[FIX] Long-standing xattr sharing bug

From: Andreas Gruenbacher
Date: Sat Feb 05 2005 - 13:10:09 EST

Next message: Marko Macek: "Re: Why is debugging under Linux such a pain"
Previous message: Grant Wilson: "Oops on 2.6.11-rc3-mm1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When looking for identical xattr blocks to share, we were not comparing
the name_index fields. This could lead to false sharing when two xattr
blocks ended up with identical attribute names and values, and the only
difference was in name_index. Specifically this could trigger with
default acls. Because acls are cached, the bug was hidden until the
next reload of the affected inode.

$ mkdir -m 700 a b
$ setfacl -m u:bin:rwx a
< acl of a goes in the mbcache

$ setfacl -dm u:bin:rwx b
< acl of b differs only in name_index, so a's acl is reused

$ getfacl b
< shows the result from the inode cache

< empty inode cache (remount, etc.)

$ getfacl b
< shows an access acl instead of a default acl.

Signed-off-by: Andreas Gruenbacher <agruen@xxxxxxx>

Index: linux-2.6.11-rc3/fs/ext2/xattr.c
===================================================================
--- linux-2.6.11-rc3.orig/fs/ext2/xattr.c
+++ linux-2.6.11-rc3/fs/ext2/xattr.c
@@ -881,6 +881,7 @@ ext2_xattr_cmp(struct ext2_xattr_header
if (IS_LAST_ENTRY(entry2))
return 1;
if (entry1->e_hash != entry2->e_hash ||
+ entry1->e_name_index != entry2->e_name_index ||
entry1->e_name_len != entry2->e_name_len ||
entry1->e_value_size != entry2->e_value_size ||
memcmp(entry1->e_name, entry2->e_name, entry1->e_name_len))
Index: linux-2.6.11-rc3/fs/ext3/xattr.c
===================================================================
--- linux-2.6.11-rc3.orig/fs/ext3/xattr.c
+++ linux-2.6.11-rc3/fs/ext3/xattr.c
@@ -1162,6 +1162,7 @@ ext3_xattr_cmp(struct ext3_xattr_header
if (IS_LAST_ENTRY(entry2))
return 1;
if (entry1->e_hash != entry2->e_hash ||
+ entry1->e_name_index != entry2->e_name_index ||
entry1->e_name_len != entry2->e_name_len ||
entry1->e_value_size != entry2->e_value_size ||
memcmp(entry1->e_name, entry2->e_name, entry1->e_name_len))

Regards,
--
Andreas Gruenbacher <agruen@xxxxxxx>
SUSE Labs, SUSE LINUX GMBH

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Marko Macek: "Re: Why is debugging under Linux such a pain"
Previous message: Grant Wilson: "Oops on 2.6.11-rc3-mm1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]