raspi/linux
1
0
Fork 1
mirror of https://github.com/raspberrypi/linux.git synced 2025-12-07 18:40:10 +00:00
Code Issues Projects Releases Wiki Activity

xfs: clear kernel only flags in XFS_IOC_ATTRMULTI_BY_HANDLE

Browse Source 
commit 953aa9d136 upstream.

Don't allow passing arbitrary flags as they change behavior including
memory allocation that the call stack is not prepared for.

Fixes: ddbca70cc4 ("xfs: allocate xattr buffer on demand")
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Christoph Hellwig
2020-01-07 15:25:37 -08:00
committed by Greg Kroah-Hartman
parent ca5b8f55be
commit 3bade9aa12
3 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
fs/xfs/libxfs/xfs_attr.h
View File

@@ -26,7 +26,7 @@ struct xfs_attr_list_context;
*========================================================================*/ *========================================================================*/
#define ATTR_DONTFOLLOW 0x0001 /* -- unused, from IRIX -- */ #define ATTR_DONTFOLLOW 0x0001 /* -- ignored, from IRIX -- */
#define ATTR_ROOT 0x0002 /* use attrs in root (trusted) namespace */ #define ATTR_ROOT 0x0002 /* use attrs in root (trusted) namespace */
#define ATTR_TRUST 0x0004 /* -- unused, from IRIX -- */ #define ATTR_TRUST 0x0004 /* -- unused, from IRIX -- */
#define ATTR_SECURE 0x0008 /* use attrs in security namespace */ #define ATTR_SECURE 0x0008 /* use attrs in security namespace */
@@ -37,7 +37,10 @@ struct xfs_attr_list_context;
#define ATTR_KERNOVAL 0x2000 /* [kernel] get attr size only, not value */ #define ATTR_KERNOVAL 0x2000 /* [kernel] get attr size only, not value */
#define ATTR_INCOMPLETE 0x4000 /* [kernel] return INCOMPLETE attr keys */ #define ATTR_INCOMPLETE 0x4000 /* [kernel] return INCOMPLETE attr keys */
#define ATTR_ALLOC 0x8000 /* allocate xattr buffer on demand */ #define ATTR_ALLOC 0x8000 /* [kernel] allocate xattr buffer on demand */
#define ATTR_KERNEL_FLAGS \
(ATTR_KERNOTIME | ATTR_KERNOVAL | ATTR_INCOMPLETE | ATTR_ALLOC)
#define XFS_ATTR_FLAGS \ #define XFS_ATTR_FLAGS \
{ ATTR_DONTFOLLOW, "DONTFOLLOW" }, \ { ATTR_DONTFOLLOW, "DONTFOLLOW" }, \

2
fs/xfs/xfs_ioctl.c
View File

@@ -462,6 +462,8 @@ xfs_attrmulti_by_handle(
error = 0; error = 0;
for (i = 0; i < am_hreq.opcount; i++) { for (i = 0; i < am_hreq.opcount; i++) {
ops[i].am_flags &= ~ATTR_KERNEL_FLAGS;
ops[i].am_error = strncpy_from_user((char *)attr_name, ops[i].am_error = strncpy_from_user((char *)attr_name,
ops[i].am_attrname, MAXNAMELEN); ops[i].am_attrname, MAXNAMELEN);
if (ops[i].am_error == 0 || ops[i].am_error == MAXNAMELEN) if (ops[i].am_error == 0 || ops[i].am_error == MAXNAMELEN)

2
fs/xfs/xfs_ioctl32.c
View File

@@ -450,6 +450,8 @@ xfs_compat_attrmulti_by_handle(
error = 0; error = 0;
for (i = 0; i < am_hreq.opcount; i++) { for (i = 0; i < am_hreq.opcount; i++) {
ops[i].am_flags &= ~ATTR_KERNEL_FLAGS;
ops[i].am_error = strncpy_from_user((char *)attr_name, ops[i].am_error = strncpy_from_user((char *)attr_name,
compat_ptr(ops[i].am_attrname), compat_ptr(ops[i].am_attrname),
MAXNAMELEN); MAXNAMELEN);