Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp4005898pxu; Mon, 12 Oct 2020 07:10:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzN/TvKttRdRrnl0hTParlItkM2CNmWV1b8CJYWZudWryN/sIbj5GrNahQbqoydNyJ2EBnZ X-Received: by 2002:a17:906:30c8:: with SMTP id b8mr27745995ejb.77.1602511854828; Mon, 12 Oct 2020 07:10:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1602511854; cv=none; d=google.com; s=arc-20160816; b=T+7gLZ/0lWo2gtfMfPW0Yodn+iPqAlIIJRYw9j0EtSRrH4YF3ukLgKNlok/sM5DTGZ s1KU8QlafKcAmSccnjkYeUnBrScrEq9N5pFjjtKTdEOo7OkFjUseRFOuZTVvtqB3eVVl WmuMBIqSvS32pEY8oUeSWTBS4XrPDKoC6AJYhMw+n1No0M2kiH/ApLjt6FDpe5UlU8Y6 wLca8UMozhC0blImeEF+Q+R0lpquZZGG63agtAkdwUCOl+AzLrGfiC5er5lMhQYi9XvK AIKeJdQy+7hUUQ4po4bZUplzhQCuavQMS16mYHET84/wQ/BlTFdqr7P5r+9F504itLoG 5KDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=kpD1bWVRhHpmo8AEfvpJE69ACpR7qpDImQD9g7rOJyE=; b=G9/9R5f6S7yI6p3d1l4CCPp615cfpNhWVKBTNrN8Bftm33UPChYZMmY9eQagILnT1I tSmJ96Hs95T5xKS13PwGQtaJrhy07rcx9cH6xlHybln5tzgrZnZ04d3VB/vvzbLvflFk 4b2v+Bo4TcYju3FWxNFB87vAELISlQ3+/M6QiqkHQKPIGToWu39tCwv6uh0wALTqJAFW PHVDWG1m0FvH/tBQWt2WegkVeJQBJ84YH35oLFJWAZnJE9sQkXWc5r+RDCWeotrKlbJ7 166s36ZwiUVpjmBjdttbq9WPo53S4XXOC8C3bFQt39HLrCINCOdEcFcW80Dh4xxwsgT9 w7Nw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=tj9o0Dfx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w26si6865876ejk.36.2020.10.12.07.10.31; Mon, 12 Oct 2020 07:10:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=tj9o0Dfx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389027AbgJLOIS (ORCPT + 99 others); Mon, 12 Oct 2020 10:08:18 -0400 Received: from mail.kernel.org ([198.145.29.99]:35768 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389069AbgJLNdh (ORCPT ); Mon, 12 Oct 2020 09:33:37 -0400 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 76BB020838; Mon, 12 Oct 2020 13:33:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1602509616; bh=sxyYFJaYYfTrBpG9XEX/1qzpRTaAjKaCLA2pCCuRF6Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tj9o0DfxQoC0RfwamQOCBDbJgORXNHdhpxMgd9XCjVNn1kEDYQ57ND3oPyFaE6ICX 2lhDyxyuJdZ771SQ9JlY+quZFQuMfqAd77+rQmfrbsythtvqUMoxpOaeDNLU9kqiQD gsXQr4czxGc6AbP1FpM2dqyQdFSWLGUukofsvbYg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jeffrey Mitchell , Trond Myklebust , Sasha Levin Subject: [PATCH 4.9 12/54] nfs: Fix security label length not being reset Date: Mon, 12 Oct 2020 15:26:34 +0200 Message-Id: <20201012132630.150241058@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201012132629.585664421@linuxfoundation.org> References: <20201012132629.585664421@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jeffrey Mitchell [ Upstream commit d33030e2ee3508d65db5644551435310df86010e ] nfs_readdir_page_filler() iterates over entries in a directory, reusing the same security label buffer, but does not reset the buffer's length. This causes decode_attr_security_label() to return -ERANGE if an entry's security label is longer than the previous one's. This error, in nfs4_decode_dirent(), only gets passed up as -EAGAIN, which causes another failed attempt to copy into the buffer. The second error is ignored and the remaining entries do not show up in ls, specifically the getdents64() syscall. Reproduce by creating multiple files in NFS and giving one of the later files a longer security label. ls will not see that file nor any that are added afterwards, though they will exist on the backend. In nfs_readdir_page_filler(), reset security label buffer length before every reuse Signed-off-by: Jeffrey Mitchell Fixes: b4487b935452 ("nfs: Fix getxattr kernel panic and memory overflow") Signed-off-by: Trond Myklebust Signed-off-by: Sasha Levin --- fs/nfs/dir.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c index 2517fcd423b68..d405b5a14073a 100644 --- a/fs/nfs/dir.c +++ b/fs/nfs/dir.c @@ -583,6 +583,9 @@ int nfs_readdir_page_filler(nfs_readdir_descriptor_t *desc, struct nfs_entry *en xdr_set_scratch_buffer(&stream, page_address(scratch), PAGE_SIZE); do { + if (entry->label) + entry->label->len = NFS4_MAXLABELLEN; + status = xdr_decode(desc, entry, &stream); if (status != 0) { if (status == -EAGAIN) -- 2.25.1