* [PATCH 1/2] afs: Fix warning due to unadvanced marshalling pointer
@ 2020-11-03 16:32 David Howells
2020-11-03 16:33 ` [PATCH 2/2] afs: Fix incorrect freeing of the ACL passed to the YFS ACL store op David Howells
0 siblings, 1 reply; 2+ messages in thread
From: David Howells @ 2020-11-03 16:32 UTC (permalink / raw)
To: torvalds; +Cc: dhowells, linux-afs, linux-fsdevel, linux-kernel
When using the afs.yfs.acl xattr to change an AuriStor ACL, a warning can
be generated when the request is marshalled because the buffer pointer
isn't increased after adding the last element, thereby triggering the check
at the end if the ACL wasn't empty. This just causes something like the
following warning, but doesn't stop the call from happening successfully:
kAFS: YFS.StoreOpaqueACL2: Request buffer underflow (36<108)
Fix this simply by increasing the count prior to the check.
Fixes: f5e4546347bc ("afs: Implement YFS ACL setting")
Signed-off-by: David Howells <dhowells@redhat.com>
---
fs/afs/yfsclient.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/afs/yfsclient.c b/fs/afs/yfsclient.c
index 3b1239b7e90d..bd787e71a657 100644
--- a/fs/afs/yfsclient.c
+++ b/fs/afs/yfsclient.c
@@ -1990,6 +1990,7 @@ void yfs_fs_store_opaque_acl2(struct afs_operation *op)
memcpy(bp, acl->data, acl->size);
if (acl->size != size)
memset((void *)bp + acl->size, 0, size - acl->size);
+ bp += size / sizeof(__be32);
yfs_check_req(call, bp);
trace_afs_make_fs_call(call, &vp->fid);
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [PATCH 2/2] afs: Fix incorrect freeing of the ACL passed to the YFS ACL store op
2020-11-03 16:32 [PATCH 1/2] afs: Fix warning due to unadvanced marshalling pointer David Howells
@ 2020-11-03 16:33 ` David Howells
0 siblings, 0 replies; 2+ messages in thread
From: David Howells @ 2020-11-03 16:33 UTC (permalink / raw)
To: torvalds; +Cc: dhowells, linux-afs, linux-fsdevel, linux-kernel
The cleanup for the yfs_store_opaque_acl2_operation calls the wrong
function to destroy the ACL content buffer. It's an afs_acl struct, not a
yfs_acl struct - and the free function for latter may pass invalid pointers
to kfree().
Fix this by using the afs_acl_put() function. The yfs_acl_put() function
is then no longer used and can be removed.
general protection fault, probably for non-canonical address 0x7ebde00000000: 0000 [#1] SMP PTI
...
RIP: 0010:compound_head+0x0/0x11
...
Call Trace:
virt_to_cache+0x8/0x51
? yfs_free_opaque_acl+0x16/0x29
kfree+0x5d/0x79
yfs_free_opaque_acl+0x16/0x29
afs_put_operation+0x60/0x114
__vfs_setxattr+0x67/0x72
__vfs_setxattr_noperm+0x66/0xe9
vfs_setxattr+0x67/0xce
setxattr+0x14e/0x184
? __handle_mm_fault+0x4c8/0x4f8
? handle_mm_fault+0x123/0x1ef
__do_sys_fsetxattr+0x66/0x8f
do_syscall_64+0x2d/0x3a
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fixes: e49c7b2f6de7 ("afs: Build an abstraction around an "operation" concept")
Signed-off-by: David Howells <dhowells@redhat.com>
---
fs/afs/xattr.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/fs/afs/xattr.c b/fs/afs/xattr.c
index 38884d6c57cd..95c573dcda11 100644
--- a/fs/afs/xattr.c
+++ b/fs/afs/xattr.c
@@ -148,11 +148,6 @@ static const struct xattr_handler afs_xattr_afs_acl_handler = {
.set = afs_xattr_set_acl,
};
-static void yfs_acl_put(struct afs_operation *op)
-{
- yfs_free_opaque_acl(op->yacl);
-}
-
static const struct afs_operation_ops yfs_fetch_opaque_acl_operation = {
.issue_yfs_rpc = yfs_fs_fetch_opaque_acl,
.success = afs_acl_success,
@@ -246,7 +241,7 @@ static int afs_xattr_get_yfs(const struct xattr_handler *handler,
static const struct afs_operation_ops yfs_store_opaque_acl2_operation = {
.issue_yfs_rpc = yfs_fs_store_opaque_acl2,
.success = afs_acl_success,
- .put = yfs_acl_put,
+ .put = afs_acl_put,
};
/*
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-11-03 16:33 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-03 16:32 [PATCH 1/2] afs: Fix warning due to unadvanced marshalling pointer David Howells
2020-11-03 16:33 ` [PATCH 2/2] afs: Fix incorrect freeing of the ACL passed to the YFS ACL store op David Howells
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).