Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp4272237pxu; Mon, 12 Oct 2020 14:28:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz1j0aA53fF6nRltzvM2Z+dbbqZoNDRN+qFvvoVsNAHDMK+uZbBILoPvoMVwXUY/ANBLSpM X-Received: by 2002:a17:906:ad87:: with SMTP id la7mr29592835ejb.85.1602538132986; Mon, 12 Oct 2020 14:28:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1602538132; cv=none; d=google.com; s=arc-20160816; b=Lg7dRAd7RaQargIpD6yjChfHyykzzJhRXpfb0yE4bKsJAMu7179CuLqWzjkvSZkgbI V3FuKjf5hf3yA0R5bzQKtr+2xXnT/9+iX9EbjVzBX3nppA9Nk4m9QioGeax+FEeq6Wov OGYk7RVcPo6xLTkxHtU7uOoFaWakLzgRog/HlJ/hP8l4ioD5FFeUkc1M4hUtos77eeZX Gv4+5npvwwrkb5RKuRzuplHcwEvLNotl88Q+bhWSTEaNxbnCitMXVC/Rholkj3O0y6I2 xVJQiPd2nOVQX4hK2s1dxaUORy9aPWLrbm/dLCr463JF9eI930CfO01bzXf5EAmZaZwp vFeQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=pwBxeBh7N8cnU9LJJkt7XUf4Bgc/gxaEJt7d0e/fjUs=; b=QbquhMx+FN5A0/v2ZFUHW9V4N0GYb9zZGtuVCqDoj2ljDoDzAQVFq9sMyjoYPew7dg mERjDDuiY5gwHDdKNgp4lgIfQllICibDRgV9ojyZoilK/Q9MBrvAZ2fjE3uAEdIvhj3W vubZypUslZTw9iJw7dfhaHRDwZE7o/YWRsI7eX4Lb1Q/ZwINAUd4t94pq8N1vSse5Ci1 zMYSoao8JCjeg55S2ltXCJelMsh1vNbanU0tti4KG0aMuaJ8sDyQVYnxwjGZIUS9GdaT 4H1Did6OiXc+/T18Qj47TF8j/LldFcoBh/eAez9c3mG52NxpT37eyGq5ufeOi7mHxdzg YOOQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=On+cfCgj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n17si12569908edt.584.2020.10.12.14.28.30; Mon, 12 Oct 2020 14:28:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=On+cfCgj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731132AbgJLNih (ORCPT + 99 others); Mon, 12 Oct 2020 09:38:37 -0400 Received: from mail.kernel.org ([198.145.29.99]:40116 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731017AbgJLNhT (ORCPT ); Mon, 12 Oct 2020 09:37:19 -0400 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8891F204EA; Mon, 12 Oct 2020 13:37:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1602509835; bh=YwlDmvQPPSAfDtG59Bri/v67AlNWkFT/fxzVaZY807Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=On+cfCgjmKkXOyyioiOntNYBP58hsbwWranrt7UkHVIiU/62FoQ5h5LWSCs6ds6gC qVoT77P53XaEgNGlbbOHgQw1j7fY7D6EptwQz2mcPQV4ejDDn+3ZIRK046MNhyIYz7 X5PzCbPTWGzRO5tAy8Ln4vU1dJabr9NdSwOytKS8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jeffrey Mitchell , Trond Myklebust , Sasha Levin Subject: [PATCH 4.14 19/70] nfs: Fix security label length not being reset Date: Mon, 12 Oct 2020 15:26:35 +0200 Message-Id: <20201012132631.152281902@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201012132630.201442517@linuxfoundation.org> References: <20201012132630.201442517@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jeffrey Mitchell [ Upstream commit d33030e2ee3508d65db5644551435310df86010e ] nfs_readdir_page_filler() iterates over entries in a directory, reusing the same security label buffer, but does not reset the buffer's length. This causes decode_attr_security_label() to return -ERANGE if an entry's security label is longer than the previous one's. This error, in nfs4_decode_dirent(), only gets passed up as -EAGAIN, which causes another failed attempt to copy into the buffer. The second error is ignored and the remaining entries do not show up in ls, specifically the getdents64() syscall. Reproduce by creating multiple files in NFS and giving one of the later files a longer security label. ls will not see that file nor any that are added afterwards, though they will exist on the backend. In nfs_readdir_page_filler(), reset security label buffer length before every reuse Signed-off-by: Jeffrey Mitchell Fixes: b4487b935452 ("nfs: Fix getxattr kernel panic and memory overflow") Signed-off-by: Trond Myklebust Signed-off-by: Sasha Levin --- fs/nfs/dir.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c index 673d89bb817ea..5c26e90db5887 100644 --- a/fs/nfs/dir.c +++ b/fs/nfs/dir.c @@ -560,6 +560,9 @@ int nfs_readdir_page_filler(nfs_readdir_descriptor_t *desc, struct nfs_entry *en xdr_set_scratch_buffer(&stream, page_address(scratch), PAGE_SIZE); do { + if (entry->label) + entry->label->len = NFS4_MAXLABELLEN; + status = xdr_decode(desc, entry, &stream); if (status != 0) { if (status == -EAGAIN) -- 2.25.1