mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-04 08:08:54 +00:00
nfs: Fix security label length not being reset
[ Upstream commitd33030e2ee
] nfs_readdir_page_filler() iterates over entries in a directory, reusing the same security label buffer, but does not reset the buffer's length. This causes decode_attr_security_label() to return -ERANGE if an entry's security label is longer than the previous one's. This error, in nfs4_decode_dirent(), only gets passed up as -EAGAIN, which causes another failed attempt to copy into the buffer. The second error is ignored and the remaining entries do not show up in ls, specifically the getdents64() syscall. Reproduce by creating multiple files in NFS and giving one of the later files a longer security label. ls will not see that file nor any that are added afterwards, though they will exist on the backend. In nfs_readdir_page_filler(), reset security label buffer length before every reuse Signed-off-by: Jeffrey Mitchell <jeffrey.mitchell@starlab.io> Fixes:b4487b9354
("nfs: Fix getxattr kernel panic and memory overflow") Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
6c5a11ead9
commit
2f37a1ef1e
1 changed files with 3 additions and 0 deletions
|
@ -553,6 +553,9 @@ int nfs_readdir_page_filler(nfs_readdir_descriptor_t *desc, struct nfs_entry *en
|
||||||
xdr_set_scratch_buffer(&stream, page_address(scratch), PAGE_SIZE);
|
xdr_set_scratch_buffer(&stream, page_address(scratch), PAGE_SIZE);
|
||||||
|
|
||||||
do {
|
do {
|
||||||
|
if (entry->label)
|
||||||
|
entry->label->len = NFS4_MAXLABELLEN;
|
||||||
|
|
||||||
status = xdr_decode(desc, entry, &stream);
|
status = xdr_decode(desc, entry, &stream);
|
||||||
if (status != 0) {
|
if (status != 0) {
|
||||||
if (status == -EAGAIN)
|
if (status == -EAGAIN)
|
||||||
|
|
Loading…
Reference in a new issue