xfs: prevent bogus assert when trying to remove non-existent attribute
If the attribute fork on an inode is in btree format and has multiple levels (i.e node format rather than leaf format), then a lookup failure will trigger an assert failure in xfs_da_path_shift if the flag XFS_DA_OP_OKNOENT is not set. This flag is used to indicate to the directory btree code that not finding an entry is not a fatal error. In the case of doing a lookup for a directory name removal, this is valid as a user cannot insert an arbitrary name to remove from the directory btree. However, in the case of the attribute tree, a user has direct control over the attribute name and can ask for any random name to be removed without any validation. In this case, fsstress is asking for a non-existent user.selinux attribute to be removed, and that is causing xfs_da_path_shift() to fall off the bottom of the tree where it asserts that a lookup failure is allowed. Because the flag is not set, we die a horrible death on a debug enable kernel. Prevent this assert from firing on attribute removes by adding the op_flag XFS_DA_OP_OKNOENT to atribute removal operations. Discovered when testing on a SELinux enabled system by fsstress in test 070 by trying to remove a non-existent user.selinux attribute. Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Alex Elder <aelder@sgi.com>
This commit is contained in:
Родитель
df4368a146
Коммит
4a33821236
|
@ -489,6 +489,13 @@ xfs_attr_remove_int(xfs_inode_t *dp, struct xfs_name *name, int flags)
|
|||
args.total = 0;
|
||||
args.whichfork = XFS_ATTR_FORK;
|
||||
|
||||
/*
|
||||
* we have no control over the attribute names that userspace passes us
|
||||
* to remove, so we have to allow the name lookup prior to attribute
|
||||
* removal to fail.
|
||||
*/
|
||||
args.op_flags = XFS_DA_OP_OKNOENT;
|
||||
|
||||
/*
|
||||
* Attach the dquots to the inode.
|
||||
*/
|
||||
|
|
Загрузка…
Ссылка в новой задаче