Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp3389942pxk; Mon, 5 Oct 2020 08:30:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzOk3xOMnlxBo0tnxT/dc2Da96ESmno7xxSeCQyo4gUZKwD/FRr9AMnfc/oXOeItmLtxGh7 X-Received: by 2002:a50:cd51:: with SMTP id d17mr153323edj.93.1601911844050; Mon, 05 Oct 2020 08:30:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1601911844; cv=none; d=google.com; s=arc-20160816; b=0DCGZSqeGRoT/qROuFlaNAwU91pBpmQDOnUomkqI9pla20XXgH+Q7vC8OM/YiDHtT4 FFazg9fm6CNHu5upCEyRPHerBlfaWJB1bfwqqgLGUqklwWomFPJvC/QSVvSrWJBnhlKh lCLVkQGn0Ms/MFCm94STGqt9G351b3zPm0ZLwLTiwvXKLbzsUzZhgfKHZSB3Wat4P9ad QHhfiK69njwax6HQ6RqSLsKDczwmYZy7ZyLDLYf9gwGKiNvfScF/08vfqO51Y2OjO+8B b0/OLJFicGh78TcCFgsP/KA14Oy06hoL3PtGZDWB4B2Ki6ycznPGD4CShIPdhb5snKe6 a46g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=fsUtSXJEAvpc8ErOdqCmuzNSjUShaI6SRWkJmDDB5yc=; b=Eg3Nk9jT6n0Ht9lUqDq8+4g0ylEdTCdojsbaOqsYvoEWaEmzOLw/5JCJLfgZKcE2DR csfQ8ShPKJgVzkv6A4hKKV3re2uThokillfcjU0QyUYa/yGrTon7R+/yRphegX1k2ReZ BMAybSNdz0nS1Qgqvdjicx2jDAJ7im7CfWg2jwP/4435aidzLr3GJqiiKk9IoOd+m5+n Fwz05IzuAwgJZeBGk/riKWZfGcJyjPYOJng4xgpzqDFatClPl8EQHbDk6D0xR7V+OPbi sUKvQSnnjqTfDzc7vp9jONwtUASAYQcs/lELxEeMsIEi2BwvQSstq9TsxX2lnvDDDK7U medg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=fKbLztvD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b1si203919edw.229.2020.10.05.08.30.20; Mon, 05 Oct 2020 08:30:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=fKbLztvD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727251AbgJEP1i (ORCPT + 99 others); Mon, 5 Oct 2020 11:27:38 -0400 Received: from mail.kernel.org ([198.145.29.99]:52120 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726760AbgJEP1b (ORCPT ); Mon, 5 Oct 2020 11:27:31 -0400 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 53D8C208C7; Mon, 5 Oct 2020 15:27:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1601911650; bh=WOPACfdw1elRPkcdeseAImdaZvZMg9Hr8B8wAVIDeBI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fKbLztvDCxe/ZNHrimd2xGNZdnJspWvbIt7dwhaH1ISF3/Q1bfguQID+5Od849Nsg vQkQs1db6v315uw0f5TgUI6wK5at0dJW/O1iZSC31WI4X0lFU4JF4/RRdeGGsCwRLi IXLKShGizetohYE7Ng6nie+lRm9QjWg0Str3IpZg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jeffrey Mitchell , Trond Myklebust , Sasha Levin Subject: [PATCH 4.19 25/38] nfs: Fix security label length not being reset Date: Mon, 5 Oct 2020 17:26:42 +0200 Message-Id: <20201005142109.883366324@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201005142108.650363140@linuxfoundation.org> References: <20201005142108.650363140@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jeffrey Mitchell [ Upstream commit d33030e2ee3508d65db5644551435310df86010e ] nfs_readdir_page_filler() iterates over entries in a directory, reusing the same security label buffer, but does not reset the buffer's length. This causes decode_attr_security_label() to return -ERANGE if an entry's security label is longer than the previous one's. This error, in nfs4_decode_dirent(), only gets passed up as -EAGAIN, which causes another failed attempt to copy into the buffer. The second error is ignored and the remaining entries do not show up in ls, specifically the getdents64() syscall. Reproduce by creating multiple files in NFS and giving one of the later files a longer security label. ls will not see that file nor any that are added afterwards, though they will exist on the backend. In nfs_readdir_page_filler(), reset security label buffer length before every reuse Signed-off-by: Jeffrey Mitchell Fixes: b4487b935452 ("nfs: Fix getxattr kernel panic and memory overflow") Signed-off-by: Trond Myklebust Signed-off-by: Sasha Levin --- fs/nfs/dir.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c index 4ae726e70d873..733fd9e4f0a15 100644 --- a/fs/nfs/dir.c +++ b/fs/nfs/dir.c @@ -553,6 +553,9 @@ int nfs_readdir_page_filler(nfs_readdir_descriptor_t *desc, struct nfs_entry *en xdr_set_scratch_buffer(&stream, page_address(scratch), PAGE_SIZE); do { + if (entry->label) + entry->label->len = NFS4_MAXLABELLEN; + status = xdr_decode(desc, entry, &stream); if (status != 0) { if (status == -EAGAIN) -- 2.25.1