From: Andreas Gruenbacher <agruenba@redhat.com>
To: "J. Bruce Fields" <bfields@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>,
Miklos Szeredi <mszeredi@redhat.com>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>
Subject: Re: [PATCH] xattr: Additional maximum size check
Date: Thu, 23 Feb 2017 22:26:24 +0100 [thread overview]
Message-ID: <CAHc6FU78bdQtZr4BBW1012eEabS8yojCvs-XxZLjnkPrPq5jig@mail.gmail.com> (raw)
In-Reply-To: <20170223203425.GJ9417@parsley.fieldses.org>
On Thu, Feb 23, 2017 at 9:34 PM, J. Bruce Fields <bfields@redhat.com> wrote:
> On Thu, Feb 23, 2017 at 03:52:14PM +0100, Andreas Gruenbacher wrote:
>> When querying for the buffer size required, a filesystem's getxattr
>> xattr handler or listxattr iop may return a value bigger than the
>> maximum size limit. However, the VFS will never return oversize
>> buffers, so cast such values to -E2BIG.
>>
>> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
>> ---
>> fs/xattr.c | 20 ++++++++++++--------
>> 1 file changed, 12 insertions(+), 8 deletions(-)
>>
>> diff --git a/fs/xattr.c b/fs/xattr.c
>> index 7e3317c..c19a163 100644
>> --- a/fs/xattr.c
>> +++ b/fs/xattr.c
>> @@ -537,16 +537,18 @@ getxattr(struct dentry *d, const char __user *name, void __user *value,
>> }
>>
>> error = vfs_getxattr(d, kname, kvalue, size);
>
> We have this just above:
>
> if (size) {
> if (size > XATTR_SIZE_MAX)
> size = XATTR_SIZE_MAX;
>
> So this test:
>
>> + if (error > XATTR_SIZE_MAX ||
>> + (error == -ERANGE && size >= XATTR_SIZE_MAX)) {
>> + /* The file system tried to returned a value bigger
>> + than XATTR_SIZE_MAX bytes. Not possible. */
>> + error = -E2BIG;
>> + }
>
> is equivalent to:
>
> if (error > XATTR_SIZE_MAX ||
> (error = -ERANGE && size == XATTR_SIZE_MAX))
>
> That's kind of a subtle case.
True.
> I guess the idea is that ERANGE means
> "the xattr value doesn't fit into the buffer you gave me", and E2BIG
> means "the xattr value couldn't fit in any buffer you could possible
> give me". And if the filesystem isn't satisfied even with a
> maximum-sized buffer then clearly we're in the second case. OK, got it.
> Still, this is a little subtle. I don't see EF2BIG in my copy of
> getxattr(2).
It's not in any of my copies of getxattr(2) either yet, but it will be soon :)
> Anyway, feel free to add
>
> Reviewed-by: J. Bruce Fields <bfields@redhat.com>
>
> but I wouldn't say no to more documentation.
Thanks,
Andreas
prev parent reply other threads:[~2017-02-23 21:26 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-23 14:52 [PATCH] xattr: Additional maximum size check Andreas Gruenbacher
2017-02-23 20:34 ` J. Bruce Fields
2017-02-23 21:26 ` Andreas Gruenbacher [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHc6FU78bdQtZr4BBW1012eEabS8yojCvs-XxZLjnkPrPq5jig@mail.gmail.com \
--to=agruenba@redhat.com \
--cc=bfields@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=mszeredi@redhat.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.