| Message ID | 152401959780.13319.9582448473529615015.stgit@magnolia (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
On 4/17/18 9:46 PM, Darrick J. Wong wrote: > From: Darrick J. Wong <darrick.wong@oracle.com> > > Examine all remote xattr values of a file, not just the XFS_ATTR_ROOT > values. This enables us to detect and zap corrupt user xattrs, as > tested by xfs/404. > > Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Whoa. ;) Where'd this come from? At first glance it seems crazy to only check XFS_ATTR_ROOT but then I stated digging a little... This is essentially akin to other code we still have in the local case, /* Only check values for root security attributes */ if (entry->flags & XFS_ATTR_ROOT) { if (valuecheck(mp, (char *)&local->nameval[0], NULL, local->namelen, be16_to_cpu(local->valuelen))) { do_warn( _("bad security value for attribute entry %d in attr block %u, inode %" PRIu64 "\n"), i, da_bno, ino); return -1; } } soooo this patch essentially allows valuecheck on !XFS_ATTR_ROOT attributes, but valuecheck says: * Calls will be made to xfs_mac_valid or xfs_acl_valid routines if the * security attributes exist. They will be cleared if invalid. * No other values will be checked. So, um, what's actually getting fixed? Ah, ok: this also allows us to simply try to /get/ the remote attribute: rmtval_get() and if that fails: do_warn( _("remote attribute get failed for entry %d, inode %" PRIu64 "\n"), i, ino); goto bad_free_out; we zap it. So ... uh... I think you want to /move/ the XFS_ATTR_ROOT check before the call to valuecheck(), rather than removing it entirely. Ok, at this rate I'll have all 11 patches done by June. -Eric > --- > repair/attr_repair.c | 3 --- > 1 file changed, 3 deletions(-) > > > diff --git a/repair/attr_repair.c b/repair/attr_repair.c > index 8b1b8a7..bb5ab3d 100644 > --- a/repair/attr_repair.c > +++ b/repair/attr_repair.c > @@ -537,9 +537,6 @@ process_leaf_attr_remote( > return -1; > } > > - if (!(entry->flags & XFS_ATTR_ROOT)) > - goto out; > - > value = malloc(be32_to_cpu(remotep->valuelen)); > if (value == NULL) { > do_warn( > > -- > To unsubscribe from this list: send the line "unsubscribe linux-xfs" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe linux-xfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, May 04, 2018 at 01:20:42PM -0500, Eric Sandeen wrote: > On 4/17/18 9:46 PM, Darrick J. Wong wrote: > > From: Darrick J. Wong <darrick.wong@oracle.com> > > > > Examine all remote xattr values of a file, not just the XFS_ATTR_ROOT > > values. This enables us to detect and zap corrupt user xattrs, as > > tested by xfs/404. > > > > Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> > > Whoa. ;) Where'd this come from? At first glance it seems crazy to only > check XFS_ATTR_ROOT but then I stated digging a little... > > This is essentially akin to other code we still have in the local > case, > > /* Only check values for root security attributes */ > if (entry->flags & XFS_ATTR_ROOT) { > if (valuecheck(mp, (char *)&local->nameval[0], NULL, > local->namelen, be16_to_cpu(local->valuelen))) { > do_warn( > _("bad security value for attribute entry %d in attr block %u, inode %" PRIu64 "\n"), > i, da_bno, ino); > return -1; > } > } > > soooo this patch essentially allows valuecheck on !XFS_ATTR_ROOT attributes, > but valuecheck says: > > * Calls will be made to xfs_mac_valid or xfs_acl_valid routines if the > * security attributes exist. They will be cleared if invalid. > * No other values will be checked. > > So, um, what's actually getting fixed? Ah, ok: > > this also allows us to simply try to /get/ the remote attribute: > > rmtval_get() > > and if that fails: > > do_warn( > _("remote attribute get failed for entry %d, inode %" PRIu64 "\n"), > i, ino); > goto bad_free_out; > > we zap it. > > So ... uh... > > I think you want to /move/ the XFS_ATTR_ROOT check before the call to valuecheck(), > rather than removing it entirely. Yes. I could just make it part of the valuecheck test... if (rmtval_get(...)) { do_warn(...); goto bad_free_out; } if ((entry->flags & XFS_ATTR_ROOT) && valuecheck(...)) { do_warn(...); goto bad_free_out; } free(value); --D > > Ok, at this rate I'll have all 11 patches done by June. > > -Eric > > > --- > > repair/attr_repair.c | 3 --- > > 1 file changed, 3 deletions(-) > > > > > > diff --git a/repair/attr_repair.c b/repair/attr_repair.c > > index 8b1b8a7..bb5ab3d 100644 > > --- a/repair/attr_repair.c > > +++ b/repair/attr_repair.c > > @@ -537,9 +537,6 @@ process_leaf_attr_remote( > > return -1; > > } > > > > - if (!(entry->flags & XFS_ATTR_ROOT)) > > - goto out; > > - > > value = malloc(be32_to_cpu(remotep->valuelen)); > > if (value == NULL) { > > do_warn( > > > > -- > > To unsubscribe from this list: send the line "unsubscribe linux-xfs" in > > the body of a message to majordomo@vger.kernel.org > > More majordomo info at http://vger.kernel.org/majordomo-info.html > > > -- > To unsubscribe from this list: send the line "unsubscribe linux-xfs" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-xfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/repair/attr_repair.c b/repair/attr_repair.c index 8b1b8a7..bb5ab3d 100644 --- a/repair/attr_repair.c +++ b/repair/attr_repair.c @@ -537,9 +537,6 @@ process_leaf_attr_remote( return -1; } - if (!(entry->flags & XFS_ATTR_ROOT)) - goto out; - value = malloc(be32_to_cpu(remotep->valuelen)); if (value == NULL) { do_warn(