Re: [PATCH] fs/xattr.c: fix simple_xattr_list()

Re: [PATCH] fs/xattr.c: fix simple_xattr_list()

[Paul Moore]

On Thu, Jun 5, 2025 at 5:40 PM Paul Moore <paul@paul-moore.com> wrote:
> On Thu, Jun 5, 2025 at 12:49 PM Stephen Smalley
> <stephen.smalley.work@gmail.com> wrote:
> >
> > commit 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always
> > include security.* xattrs") failed to reset err after the call to
> > security_inode_listsecurity(), which returns the length of the
> > returned xattr name. This results in simple_xattr_list() incorrectly
> > returning this length even if a POSIX acl is also set on the inode.
> >
> > Reported-by: Collin Funk <collin.funk1@gmail.com>
> > Closes: https://lore.kernel.org/selinux/8734ceal7q.fsf@gmail.com/
> > Reported-by: Paul Eggert <eggert@cs.ucla.edu>
> > Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2369561
> > Fixes: 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always include security.* xattrs")
> >
> > Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> > ---
> >  fs/xattr.c | 1 +
> >  1 file changed, 1 insertion(+)
>
> Reviewed-by: Paul Moore <paul@paul-moore.com>

Resending this as it appears that Stephen's original posting had a
typo in the VFS mailing list.  The original post can be found in the
SELinux archives:

https://lore.kernel.org/selinux/20250605164852.2016-1-stephen.smalley.work@gmail.com/

> > diff --git a/fs/xattr.c b/fs/xattr.c
> > index 8ec5b0204bfd..600ae97969cf 100644
> > --- a/fs/xattr.c
> > +++ b/fs/xattr.c
> > @@ -1479,6 +1479,7 @@ ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
> >                 buffer += err;
> >         }
> >         remaining_size -= err;
> > +       err = 0;
> >
> >         read_lock(&xattrs->lock);
> >         for (rbp = rb_first(&xattrs->rb_root); rbp; rbp = rb_next(rbp)) {
> > --
> > 2.49.0

-- 
paul-moore.com

Re: [PATCH] fs/xattr.c: fix simple_xattr_list()

[Collin Funk]

Paul Moore <paul@paul-moore.com> writes:

>> <stephen.smalley.work@gmail.com> wrote:
>> >
>> > commit 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always
>> > include security.* xattrs") failed to reset err after the call to
>> > security_inode_listsecurity(), which returns the length of the
>> > returned xattr name. This results in simple_xattr_list() incorrectly
>> > returning this length even if a POSIX acl is also set on the inode.
>> >
>> > Reported-by: Collin Funk <collin.funk1@gmail.com>
>> > Closes: https://lore.kernel.org/selinux/8734ceal7q.fsf@gmail.com/
>> > Reported-by: Paul Eggert <eggert@cs.ucla.edu>
>> > Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2369561
>> > Fixes: 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always include security.* xattrs")
>> >
>> > Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
>> > ---
>> >  fs/xattr.c | 1 +
>> >  1 file changed, 1 insertion(+)
>>
>> Reviewed-by: Paul Moore <paul@paul-moore.com>
>
> Resending this as it appears that Stephen's original posting had a
> typo in the VFS mailing list.  The original post can be found in the
> SELinux archives:
>
> https://lore.kernel.org/selinux/20250605164852.2016-1-stephen.smalley.work@gmail.com/

Hi, responding to this message since it has the correct lists.

I just booted into a kernel with this patch applied and confirm that it
fixes the Gnulib tests that were failing.

Reviewed-by: Collin Funk <collin.funk1@gmail.com>
Tested-by: Collin Funk <collin.funk1@gmail.com>

Thanks for the fix.

Collin

Re: [PATCH] fs/xattr.c: fix simple_xattr_list()

[Paul Moore]

On Fri, Jun 6, 2025 at 1:39 AM Collin Funk <collin.funk1@gmail.com> wrote:
> Paul Moore <paul@paul-moore.com> writes:
> >> <stephen.smalley.work@gmail.com> wrote:
> >> >
> >> > commit 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always
> >> > include security.* xattrs") failed to reset err after the call to
> >> > security_inode_listsecurity(), which returns the length of the
> >> > returned xattr name. This results in simple_xattr_list() incorrectly
> >> > returning this length even if a POSIX acl is also set on the inode.
> >> >
> >> > Reported-by: Collin Funk <collin.funk1@gmail.com>
> >> > Closes: https://lore.kernel.org/selinux/8734ceal7q.fsf@gmail.com/
> >> > Reported-by: Paul Eggert <eggert@cs.ucla.edu>
> >> > Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2369561
> >> > Fixes: 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always include security.* xattrs")
> >> >
> >> > Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> >> > ---
> >> >  fs/xattr.c | 1 +
> >> >  1 file changed, 1 insertion(+)
> >>
> >> Reviewed-by: Paul Moore <paul@paul-moore.com>
> >
> > Resending this as it appears that Stephen's original posting had a
> > typo in the VFS mailing list.  The original post can be found in the
> > SELinux archives:
> >
> > https://lore.kernel.org/selinux/20250605164852.2016-1-stephen.smalley.work@gmail.com/
>
> Hi, responding to this message since it has the correct lists.
>
> I just booted into a kernel with this patch applied and confirm that it
> fixes the Gnulib tests that were failing.
>
> Reviewed-by: Collin Funk <collin.funk1@gmail.com>
> Tested-by: Collin Funk <collin.funk1@gmail.com>
>
> Thanks for the fix.

Al, Christian, are either of you going to pick up this fix to send to
Linus?  If not, any objection if I send this up?

-- 
paul-moore.com

Re: [PATCH] fs/xattr.c: fix simple_xattr_list()

[Christian Brauner]

On Tue, Jun 10, 2025 at 07:50:10PM -0400, Paul Moore wrote:
> On Fri, Jun 6, 2025 at 1:39 AM Collin Funk <collin.funk1@gmail.com> wrote:
> > Paul Moore <paul@paul-moore.com> writes:
> > >> <stephen.smalley.work@gmail.com> wrote:
> > >> >
> > >> > commit 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always
> > >> > include security.* xattrs") failed to reset err after the call to
> > >> > security_inode_listsecurity(), which returns the length of the
> > >> > returned xattr name. This results in simple_xattr_list() incorrectly
> > >> > returning this length even if a POSIX acl is also set on the inode.
> > >> >
> > >> > Reported-by: Collin Funk <collin.funk1@gmail.com>
> > >> > Closes: https://lore.kernel.org/selinux/8734ceal7q.fsf@gmail.com/
> > >> > Reported-by: Paul Eggert <eggert@cs.ucla.edu>
> > >> > Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2369561
> > >> > Fixes: 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always include security.* xattrs")
> > >> >
> > >> > Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> > >> > ---
> > >> >  fs/xattr.c | 1 +
> > >> >  1 file changed, 1 insertion(+)
> > >>
> > >> Reviewed-by: Paul Moore <paul@paul-moore.com>
> > >
> > > Resending this as it appears that Stephen's original posting had a
> > > typo in the VFS mailing list.  The original post can be found in the
> > > SELinux archives:
> > >
> > > https://lore.kernel.org/selinux/20250605164852.2016-1-stephen.smalley.work@gmail.com/
> >
> > Hi, responding to this message since it has the correct lists.
> >
> > I just booted into a kernel with this patch applied and confirm that it
> > fixes the Gnulib tests that were failing.
> >
> > Reviewed-by: Collin Funk <collin.funk1@gmail.com>
> > Tested-by: Collin Funk <collin.funk1@gmail.com>
> >
> > Thanks for the fix.
> 
> Al, Christian, are either of you going to pick up this fix to send to
> Linus?  If not, any objection if I send this up?

It's been in vfs.fixes for some time already and it'll go out with the
first round of post -rc1 fixes this week.

Re: [PATCH] fs/xattr.c: fix simple_xattr_list()

[Paul Moore]

On Wed, Jun 11, 2025 at 6:05 AM Christian Brauner <brauner@kernel.org> wrote:
>
> On Tue, Jun 10, 2025 at 07:50:10PM -0400, Paul Moore wrote:
> > On Fri, Jun 6, 2025 at 1:39 AM Collin Funk <collin.funk1@gmail.com> wrote:
> > > Paul Moore <paul@paul-moore.com> writes:
> > > >> <stephen.smalley.work@gmail.com> wrote:
> > > >> >
> > > >> > commit 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always
> > > >> > include security.* xattrs") failed to reset err after the call to
> > > >> > security_inode_listsecurity(), which returns the length of the
> > > >> > returned xattr name. This results in simple_xattr_list() incorrectly
> > > >> > returning this length even if a POSIX acl is also set on the inode.
> > > >> >
> > > >> > Reported-by: Collin Funk <collin.funk1@gmail.com>
> > > >> > Closes: https://lore.kernel.org/selinux/8734ceal7q.fsf@gmail.com/
> > > >> > Reported-by: Paul Eggert <eggert@cs.ucla.edu>
> > > >> > Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2369561
> > > >> > Fixes: 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always include security.* xattrs")
> > > >> >
> > > >> > Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> > > >> > ---
> > > >> >  fs/xattr.c | 1 +
> > > >> >  1 file changed, 1 insertion(+)
> > > >>
> > > >> Reviewed-by: Paul Moore <paul@paul-moore.com>
> > > >
> > > > Resending this as it appears that Stephen's original posting had a
> > > > typo in the VFS mailing list.  The original post can be found in the
> > > > SELinux archives:
> > > >
> > > > https://lore.kernel.org/selinux/20250605164852.2016-1-stephen.smalley.work@gmail.com/
> > >
> > > Hi, responding to this message since it has the correct lists.
> > >
> > > I just booted into a kernel with this patch applied and confirm that it
> > > fixes the Gnulib tests that were failing.
> > >
> > > Reviewed-by: Collin Funk <collin.funk1@gmail.com>
> > > Tested-by: Collin Funk <collin.funk1@gmail.com>
> > >
> > > Thanks for the fix.
> >
> > Al, Christian, are either of you going to pick up this fix to send to
> > Linus?  If not, any objection if I send this up?
>
> It's been in vfs.fixes for some time already and it'll go out with the
> first round of post -rc1 fixes this week.

Great, thanks.  I didn't see any replies on-list indicating that the
patch had been picked up, so I just wanted to make sure someone was
sending this up to Linus.

-- 
paul-moore.com

Re: [PATCH] fs/xattr.c: fix simple_xattr_list()

[Christian Brauner]

On Wed, Jun 11, 2025 at 11:45:03AM -0400, Paul Moore wrote:
> On Wed, Jun 11, 2025 at 6:05 AM Christian Brauner <brauner@kernel.org> wrote:
> >
> > On Tue, Jun 10, 2025 at 07:50:10PM -0400, Paul Moore wrote:
> > > On Fri, Jun 6, 2025 at 1:39 AM Collin Funk <collin.funk1@gmail.com> wrote:
> > > > Paul Moore <paul@paul-moore.com> writes:
> > > > >> <stephen.smalley.work@gmail.com> wrote:
> > > > >> >
> > > > >> > commit 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always
> > > > >> > include security.* xattrs") failed to reset err after the call to
> > > > >> > security_inode_listsecurity(), which returns the length of the
> > > > >> > returned xattr name. This results in simple_xattr_list() incorrectly
> > > > >> > returning this length even if a POSIX acl is also set on the inode.
> > > > >> >
> > > > >> > Reported-by: Collin Funk <collin.funk1@gmail.com>
> > > > >> > Closes: https://lore.kernel.org/selinux/8734ceal7q.fsf@gmail.com/
> > > > >> > Reported-by: Paul Eggert <eggert@cs.ucla.edu>
> > > > >> > Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2369561
> > > > >> > Fixes: 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always include security.* xattrs")
> > > > >> >
> > > > >> > Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> > > > >> > ---
> > > > >> >  fs/xattr.c | 1 +
> > > > >> >  1 file changed, 1 insertion(+)
> > > > >>
> > > > >> Reviewed-by: Paul Moore <paul@paul-moore.com>
> > > > >
> > > > > Resending this as it appears that Stephen's original posting had a
> > > > > typo in the VFS mailing list.  The original post can be found in the
> > > > > SELinux archives:
> > > > >
> > > > > https://lore.kernel.org/selinux/20250605164852.2016-1-stephen.smalley.work@gmail.com/
> > > >
> > > > Hi, responding to this message since it has the correct lists.
> > > >
> > > > I just booted into a kernel with this patch applied and confirm that it
> > > > fixes the Gnulib tests that were failing.
> > > >
> > > > Reviewed-by: Collin Funk <collin.funk1@gmail.com>
> > > > Tested-by: Collin Funk <collin.funk1@gmail.com>
> > > >
> > > > Thanks for the fix.
> > >
> > > Al, Christian, are either of you going to pick up this fix to send to
> > > Linus?  If not, any objection if I send this up?
> >
> > It's been in vfs.fixes for some time already and it'll go out with the
> > first round of post -rc1 fixes this week.
> 
> Great, thanks.  I didn't see any replies on-list indicating that the
> patch had been picked up, so I just wanted to make sure someone was

Hm, odd. I did send a b4 ty I'm pretty sure.

Re: [PATCH] fs/xattr.c: fix simple_xattr_list()

[Stephen Smalley]

On Thu, Jun 12, 2025 at 8:21 AM Christian Brauner <brauner@kernel.org> wrote:
>
> On Wed, Jun 11, 2025 at 11:45:03AM -0400, Paul Moore wrote:
> > On Wed, Jun 11, 2025 at 6:05 AM Christian Brauner <brauner@kernel.org> wrote:
> > >
> > > On Tue, Jun 10, 2025 at 07:50:10PM -0400, Paul Moore wrote:
> > > > On Fri, Jun 6, 2025 at 1:39 AM Collin Funk <collin.funk1@gmail.com> wrote:
> > > > > Paul Moore <paul@paul-moore.com> writes:
> > > > > >> <stephen.smalley.work@gmail.com> wrote:
> > > > > >> >
> > > > > >> > commit 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always
> > > > > >> > include security.* xattrs") failed to reset err after the call to
> > > > > >> > security_inode_listsecurity(), which returns the length of the
> > > > > >> > returned xattr name. This results in simple_xattr_list() incorrectly
> > > > > >> > returning this length even if a POSIX acl is also set on the inode.
> > > > > >> >
> > > > > >> > Reported-by: Collin Funk <collin.funk1@gmail.com>
> > > > > >> > Closes: https://lore.kernel.org/selinux/8734ceal7q.fsf@gmail.com/
> > > > > >> > Reported-by: Paul Eggert <eggert@cs.ucla.edu>
> > > > > >> > Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2369561
> > > > > >> > Fixes: 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always include security.* xattrs")
> > > > > >> >
> > > > > >> > Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> > > > > >> > ---
> > > > > >> >  fs/xattr.c | 1 +
> > > > > >> >  1 file changed, 1 insertion(+)
> > > > > >>
> > > > > >> Reviewed-by: Paul Moore <paul@paul-moore.com>
> > > > > >
> > > > > > Resending this as it appears that Stephen's original posting had a
> > > > > > typo in the VFS mailing list.  The original post can be found in the
> > > > > > SELinux archives:
> > > > > >
> > > > > > https://lore.kernel.org/selinux/20250605164852.2016-1-stephen.smalley.work@gmail.com/
> > > > >
> > > > > Hi, responding to this message since it has the correct lists.
> > > > >
> > > > > I just booted into a kernel with this patch applied and confirm that it
> > > > > fixes the Gnulib tests that were failing.
> > > > >
> > > > > Reviewed-by: Collin Funk <collin.funk1@gmail.com>
> > > > > Tested-by: Collin Funk <collin.funk1@gmail.com>
> > > > >
> > > > > Thanks for the fix.
> > > >
> > > > Al, Christian, are either of you going to pick up this fix to send to
> > > > Linus?  If not, any objection if I send this up?
> > >
> > > It's been in vfs.fixes for some time already and it'll go out with the
> > > first round of post -rc1 fixes this week.
> >
> > Great, thanks.  I didn't see any replies on-list indicating that the
> > patch had been picked up, so I just wanted to make sure someone was
>
> Hm, odd. I did send a b4 ty I'm pretty sure.

I didn't receive any reply fwiw. But no worries - thanks for applying it!

Re: [PATCH] fs/xattr.c: fix simple_xattr_list()

[Paul Moore]

On Wed, Jun 11, 2025 at 6:05 AM Christian Brauner <brauner@kernel.org> wrote:
> On Tue, Jun 10, 2025 at 07:50:10PM -0400, Paul Moore wrote:
> > On Fri, Jun 6, 2025 at 1:39 AM Collin Funk <collin.funk1@gmail.com> wrote:
> > > Paul Moore <paul@paul-moore.com> writes:
> > > >> <stephen.smalley.work@gmail.com> wrote:
> > > >> >
> > > >> > commit 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always
> > > >> > include security.* xattrs") failed to reset err after the call to
> > > >> > security_inode_listsecurity(), which returns the length of the
> > > >> > returned xattr name. This results in simple_xattr_list() incorrectly
> > > >> > returning this length even if a POSIX acl is also set on the inode.
> > > >> >
> > > >> > Reported-by: Collin Funk <collin.funk1@gmail.com>
> > > >> > Closes: https://lore.kernel.org/selinux/8734ceal7q.fsf@gmail.com/
> > > >> > Reported-by: Paul Eggert <eggert@cs.ucla.edu>
> > > >> > Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2369561
> > > >> > Fixes: 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always include security.* xattrs")
> > > >> >
> > > >> > Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> > > >> > ---
> > > >> >  fs/xattr.c | 1 +
> > > >> >  1 file changed, 1 insertion(+)
> > > >>
> > > >> Reviewed-by: Paul Moore <paul@paul-moore.com>
> > > >
> > > > Resending this as it appears that Stephen's original posting had a
> > > > typo in the VFS mailing list.  The original post can be found in the
> > > > SELinux archives:
> > > >
> > > > https://lore.kernel.org/selinux/20250605164852.2016-1-stephen.smalley.work@gmail.com/
> > >
> > > Hi, responding to this message since it has the correct lists.
> > >
> > > I just booted into a kernel with this patch applied and confirm that it
> > > fixes the Gnulib tests that were failing.
> > >
> > > Reviewed-by: Collin Funk <collin.funk1@gmail.com>
> > > Tested-by: Collin Funk <collin.funk1@gmail.com>
> > >
> > > Thanks for the fix.
> >
> > Al, Christian, are either of you going to pick up this fix to send to
> > Linus?  If not, any objection if I send this up?
>
> It's been in vfs.fixes for some time already and it'll go out with the
> first round of post -rc1 fixes this week.

Checking on the status of this patch as we are at -rc2 and I don't see
it in Linus' tree?

-- 
paul-moore.com

Re: [PATCH] fs/xattr.c: fix simple_xattr_list()

[Christian Brauner]

On Mon, Jun 16, 2025 at 10:03:52AM -0400, Paul Moore wrote:
> On Wed, Jun 11, 2025 at 6:05 AM Christian Brauner <brauner@kernel.org> wrote:
> > On Tue, Jun 10, 2025 at 07:50:10PM -0400, Paul Moore wrote:
> > > On Fri, Jun 6, 2025 at 1:39 AM Collin Funk <collin.funk1@gmail.com> wrote:
> > > > Paul Moore <paul@paul-moore.com> writes:
> > > > >> <stephen.smalley.work@gmail.com> wrote:
> > > > >> >
> > > > >> > commit 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always
> > > > >> > include security.* xattrs") failed to reset err after the call to
> > > > >> > security_inode_listsecurity(), which returns the length of the
> > > > >> > returned xattr name. This results in simple_xattr_list() incorrectly
> > > > >> > returning this length even if a POSIX acl is also set on the inode.
> > > > >> >
> > > > >> > Reported-by: Collin Funk <collin.funk1@gmail.com>
> > > > >> > Closes: https://lore.kernel.org/selinux/8734ceal7q.fsf@gmail.com/
> > > > >> > Reported-by: Paul Eggert <eggert@cs.ucla.edu>
> > > > >> > Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2369561
> > > > >> > Fixes: 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always include security.* xattrs")
> > > > >> >
> > > > >> > Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> > > > >> > ---
> > > > >> >  fs/xattr.c | 1 +
> > > > >> >  1 file changed, 1 insertion(+)
> > > > >>
> > > > >> Reviewed-by: Paul Moore <paul@paul-moore.com>
> > > > >
> > > > > Resending this as it appears that Stephen's original posting had a
> > > > > typo in the VFS mailing list.  The original post can be found in the
> > > > > SELinux archives:
> > > > >
> > > > > https://lore.kernel.org/selinux/20250605164852.2016-1-stephen.smalley.work@gmail.com/
> > > >
> > > > Hi, responding to this message since it has the correct lists.
> > > >
> > > > I just booted into a kernel with this patch applied and confirm that it
> > > > fixes the Gnulib tests that were failing.
> > > >
> > > > Reviewed-by: Collin Funk <collin.funk1@gmail.com>
> > > > Tested-by: Collin Funk <collin.funk1@gmail.com>
> > > >
> > > > Thanks for the fix.
> > >
> > > Al, Christian, are either of you going to pick up this fix to send to
> > > Linus?  If not, any objection if I send this up?
> >
> > It's been in vfs.fixes for some time already and it'll go out with the
> > first round of post -rc1 fixes this week.
> 
> Checking on the status of this patch as we are at -rc2 and I don't see
> it in Linus' tree?

Sent this morning with some other fixes.

Re: [PATCH] fs/xattr.c: fix simple_xattr_list()

[Collin Funk]

Christian Brauner <brauner@kernel.org> writes:

>> Checking on the status of this patch as we are at -rc2 and I don't see
>> it in Linus' tree?
>
> Sent this morning with some other fixes.

I see it merged now [1].

Thanks for the help all.

Collin

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fe78e02600f83d81e55f6fc352d82c4f264a2901

[PATCH] fs/xattr.c: fix simple_xattr_list()

[Stephen Smalley]

commit 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always
include security.* xattrs") failed to reset err after the call to
security_inode_listsecurity(), which returns the length of the
returned xattr name. This results in simple_xattr_list() incorrectly
returning this length even if a POSIX acl is also set on the inode.

Reported-by: Collin Funk <collin.funk1@gmail.com>
Closes: https://lore.kernel.org/selinux/8734ceal7q.fsf@gmail.com/
Reported-by: Paul Eggert <eggert@cs.ucla.edu>
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2369561
Fixes: 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always include security.* xattrs")

Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
---
 fs/xattr.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/xattr.c b/fs/xattr.c
index 8ec5b0204bfd..600ae97969cf 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -1479,6 +1479,7 @@ ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
 		buffer += err;
 	}
 	remaining_size -= err;
+	err = 0;
 
 	read_lock(&xattrs->lock);
 	for (rbp = rb_first(&xattrs->rb_root); rbp; rbp = rb_next(rbp)) {
-- 
2.49.0

Re: [PATCH] fs/xattr.c: fix simple_xattr_list()

[Collin Funk]

Stephen Smalley <stephen.smalley.work@gmail.com> writes:

> commit 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always
> include security.* xattrs") failed to reset err after the call to
> security_inode_listsecurity(), which returns the length of the
> returned xattr name. This results in simple_xattr_list() incorrectly
> returning this length even if a POSIX acl is also set on the inode.
>
> Reported-by: Collin Funk <collin.funk1@gmail.com>
> Closes: https://lore.kernel.org/selinux/8734ceal7q.fsf@gmail.com/
> Reported-by: Paul Eggert <eggert@cs.ucla.edu>
> Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2369561
> Fixes: 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always include security.* xattrs")
>
> Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> ---
>  fs/xattr.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/fs/xattr.c b/fs/xattr.c
> index 8ec5b0204bfd..600ae97969cf 100644
> --- a/fs/xattr.c
> +++ b/fs/xattr.c
> @@ -1479,6 +1479,7 @@ ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
>  		buffer += err;
>  	}
>  	remaining_size -= err;
> +	err = 0;
>  
>  	read_lock(&xattrs->lock);
>  	for (rbp = rb_first(&xattrs->rb_root); rbp; rbp = rb_next(rbp)) {

Thanks for looking into it and the quick patch.

I'll see if I can test it later today.

Collin