[PATCH] fs/xattr: reset err to 0 after get security.* xattrs

From: Edward Adam Davis
Date: Thu Jun 12 2025 - 11:11:42 EST

Next message: Vladimir Oltean: "Re: [PATCH net-next v10] net: ti: icssg-prueth: add TAPRIO offload support"
Previous message: VladTop46: "[REGRESSION] USB HID initialization delay (~8s) for Semitek keyboard on kernel 6.15.*"
Next in thread: Stephen Smalley: "Re: [PATCH] fs/xattr: reset err to 0 after get security.* xattrs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

After successfully getting "security.SMACK64", err is not reset to 0, which
causes simple_xattr_list() to return 17, which is much smaller than the
actual buffer size..

After updating err to remaining_size, reset err to 0 to avoid returning an
inappropriate buffer size.

Fixes: 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always include security.* xattrs")
Reported-by: syzbot+4125590f2a9f5b3cdf43@xxxxxxxxxxxxxxxxxxxxxxxxx
Closes: https://syzkaller.appspot.com/bug?extid=4125590f2a9f5b3cdf43
Tested-by: syzbot+4125590f2a9f5b3cdf43@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Edward Adam Davis <eadavis@xxxxxx>
---
fs/xattr.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/fs/xattr.c b/fs/xattr.c
index 8ec5b0204bfd..600ae97969cf 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -1479,6 +1479,7 @@ ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
buffer += err;
}
remaining_size -= err;
+ err = 0;

read_lock(&xattrs->lock);
for (rbp = rb_first(&xattrs->rb_root); rbp; rbp = rb_next(rbp)) {
--
2.43.0

Next message: Vladimir Oltean: "Re: [PATCH net-next v10] net: ti: icssg-prueth: add TAPRIO offload support"
Previous message: VladTop46: "[REGRESSION] USB HID initialization delay (~8s) for Semitek keyboard on kernel 6.15.*"
Next in thread: Stephen Smalley: "Re: [PATCH] fs/xattr: reset err to 0 after get security.* xattrs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]