| Message ID | cover.1536327506.git.joseph.salisbury@canonical.com |
|---|---|
| Headers | show |
| Series | getxattr: use correct xattr length | expand |
On 21.09.2018 12:02, Joseph Salisbury wrote: > BugLink: https://bugs.launchpad.net/bugs/1789746 > > == SRU Justification == > When running in a container with a user namespace, if you call getxattr > with name = "system.posix_acl_access" and size % 8 != 4, then getxattr > silently skips the user namespace fixup that it normally does resulting in > un-fixed-up data being returned. > > This is caused by posix_acl_fix_xattr_to_user() being passed the total > buffer size and not the actual size of the xattr as returned by > vfs_getxattr(). > > This commit has already been applied to Cosmic master-next. > > == Fix == > 82c9a927bc5d ("getxattr: use correct xattr length") > > == Regression Potential == > Low. One liner that passes the actual length of the xattr as returned by > vfs_getxattr() down. > > == Test Case == > A test kernel was built with this patch and tested by the original bug reporter. > The bug reporter states the test kernel resolved the bug. > > > Christian Brauner (1): > getxattr: use correct xattr length > > fs/xattr.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > Applied to bionix/master-next. Thanks. -Stefan
BugLink: https://bugs.launchpad.net/bugs/1789746 == SRU Justification == When running in a container with a user namespace, if you call getxattr with name = "system.posix_acl_access" and size % 8 != 4, then getxattr silently skips the user namespace fixup that it normally does resulting in un-fixed-up data being returned. This is caused by posix_acl_fix_xattr_to_user() being passed the total buffer size and not the actual size of the xattr as returned by vfs_getxattr(). This commit has already been applied to Cosmic master-next. == Fix == 82c9a927bc5d ("getxattr: use correct xattr length") == Regression Potential == Low. One liner that passes the actual length of the xattr as returned by vfs_getxattr() down. == Test Case == A test kernel was built with this patch and tested by the original bug reporter. The bug reporter states the test kernel resolved the bug. Christian Brauner (1): getxattr: use correct xattr length fs/xattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)