Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp5612529imu; Mon, 26 Nov 2018 03:00:56 -0800 (PST) X-Google-Smtp-Source: AFSGD/UVlYjaQhvIfWpYFhdIgkAxKal+tcN+D9NRh20SyeINZ5B8/PiL+qIPg26CryvMWxCcojPr X-Received: by 2002:a62:2c4d:: with SMTP id s74mr25026852pfs.6.1543230056932; Mon, 26 Nov 2018 03:00:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543230056; cv=none; d=google.com; s=arc-20160816; b=EdEFGggJsqAsfhqDm4Bf4aEdmvNB0U7yYA2jsYCBOCmXazpP4Q7BkFYdEhYjcSMYOs TxQ2EVhuD02Eo1RSRRlKm/NVj7y7ad1cDhA2GU9U0jkUXl9BCHKdxb3KP8lKUNTjMTAz IBeQdUonpbfl0Rz+fwtyQwzAhC8k+grremgpUVUcVX9P6/nY15lqoNCjrjwJwBRAkWDk xtNa8VWatTWq8Hpcnjqo6htxXKuDbK9rQZMWprLK15DBN4s7myDhZVpk9NUfj7p/ds7x SArQLCgwTmB3l0qv2tGThlZKoSiYs+rQ1mT66PhU9+hqnO2Ksi4OswEAOkz7RUHiPFZB EoFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=j8t25zpRNIowgThuzbKJtV18AzCLbi+l7KaFS4rUhNQ=; b=dABDs+j8IFCUm9MLXln+7gmxiRjo1jr5X8Azh2jp9ZJSCyxOt98TUz3uEpQ7xvkIq+ v1U3ANfr4SvjkuxJtRZO6l+Pc6TP7EgJq+zIlRotL5sdp/hObX8kdGFgOTilvOv7GP3v t4jGfrFtN6YZxdwlfYLEPbxMQCB3iFl16ClQEaUTG/BgpXbx8E6g4lVRvVC357iHIW9F ujZeaizOch8nbJ85+eZmehiNEQ1Q6aRDkVbwN+1zsSWqpEYwUW/QHvn/+mbY+D25pWs2 svKW2XPLMGDY5eZ2kkLOpUDmuAhCXK8hs3eiWM91jQvhEvJue0ZvlTzcGhyjijVgv9Y7 PMaQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ISvJkBI8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 91-v6si57701772ply.335.2018.11.26.03.00.41; Mon, 26 Nov 2018 03:00:56 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ISvJkBI8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729520AbeKZVxH (ORCPT + 99 others); Mon, 26 Nov 2018 16:53:07 -0500 Received: from mail.kernel.org ([198.145.29.99]:34774 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727875AbeKZVxH (ORCPT ); Mon, 26 Nov 2018 16:53:07 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C4F7821473; Mon, 26 Nov 2018 10:59:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1543229962; bh=WNVtHkZjpRtc7mPPiDoHihXJVBu785klHMYTLV5gI4o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ISvJkBI8CDirvM4FZiqaMVWblFB/vdfPlxNSriXx0lkE5gEA+O+WO4ZxBmdkOs7dl RxOMwUyUQ2Bhqjiig0ArvPDMBwMxL/VmLSlQg96WbKXadiARcJoD4W4XgvcOio4F6w 9gva8suk+hEDBj9xkJMleH/be9j/fR3hGkfjb/bI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ronnie Sahlberg , Steve French , Aurelien Aptel , Sasha Levin Subject: [PATCH 4.14 02/62] cifs: fix return value for cifs_listxattr Date: Mon, 26 Nov 2018 11:50:43 +0100 Message-Id: <20181126105051.109646457@linuxfoundation.org> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181126105050.592727680@linuxfoundation.org> References: <20181126105050.592727680@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ [ Upstream commit 0c5d6cb6643f48ad3775322f3ebab6c7eb67484e ] If the application buffer was too small to fit all the names we would still count the number of bytes and return this for listxattr. This would then trigger a BUG in usercopy.c Fix the computation of the size so that we return -ERANGE correctly when the buffer is too small. This fixes the kernel BUG for xfstest generic/377 Signed-off-by: Ronnie Sahlberg Signed-off-by: Steve French Reviewed-by: Aurelien Aptel Signed-off-by: Sasha Levin --- fs/cifs/smb2ops.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index 4e5b05263e4a..3372eedaa94d 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -441,6 +441,7 @@ move_smb2_ea_to_cifs(char *dst, size_t dst_size, int rc = 0; unsigned int ea_name_len = ea_name ? strlen(ea_name) : 0; char *name, *value; + size_t buf_size = dst_size; size_t name_len, value_len, user_name_len; while (src_size > 0) { @@ -476,9 +477,10 @@ move_smb2_ea_to_cifs(char *dst, size_t dst_size, /* 'user.' plus a terminating null */ user_name_len = 5 + 1 + name_len; - rc += user_name_len; - - if (dst_size >= user_name_len) { + if (buf_size == 0) { + /* skip copy - calc size only */ + rc += user_name_len; + } else if (dst_size >= user_name_len) { dst_size -= user_name_len; memcpy(dst, "user.", 5); dst += 5; @@ -486,8 +488,7 @@ move_smb2_ea_to_cifs(char *dst, size_t dst_size, dst += name_len; *dst = 0; ++dst; - } else if (dst_size == 0) { - /* skip copy - calc size only */ + rc += user_name_len; } else { /* stop before overrun buffer */ rc = -ERANGE; -- 2.17.1