* [PATCH v2 1/4] NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
@ 2022-10-19 17:36 trondmy
2022-10-19 17:36 ` [PATCH v2 2/4] NFSv4.2: Always decode the security label trondmy
0 siblings, 1 reply; 4+ messages in thread
From: trondmy @ 2022-10-19 17:36 UTC (permalink / raw)
To: Anna Schumaker; +Cc: linux-nfs
From: Trond Myklebust <trond.myklebust@hammerspace.com>
We need to clear the FATTR4_WORD2_SECURITY_LABEL bitmap flag
irrespective of whether or not the label is too long.
Fixes: aa9c2669626c ("NFS: Client implementation of Labeled-NFS")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
---
fs/nfs/nfs4xdr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c
index acfe5f4bda48..8c5298e37f0f 100644
--- a/fs/nfs/nfs4xdr.c
+++ b/fs/nfs/nfs4xdr.c
@@ -4234,6 +4234,7 @@ static int decode_attr_security_label(struct xdr_stream *xdr, uint32_t *bitmap,
p = xdr_inline_decode(xdr, len);
if (unlikely(!p))
return -EIO;
+ bitmap[2] &= ~FATTR4_WORD2_SECURITY_LABEL;
if (len < NFS4_MAXLABELLEN) {
if (label) {
if (label->len) {
@@ -4246,7 +4247,6 @@ static int decode_attr_security_label(struct xdr_stream *xdr, uint32_t *bitmap,
label->lfs = lfs;
status = NFS_ATTR_FATTR_V4_SECURITY_LABEL;
}
- bitmap[2] &= ~FATTR4_WORD2_SECURITY_LABEL;
} else
printk(KERN_WARNING "%s: label too long (%u)!\n",
__func__, len);
--
2.37.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v2 2/4] NFSv4.2: Always decode the security label
2022-10-19 17:36 [PATCH v2 1/4] NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding trondmy
@ 2022-10-19 17:36 ` trondmy
2022-10-19 17:36 ` [PATCH v2 3/4] NFSv4.2: Fix a memory stomp in decode_attr_security_label trondmy
0 siblings, 1 reply; 4+ messages in thread
From: trondmy @ 2022-10-19 17:36 UTC (permalink / raw)
To: Anna Schumaker; +Cc: linux-nfs
From: Trond Myklebust <trond.myklebust@hammerspace.com>
If the server returns a reply that includes a security label, then we
must decode it whether or not we can store the results.
Fixes: 1e2f67da8931 ("NFS: Remove the nfs4_label argument from decode_getattr_*() functions")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
---
fs/nfs/nfs4xdr.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c
index 8c5298e37f0f..9103e022376a 100644
--- a/fs/nfs/nfs4xdr.c
+++ b/fs/nfs/nfs4xdr.c
@@ -4755,12 +4755,10 @@ static int decode_getfattr_attrs(struct xdr_stream *xdr, uint32_t *bitmap,
if (status < 0)
goto xdr_error;
- if (fattr->label) {
- status = decode_attr_security_label(xdr, bitmap, fattr->label);
- if (status < 0)
- goto xdr_error;
- fattr->valid |= status;
- }
+ status = decode_attr_security_label(xdr, bitmap, fattr->label);
+ if (status < 0)
+ goto xdr_error;
+ fattr->valid |= status;
xdr_error:
dprintk("%s: xdr returned %d\n", __func__, -status);
--
2.37.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v2 3/4] NFSv4.2: Fix a memory stomp in decode_attr_security_label
2022-10-19 17:36 ` [PATCH v2 2/4] NFSv4.2: Always decode the security label trondmy
@ 2022-10-19 17:36 ` trondmy
2022-10-19 17:36 ` [PATCH v2 4/4] NFSv4.2: Fix initialisation of struct nfs4_label trondmy
0 siblings, 1 reply; 4+ messages in thread
From: trondmy @ 2022-10-19 17:36 UTC (permalink / raw)
To: Anna Schumaker; +Cc: linux-nfs
From: Trond Myklebust <trond.myklebust@hammerspace.com>
We must not change the value of label->len if it is zero, since that
indicates we stored a label.
Fixes: b4487b935452 ("nfs: Fix getxattr kernel panic and memory overflow")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
---
fs/nfs/nfs4xdr.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c
index 9103e022376a..deec76cf5afe 100644
--- a/fs/nfs/nfs4xdr.c
+++ b/fs/nfs/nfs4xdr.c
@@ -4236,12 +4236,10 @@ static int decode_attr_security_label(struct xdr_stream *xdr, uint32_t *bitmap,
return -EIO;
bitmap[2] &= ~FATTR4_WORD2_SECURITY_LABEL;
if (len < NFS4_MAXLABELLEN) {
- if (label) {
- if (label->len) {
- if (label->len < len)
- return -ERANGE;
- memcpy(label->label, p, len);
- }
+ if (label && label->len) {
+ if (label->len < len)
+ return -ERANGE;
+ memcpy(label->label, p, len);
label->len = len;
label->pi = pi;
label->lfs = lfs;
--
2.37.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v2 4/4] NFSv4.2: Fix initialisation of struct nfs4_label
2022-10-19 17:36 ` [PATCH v2 3/4] NFSv4.2: Fix a memory stomp in decode_attr_security_label trondmy
@ 2022-10-19 17:36 ` trondmy
0 siblings, 0 replies; 4+ messages in thread
From: trondmy @ 2022-10-19 17:36 UTC (permalink / raw)
To: Anna Schumaker; +Cc: linux-nfs
From: Trond Myklebust <trond.myklebust@hammerspace.com>
The call to nfs4_label_init_security() should return a fully initialised
label.
Fixes: aa9c2669626c ("NFS: Client implementation of Labeled-NFS")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
---
fs/nfs/nfs4proc.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 3ed14a2a84a4..0ae48498c174 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -122,6 +122,11 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry,
if (nfs_server_capable(dir, NFS_CAP_SECURITY_LABEL) == 0)
return NULL;
+ label->lfs = 0;
+ label->pi = 0;
+ label->len = 0;
+ label->label = NULL;
+
err = security_dentry_init_security(dentry, sattr->ia_mode,
&dentry->d_name, NULL,
(void **)&label->label, &label->len);
@@ -3795,7 +3800,7 @@ nfs4_atomic_open(struct inode *dir, struct nfs_open_context *ctx,
int open_flags, struct iattr *attr, int *opened)
{
struct nfs4_state *state;
- struct nfs4_label l = {0, 0, 0, NULL}, *label = NULL;
+ struct nfs4_label l, *label;
label = nfs4_label_init_security(dir, ctx->dentry, attr, &l);
@@ -4681,7 +4686,7 @@ nfs4_proc_create(struct inode *dir, struct dentry *dentry, struct iattr *sattr,
int flags)
{
struct nfs_server *server = NFS_SERVER(dir);
- struct nfs4_label l, *ilabel = NULL;
+ struct nfs4_label l, *ilabel;
struct nfs_open_context *ctx;
struct nfs4_state *state;
int status = 0;
@@ -5032,7 +5037,7 @@ static int nfs4_proc_symlink(struct inode *dir, struct dentry *dentry,
struct nfs4_exception exception = {
.interruptible = true,
};
- struct nfs4_label l, *label = NULL;
+ struct nfs4_label l, *label;
int err;
label = nfs4_label_init_security(dir, dentry, sattr, &l);
@@ -5073,7 +5078,7 @@ static int nfs4_proc_mkdir(struct inode *dir, struct dentry *dentry,
struct nfs4_exception exception = {
.interruptible = true,
};
- struct nfs4_label l, *label = NULL;
+ struct nfs4_label l, *label;
int err;
label = nfs4_label_init_security(dir, dentry, sattr, &l);
@@ -5192,7 +5197,7 @@ static int nfs4_proc_mknod(struct inode *dir, struct dentry *dentry,
struct nfs4_exception exception = {
.interruptible = true,
};
- struct nfs4_label l, *label = NULL;
+ struct nfs4_label l, *label;
int err;
label = nfs4_label_init_security(dir, dentry, sattr, &l);
--
2.37.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-10-19 17:43 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-19 17:36 [PATCH v2 1/4] NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding trondmy
2022-10-19 17:36 ` [PATCH v2 2/4] NFSv4.2: Always decode the security label trondmy
2022-10-19 17:36 ` [PATCH v2 3/4] NFSv4.2: Fix a memory stomp in decode_attr_security_label trondmy
2022-10-19 17:36 ` [PATCH v2 4/4] NFSv4.2: Fix initialisation of struct nfs4_label trondmy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).