From: Zorro Lang <zlang@kernel.org>
To: Avinesh Kumar <avinesh.kumar@suse.com>
Cc: fstests@vger.kernel.org
Subject: Re: [PATCH v2] generic/062: filter setfattr --restore symlink-safety warning
Date: Sat, 18 Jul 2026 01:10:57 +0800 [thread overview]
Message-ID: <alph7vbbkV3SRCtJ@zlang-mailbox> (raw)
In-Reply-To: <bbcbd145-47eb-4336-b9e2-588b68cdb41b@suse.com>
On Fri, Jul 17, 2026 at 02:04:20PM +0200, Avinesh Kumar wrote:
> Hello Zorro,
>
> Thanks for the review.
>
> On 7/17/26 11:22 AM, Zorro Lang wrote:
> > On Mon, Jul 06, 2026 at 09:13:26PM +0200, Avinesh Kumar wrote:
> > > From: Avinesh Kumar <avinesh.kumar@suse.com>
> > >
> > > attr 2.6.0 (CVE-2026-54371 fix)[0] makes "setfattr --restore" warn when
> > > used without -P and the dump contains a symlink, which generic/062 does.
> > > The warning leaks into the compared output via the setfattr() wrapper
> > > and fails the test. Adding -P isn't portable (older attr doesn't have it),
> > > so filter the warning in the wrapper instead.
> > >
> > > [0] https://cgit.git.savannah.nongnu.org/cgit/attr.git/commit/?id=3fb06b9ba314d37035d0877e6de313de754f1ac8
> >
> > For generic/062, modifying the g/062 itself seems fine and logical, as
> > _extend_test_bed() explicitly introduces complex symlink paths for
> > testing purposes.
> >
> > Have you run xfstests on XFS with attr 2.6.0? There are quite a few
> > setfattr --restore invocations in common/populate. If those also trigger
> > the new unsafe restore warnings, we might want to consider introducing
> > a helper function, such as _setfattr or _setfattr_restore to handle to
> > -h and -P things.
> >
> > Reviewed-by: Zorro Lang <zlang@kernel.org>
>
> I am sorry, I forgot to reply to my patch here. I got same feedback from
> Darrick when I sent patch for xfs/083 for the same issue. So this is
> being handled with a wrapper. Please review here and this patch can
> be ignored -
> https://lore.kernel.org/fstests/9b95ab03-34c0-4d2f-b4d7-fdb9c8cbb193@suse.com/T/#m3bef5e49d3ca17f845a3ccab8b6dea5b67c00d86
Great! Darrick gave you a similar review point, I'm going to check that new
patch.
Thanks,
Zorro
>
>
> Regards,
> Avinesh
>
> >
> > >
> > > Signed-off-by: Avinesh Kumar <avinesh.kumar@suse.com>
> > > ---
> > > tests/generic/062 | 7 ++++++-
> > > 1 file changed, 6 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/tests/generic/062 b/tests/generic/062
> > > index 89659040..ddf0a478 100755
> > > --- a/tests/generic/062
> > > +++ b/tests/generic/062
> > > @@ -30,7 +30,12 @@ getfattr()
> > > setfattr()
> > > {
> > > - $SETFATTR_PROG $@ 2>&1 | _filter_scratch
> > > + # attr >= 2.6.0 (CVE-2026-54371 fix) warns that "setfattr --restore" without
> > > + # -P/--physical is unsafe because it can traverse symlinks. Older attr does
> > > + # not accept -P, so just filter the warning to stay version-agnostic.
> > > + $SETFATTR_PROG $@ 2>&1 | \
> > > + sed -e '/^Warning: option --restore=file is unsafe without option/d' | \
> > > + _filter_scratch
> > > }
> > > _create_test_bed()
> > > --
> > > 2.54.0
> > >
>
>
prev parent reply other threads:[~2026-07-17 17:11 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-06 6:11 [PATCH] generic/062: filter setfattr --restore symlink-safety warning Avinesh Kumar
2026-07-06 19:13 ` [PATCH v2] " Avinesh Kumar
2026-07-17 9:22 ` Zorro Lang
2026-07-17 12:04 ` Avinesh Kumar
2026-07-17 17:10 ` Zorro Lang [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alph7vbbkV3SRCtJ@zlang-mailbox \
--to=zlang@kernel.org \
--cc=avinesh.kumar@suse.com \
--cc=fstests@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.