From: Edward Adam Davis <eadavis@qq.com>
To: syzbot+4125590f2a9f5b3cdf43@syzkaller.appspotmail.com
Cc: amir73il@gmail.com, linux-kernel@vger.kernel.org,
linux-unionfs@vger.kernel.org, miklos@szeredi.hu,
stephen.smalley.work@gmail.com, syzkaller-bugs@googlegroups.com
Subject: [PATCH] fs/xattr: reset err to 0 after get security.* xattrs
Date: Thu, 12 Jun 2025 23:01:30 +0800 [thread overview]
Message-ID: <tencent_AB76B566A43C5B37A4961637CC4ABC745909@qq.com> (raw)
In-Reply-To: <6828591c.a00a0220.398d88.0248.GAE@google.com>
After successfully getting "security.SMACK64", err is not reset to 0, which
causes simple_xattr_list() to return 17, which is much smaller than the
actual buffer size..
After updating err to remaining_size, reset err to 0 to avoid returning an
inappropriate buffer size.
Fixes: 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always include security.* xattrs")
Reported-by: syzbot+4125590f2a9f5b3cdf43@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=4125590f2a9f5b3cdf43
Tested-by: syzbot+4125590f2a9f5b3cdf43@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
---
fs/xattr.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/xattr.c b/fs/xattr.c
index 8ec5b0204bfd..600ae97969cf 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -1479,6 +1479,7 @@ ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
buffer += err;
}
remaining_size -= err;
+ err = 0;
read_lock(&xattrs->lock);
for (rbp = rb_first(&xattrs->rb_root); rbp; rbp = rb_next(rbp)) {
--
2.43.0
next prev parent reply other threads:[~2025-06-12 15:10 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-17 9:38 [syzbot] [overlayfs?] WARNING in ovl_listxattr syzbot
2025-06-12 15:01 ` Edward Adam Davis [this message]
2025-06-12 15:09 ` [PATCH] fs/xattr: reset err to 0 after get security.* xattrs Stephen Smalley
2025-07-17 7:47 ` [syzbot] [overlayfs?] WARNING in ovl_listxattr syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tencent_AB76B566A43C5B37A4961637CC4ABC745909@qq.com \
--to=eadavis@qq.com \
--cc=amir73il@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=stephen.smalley.work@gmail.com \
--cc=syzbot+4125590f2a9f5b3cdf43@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).