diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2025-10-03 13:59:56 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2025-10-03 13:59:56 -0700 |
| commit | f2327dc8513d0928a64b75656a6efe12b5c7c00a (patch) | |
| tree | fe6b63003699536762f914bee8ec7020dc8f6f17 /fs | |
| parent | a9b38767c607e0de219b66a2b1ba0cb37beaba08 (diff) | |
| parent | 11f6bce77e27e82015a0d044e6c1eec8b139831a (diff) | |
Merge tag 'for-linus-6.18-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux
Pull orangefs updates from Mike Marshall:
"Two cleanups and a bug fix:
- Remove unused type in macro fill_default_sys_attrs (Zhen Ni)
- Replace kzalloc + copy_from_user with memdup_user_nul (Thorsten Blum)
- Fix xattr related buffer overflow...
A message was forwarded to me from Disclosure <disclosure@aisle.com>
indicating a problem with a loop condition in our xattr code. When
I fixed the problem it exposed a related memory leak problem, and I
fixed that too"
* tag 'for-linus-6.18-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux:
fs/orangefs: Replace kzalloc + copy_from_user with memdup_user_nul
orangefs: fix xattr related buffer overflow...
orangefs: Remove unused type in macro fill_default_sys_attrs
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/orangefs/namei.c | 10 | ||||
| -rw-r--r-- | fs/orangefs/orangefs-debugfs.c | 11 | ||||
| -rw-r--r-- | fs/orangefs/orangefs-kernel.h | 2 | ||||
| -rw-r--r-- | fs/orangefs/xattr.c | 12 |
4 files changed, 16 insertions, 19 deletions
diff --git a/fs/orangefs/namei.c b/fs/orangefs/namei.c index 82395fe2b956..bec5475de094 100644 --- a/fs/orangefs/namei.c +++ b/fs/orangefs/namei.c @@ -38,8 +38,7 @@ static int orangefs_create(struct mnt_idmap *idmap, new_op->upcall.req.create.parent_refn = parent->refn; - fill_default_sys_attrs(new_op->upcall.req.create.attributes, - ORANGEFS_TYPE_METAFILE, mode); + fill_default_sys_attrs(new_op->upcall.req.create.attributes, mode); strscpy(new_op->upcall.req.create.d_name, dentry->d_name.name); @@ -240,9 +239,7 @@ static int orangefs_symlink(struct mnt_idmap *idmap, new_op->upcall.req.sym.parent_refn = parent->refn; - fill_default_sys_attrs(new_op->upcall.req.sym.attributes, - ORANGEFS_TYPE_SYMLINK, - mode); + fill_default_sys_attrs(new_op->upcall.req.sym.attributes, mode); strscpy(new_op->upcall.req.sym.entry_name, dentry->d_name.name); strscpy(new_op->upcall.req.sym.target, symname); @@ -316,8 +313,7 @@ static struct dentry *orangefs_mkdir(struct mnt_idmap *idmap, struct inode *dir, new_op->upcall.req.mkdir.parent_refn = parent->refn; - fill_default_sys_attrs(new_op->upcall.req.mkdir.attributes, - ORANGEFS_TYPE_DIRECTORY, mode); + fill_default_sys_attrs(new_op->upcall.req.mkdir.attributes, mode); strscpy(new_op->upcall.req.mkdir.d_name, dentry->d_name.name); diff --git a/fs/orangefs/orangefs-debugfs.c b/fs/orangefs/orangefs-debugfs.c index 1c375fb65018..79267b3419f2 100644 --- a/fs/orangefs/orangefs-debugfs.c +++ b/fs/orangefs/orangefs-debugfs.c @@ -440,14 +440,13 @@ static ssize_t orangefs_debug_write(struct file *file, count = ORANGEFS_MAX_DEBUG_STRING_LEN; } - buf = kzalloc(ORANGEFS_MAX_DEBUG_STRING_LEN, GFP_KERNEL); - if (!buf) - goto out; - - if (copy_from_user(buf, ubuf, count - 1)) { + buf = memdup_user_nul(ubuf, count - 1); + if (IS_ERR(buf)) { gossip_debug(GOSSIP_DEBUGFS_DEBUG, - "%s: copy_from_user failed!\n", + "%s: memdup_user_nul failed!\n", __func__); + rc = PTR_ERR(buf); + buf = NULL; goto out; } diff --git a/fs/orangefs/orangefs-kernel.h b/fs/orangefs/orangefs-kernel.h index 3e153c2f6b82..29c6da43e396 100644 --- a/fs/orangefs/orangefs-kernel.h +++ b/fs/orangefs/orangefs-kernel.h @@ -462,7 +462,7 @@ int service_operation(struct orangefs_kernel_op_s *op, ((ORANGEFS_SB(inode->i_sb)->flags & ORANGEFS_OPT_INTR) ? \ ORANGEFS_OP_INTERRUPTIBLE : 0) -#define fill_default_sys_attrs(sys_attr, type, mode) \ +#define fill_default_sys_attrs(sys_attr, mode) \ do { \ sys_attr.owner = from_kuid(&init_user_ns, current_fsuid()); \ sys_attr.group = from_kgid(&init_user_ns, current_fsgid()); \ diff --git a/fs/orangefs/xattr.c b/fs/orangefs/xattr.c index 74ef75586f38..eee3c5ed1bbb 100644 --- a/fs/orangefs/xattr.c +++ b/fs/orangefs/xattr.c @@ -54,7 +54,9 @@ static inline int convert_to_internal_xattr_flags(int setxattr_flags) static unsigned int xattr_key(const char *key) { unsigned int i = 0; - while (key) + if (!key) + return 0; + while (*key) i += *key++; return i % 16; } @@ -175,8 +177,8 @@ ssize_t orangefs_inode_getxattr(struct inode *inode, const char *name, cx->length = -1; cx->timeout = jiffies + orangefs_getattr_timeout_msecs*HZ/1000; - hash_add(orangefs_inode->xattr_cache, &cx->node, - xattr_key(cx->key)); + hlist_add_head( &cx->node, + &orangefs_inode->xattr_cache[xattr_key(cx->key)]); } } goto out_release_op; @@ -229,8 +231,8 @@ ssize_t orangefs_inode_getxattr(struct inode *inode, const char *name, memcpy(cx->val, buffer, length); cx->length = length; cx->timeout = jiffies + HZ; - hash_add(orangefs_inode->xattr_cache, &cx->node, - xattr_key(cx->key)); + hlist_add_head(&cx->node, + &orangefs_inode->xattr_cache[xattr_key(cx->key)]); } } |