From: Anna Schumaker <anna.schumaker@netapp.com>
To: Ondrej Mosnacek <omosnace@redhat.com>
Cc: linux-nfs <linux-nfs@vger.kernel.org>,
Trond Myklebust <trond.myklebust@hammerspace.com>,
Linux Security Module list
<linux-security-module@vger.kernel.org>,
SElinux list <selinux@vger.kernel.org>,
David Quigley <dpquigl@davequigley.com>
Subject: Re: [PATCH] NFSv4.2: fix return value of _nfs4_get_security_label()
Date: Fri, 12 Mar 2021 10:42:56 -0500 [thread overview]
Message-ID: <CAFX2JfmcCSKViTQjpw4Shw_3QjG_Bizp02ECOQkxN-zGCPUpkg@mail.gmail.com> (raw)
In-Reply-To: <CAFqZXNtssgDmhMS+p6+F2zC=ka3=bM22GpNQLO2NbSLWQroYFg@mail.gmail.com>
Hi Ondrej,
On Tue, Mar 9, 2021 at 5:10 AM Ondrej Mosnacek <omosnace@redhat.com> wrote:
>
> On Fri, Jan 15, 2021 at 6:43 PM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> > An xattr 'get' handler is expected to return the length of the value on
> > success, yet _nfs4_get_security_label() (and consequently also
> > nfs4_xattr_get_nfs4_label(), which is used as an xattr handler) returns
> > just 0 on success.
> >
> > Fix this by returning label.len instead, which contains the length of
> > the result.
> >
> > Fixes: aa9c2669626c ("NFS: Client implementation of Labeled-NFS")
> > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> > ---
> > fs/nfs/nfs4proc.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
> > index 2f4679a62712a..28465d8aada64 100644
> > --- a/fs/nfs/nfs4proc.c
> > +++ b/fs/nfs/nfs4proc.c
> > @@ -5971,7 +5971,7 @@ static int _nfs4_get_security_label(struct inode *inode, void *buf,
> > return ret;
> > if (!(fattr.valid & NFS_ATTR_FATTR_V4_SECURITY_LABEL))
> > return -ENOENT;
> > - return 0;
> > + return label.len;
> > }
> >
> > static int nfs4_get_security_label(struct inode *inode, void *buf,
> > --
> > 2.29.2
> >
>
> Ping. It's been almost 2 months now, and I can't see the patch applied
> anywhere, nor has it received any feedback from the NFS maintainers...
> Trond? Anna?
Thanks for the ping! I've queued this up for the next bugfixes pull request.
Anna
>
> --
> Ondrej Mosnacek
> Software Engineer, Linux Security - SELinux kernel
> Red Hat, Inc.
>
prev parent reply other threads:[~2021-03-12 15:44 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-15 17:43 [PATCH] NFSv4.2: fix return value of _nfs4_get_security_label() Ondrej Mosnacek
2021-01-20 4:57 ` James Morris
2021-01-22 19:23 ` Paul Moore
2021-03-09 10:08 ` Ondrej Mosnacek
2021-03-12 15:42 ` Anna Schumaker [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFX2JfmcCSKViTQjpw4Shw_3QjG_Bizp02ECOQkxN-zGCPUpkg@mail.gmail.com \
--to=anna.schumaker@netapp.com \
--cc=dpquigl@davequigley.com \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=omosnace@redhat.com \
--cc=selinux@vger.kernel.org \
--cc=trond.myklebust@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.