at lst.de>
> Signed-off-by: Darrick J. Wong <darrick.wong at oracle.com>
>
> CVE-2018-18690
>
> (cherry picked from commit 7b38460dc8e4eafba06c78f8e37099d3b34d473c)
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
> ---
> fs/xfs/libxfs/xfs_attr.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c
> index a76914db72ef..e4265db08e4b 100644
> --- a/fs/xfs/libxfs/xfs_attr.c
> +++ b/fs/xfs/libxfs/xfs_attr.c
> @@ -511,7 +511,14 @@ xfs_attr_shortform_addname(xfs_da_args_t *args)
> if (args->flags & ATTR_CREATE)
> return retval;
> retval = xfs_attr_shortform_remove(args);
> - ASSERT(retval == 0);
> + if (retval)
> + return retval;
> + /*
> + * Since we have removed the old attr, clear ATTR_REPLACE so
> + * that the leaf format add routine won't trip over the attr
> + * not being around.
> + */
> + args->flags &= ~ATTR_REPLACE;
> }
>
> if (args->namelen >= XFS_ATTR_SF_ENTSIZE_MAX ||
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20181120/5f0fc4e4/attachment.sig>
More information about the kernel-team
mailing list