[PATCH] nfs: Fix security label length not being reset

[PATCH] nfs: Fix security label length not being reset

[Jeffrey Mitchell]

nfs_readdir_page_filler() iterates over entries in a directory, reusing
the same security label buffer, but does not reset the buffer's length.
This causes decode_attr_security_label() to return -ERANGE if an entry's
security label is longer than the previous one's. This error, in
nfs4_decode_dirent(), only gets passed up as -EAGAIN, which causes another
failed attempt to copy into the buffer. The second error is ignored and
the remaining entries do not show up in ls, specifically the getdents64()
syscall.

Reproduce by creating multiple files in NFS and giving one of the later
files a longer security label. ls will not see that file nor any that are
added afterwards, though they will exist on the backend.

- Jeffrey

Jeffrey Mitchell (1):
  nfs: Fix security label length not being reset

 fs/nfs/dir.c | 3 +++
 1 file changed, 3 insertions(+)

-- 
2.25.1

[PATCH] nfs: Fix security label length not being reset

[Jeffrey Mitchell]

In nfs_readdir_page_filler(), reset security label buffer length before
every reuse

Signed-off-by: Jeffrey Mitchell <jeffrey.mitchell@starlab.io>
---
 fs/nfs/dir.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
index a12f42e7d8c7..5ff6af4478a5 100644
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -579,6 +579,9 @@ int nfs_readdir_page_filler(nfs_readdir_descriptor_t *desc, struct nfs_entry *en
 	xdr_set_scratch_buffer(&stream, page_address(scratch), PAGE_SIZE);
 
 	do {
+		if (entry->label)
+			entry->label->len = NFS4_MAXLABELLEN;
+
 		status = xdr_decode(desc, entry, &stream);
 		if (status != 0) {
 			if (status == -EAGAIN)
-- 
2.25.1

Re: [PATCH] nfs: Fix security label length not being reset

[J. Bruce Fields]

On Mon, Sep 14, 2020 at 10:49:57AM -0500, Jeffrey Mitchell wrote:
> nfs_readdir_page_filler() iterates over entries in a directory, reusing
> the same security label buffer, but does not reset the buffer's length.
> This causes decode_attr_security_label() to return -ERANGE if an entry's
> security label is longer than the previous one's. This error, in
> nfs4_decode_dirent(), only gets passed up as -EAGAIN, which causes another
> failed attempt to copy into the buffer. The second error is ignored and
> the remaining entries do not show up in ls, specifically the getdents64()
> syscall.
> 
> Reproduce by creating multiple files in NFS and giving one of the later
> files a longer security label. ls will not see that file nor any that are
> added afterwards, though they will exist on the backend.

Please include these paragraphs in the changelog.

--b.

> 
> - Jeffrey
> 
> Jeffrey Mitchell (1):
>   nfs: Fix security label length not being reset
> 
>  fs/nfs/dir.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> -- 
> 2.25.1

[PATCH v2] nfs: Fix security label length not being reset

[Jeffrey Mitchell]

nfs_readdir_page_filler() iterates over entries in a directory, reusing
the same security label buffer, but does not reset the buffer's length.
This causes decode_attr_security_label() to return -ERANGE if an entry's
security label is longer than the previous one's. This error, in
nfs4_decode_dirent(), only gets passed up as -EAGAIN, which causes another
failed attempt to copy into the buffer. The second error is ignored and
the remaining entries do not show up in ls, specifically the getdents64()
syscall.

Reproduce by creating multiple files in NFS and giving one of the later
files a longer security label. ls will not see that file nor any that are
added afterwards, though they will exist on the backend.

In nfs_readdir_page_filler(), reset security label buffer length before
every reuse

Signed-off-by: Jeffrey Mitchell <jeffrey.mitchell@starlab.io>
---
v2: Added explanation from cover letter as requested by J. Bruce Fields
    <bfields@fieldses.org>

 fs/nfs/dir.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
index e732580fe47b..cb52db9a0cfb 100644
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -579,6 +579,9 @@ int nfs_readdir_page_filler(nfs_readdir_descriptor_t *desc, struct nfs_entry *en
 	xdr_set_scratch_buffer(&stream, page_address(scratch), PAGE_SIZE);
 
 	do {
+		if (entry->label)
+			entry->label->len = NFS4_MAXLABELLEN;
+
 		status = xdr_decode(desc, entry, &stream);
 		if (status != 0) {
 			if (status == -EAGAIN)
-- 
2.25.1