From: "Ted Ts'o" <tytso@mit.edu>
To: Jan Kara <jack@suse.cz>
Cc: shenghui <crosslonelyover@gmail.com>,
linux-ext4 <linux-ext4@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
kernel-janitors <kernel-janitors@vger.kernel.org>
Subject: Re: [PATCH] check name_len before down_read xattr_sem and sb_read
Date: Fri, 23 Jul 2010 12:46:57 +0000 [thread overview]
Message-ID: <20100723124657.GA13090@thunk.org> (raw)
In-Reply-To: <20100723083759.GA3305@quack.suse.cz>
On Fri, Jul 23, 2010 at 10:37:59AM +0200, Jan Kara wrote:
> Checking of name_len is fine as you did it. But I wanted to point out
> that if name_len is greater than 255, you then go to 'cleanup' label which
> tries to do up_read(&EXT2_I(inode)->xattr_sem). But that's a bug because
> after you moved the code, we don't hold xattr_sem at the moment we check
> name_len.
Yup, you could just return -ERANGE right there.
The simpler fix though might be to just delete the check altogether.
Neither ext3 nor ext4 checks for the length of the xattr name in their
_xattr_get() function. Instead they'll just do the search, and then
return -ENODATA. That seems legit; there can be no entries larger
than 255, so saying the extended attribute doesn't exist is quite
correct. There is a check in the _xattr_set() functions for both ext3
and ext4, which is quite correct and proper.
Does that mean we'll end up doing a search before returning an error
--- yes, but I don't think that matters. Why should we care about
optimizing an error case? It's not like this is going to be in a
timing sensitive part of an application.... (of course the same
consideration could apply to your patch as well).
- Ted
WARNING: multiple messages have this Message-ID (diff)
From: Ted Ts'o <tytso@mit.edu>
To: Jan Kara <jack@suse.cz>
Cc: shenghui <crosslonelyover@gmail.com>,
linux-ext4 <linux-ext4@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
kernel-janitors <kernel-janitors@vger.kernel.org>
Subject: Re: [PATCH] check name_len before down_read xattr_sem and sb_read in ext2_xattr_get
Date: Fri, 23 Jul 2010 08:46:57 -0400 [thread overview]
Message-ID: <20100723124657.GA13090@thunk.org> (raw)
In-Reply-To: <20100723083759.GA3305@quack.suse.cz>
On Fri, Jul 23, 2010 at 10:37:59AM +0200, Jan Kara wrote:
> Checking of name_len is fine as you did it. But I wanted to point out
> that if name_len is greater than 255, you then go to 'cleanup' label which
> tries to do up_read(&EXT2_I(inode)->xattr_sem). But that's a bug because
> after you moved the code, we don't hold xattr_sem at the moment we check
> name_len.
Yup, you could just return -ERANGE right there.
The simpler fix though might be to just delete the check altogether.
Neither ext3 nor ext4 checks for the length of the xattr name in their
_xattr_get() function. Instead they'll just do the search, and then
return -ENODATA. That seems legit; there can be no entries larger
than 255, so saying the extended attribute doesn't exist is quite
correct. There is a check in the _xattr_set() functions for both ext3
and ext4, which is quite correct and proper.
Does that mean we'll end up doing a search before returning an error
--- yes, but I don't think that matters. Why should we care about
optimizing an error case? It's not like this is going to be in a
timing sensitive part of an application.... (of course the same
consideration could apply to your patch as well).
- Ted
next prev parent reply other threads:[~2010-07-23 12:46 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-07-12 14:29 [PATCH] check name_len before down_read xattr_sem and sb_read in ext2_xattr_get crosslonelyover
2010-07-12 14:29 ` crosslonelyover
2010-07-13 14:28 ` [PATCH] check name_len before down_read xattr_sem and sb_read Wang Sheng-Hui
2010-07-13 14:28 ` [PATCH] check name_len before down_read xattr_sem and sb_read in ext2_xattr_get Wang Sheng-Hui
2010-07-13 14:28 ` Wang Sheng-Hui
2010-07-13 14:56 ` [PATCH] check name_len before down_read xattr_sem and sb_read Dan Carpenter
2010-07-13 14:56 ` [PATCH] check name_len before down_read xattr_sem and sb_read in ext2_xattr_get Dan Carpenter
2010-07-21 17:44 ` [PATCH] check name_len before down_read xattr_sem and sb_read Jan Kara
2010-07-21 17:44 ` [PATCH] check name_len before down_read xattr_sem and sb_read in ext2_xattr_get Jan Kara
2010-07-22 0:03 ` [PATCH] check name_len before down_read xattr_sem and sb_read in shenghui
2010-07-22 0:03 ` [PATCH] check name_len before down_read xattr_sem and sb_read in ext2_xattr_get shenghui
2010-07-22 0:03 ` shenghui
2010-07-23 8:37 ` [PATCH] check name_len before down_read xattr_sem and sb_read Jan Kara
2010-07-23 8:37 ` [PATCH] check name_len before down_read xattr_sem and sb_read in ext2_xattr_get Jan Kara
2010-07-23 8:37 ` Jan Kara
2010-07-23 12:46 ` Ted Ts'o [this message]
2010-07-23 12:46 ` Ted Ts'o
2010-07-25 13:12 ` [PATCH] check name_len before down_read xattr_sem and sb_read in shenghui
2010-07-25 13:12 ` [PATCH] check name_len before down_read xattr_sem and sb_read in ext2_xattr_get shenghui
2010-07-25 13:12 ` shenghui
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100723124657.GA13090@thunk.org \
--to=tytso@mit.edu \
--cc=crosslonelyover@gmail.com \
--cc=jack@suse.cz \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.