| Message ID | 165267192904.625255.1227477138553372618.stgit@magnolia (mailing list archive) |
|---|---|
| State | Deferred, archived |
| Headers | show |
| Series | xfs: fix leaks and validation errors in logged xattr updates | expand |
On Sun, 2022-05-15 at 20:32 -0700, Darrick J. Wong wrote: > From: Darrick J. Wong <djwong@kernel.org> > > Make sure we screen the op flags field of recovered xattr intent log > items to reject flag bits that we don't know about. > > Signed-off-by: Darrick J. Wong <djwong@kernel.org> Ok, looks good Reviewed-by: Allison Henderson <allison.henderson@oracle.com> > --- > fs/xfs/xfs_attr_item.c | 11 ++++++++--- > 1 file changed, 8 insertions(+), 3 deletions(-) > > > diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c > index 687cf517841a..459b6c93b40b 100644 > --- a/fs/xfs/xfs_attr_item.c > +++ b/fs/xfs/xfs_attr_item.c > @@ -349,7 +349,8 @@ xfs_attr_log_item( > */ > attrp = &attrip->attri_format; > attrp->alfi_ino = attr->xattri_da_args->dp->i_ino; > - attrp->alfi_op_flags = attr->xattri_op_flags; > + attrp->alfi_op_flags = attr->xattri_op_flags & > + XFS_ATTR_OP_FLAGS_TYPE_ > MASK; > attrp->alfi_value_len = attr->xattri_da_args->valuelen; > attrp->alfi_name_len = attr->xattri_da_args->namelen; > attrp->alfi_attr_flags = attr->xattri_da_args->attr_filter; > @@ -496,6 +497,9 @@ xfs_attri_validate( > if (attrp->__pad != 0) > return false; > > + if (attrp->alfi_op_flags & ~XFS_ATTR_OP_FLAGS_TYPE_MASK) > + return false; > + > /* alfi_op_flags should be either a set or remove */ > switch (op) { > case XFS_ATTR_OP_FLAGS_SET: > @@ -556,7 +560,8 @@ xfs_attri_item_recover( > args = (struct xfs_da_args *)(attr + 1); > > attr->xattri_da_args = args; > - attr->xattri_op_flags = attrp->alfi_op_flags; > + attr->xattri_op_flags = attrp->alfi_op_flags & > + XFS_ATTR_OP_FLAGS_TYPE_ > MASK; > > args->dp = ip; > args->geo = mp->m_attr_geo; > @@ -567,7 +572,7 @@ xfs_attri_item_recover( > args->attr_filter = attrp->alfi_attr_flags; > args->op_flags = XFS_DA_OP_RECOVERY | XFS_DA_OP_OKNOENT; > > - switch (attrp->alfi_op_flags & XFS_ATTR_OP_FLAGS_TYPE_MASK) { > + switch (attr->xattri_op_flags) { > case XFS_ATTR_OP_FLAGS_SET: > case XFS_ATTR_OP_FLAGS_REPLACE: > args->value = attrip->attri_value; >
diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index 687cf517841a..459b6c93b40b 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -349,7 +349,8 @@ xfs_attr_log_item( */ attrp = &attrip->attri_format; attrp->alfi_ino = attr->xattri_da_args->dp->i_ino; - attrp->alfi_op_flags = attr->xattri_op_flags; + attrp->alfi_op_flags = attr->xattri_op_flags & + XFS_ATTR_OP_FLAGS_TYPE_MASK; attrp->alfi_value_len = attr->xattri_da_args->valuelen; attrp->alfi_name_len = attr->xattri_da_args->namelen; attrp->alfi_attr_flags = attr->xattri_da_args->attr_filter; @@ -496,6 +497,9 @@ xfs_attri_validate( if (attrp->__pad != 0) return false; + if (attrp->alfi_op_flags & ~XFS_ATTR_OP_FLAGS_TYPE_MASK) + return false; + /* alfi_op_flags should be either a set or remove */ switch (op) { case XFS_ATTR_OP_FLAGS_SET: @@ -556,7 +560,8 @@ xfs_attri_item_recover( args = (struct xfs_da_args *)(attr + 1); attr->xattri_da_args = args; - attr->xattri_op_flags = attrp->alfi_op_flags; + attr->xattri_op_flags = attrp->alfi_op_flags & + XFS_ATTR_OP_FLAGS_TYPE_MASK; args->dp = ip; args->geo = mp->m_attr_geo; @@ -567,7 +572,7 @@ xfs_attri_item_recover( args->attr_filter = attrp->alfi_attr_flags; args->op_flags = XFS_DA_OP_RECOVERY | XFS_DA_OP_OKNOENT; - switch (attrp->alfi_op_flags & XFS_ATTR_OP_FLAGS_TYPE_MASK) { + switch (attr->xattri_op_flags) { case XFS_ATTR_OP_FLAGS_SET: case XFS_ATTR_OP_FLAGS_REPLACE: args->value = attrip->attri_value;