• Filipe Manana's avatar
    Btrfs: make xattr replace operations atomic · 55e97f65
    Filipe Manana authored
    [ Upstream commit 02590fd8 ]
    
    commit 5f5bc6b1 upstream.
    
    Replacing a xattr consists of doing a lookup for its existing value, delete
    the current value from the respective leaf, release the search path and then
    finally insert the new value. This leaves a time window where readers (getxattr,
    listxattrs) won't see any value for the xattr. Xattrs are used to store ACLs,
    so this has security implications.
    
    This change also fixes 2 other existing issues which were:
    
    *) Deleting the old xattr value without verifying first if the new xattr will
       fit in the existing leaf item (in case multiple xattrs are packed in the
       same item due to name hash collision);
    
    *) Returning -EEXIST when the flag XATTR_CREATE is given and the xattr doesn't
       exist but we have have an existing item that packs muliple xattrs with
       the same name hash as the input xattr. In this case we should return ENOSPC.
    
    A test case for xfstests follows soon.
    
    Thanks to Alexandre Oliva for reporting the non-atomicity of the xattr replace
    implementation.
    Reported-by: default avatarAlexandre Oliva <oliva@gnu.org>
    Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
    Signed-off-by: default avatarChris Mason <clm@fb.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
    55e97f65
xattr.c 13.3 KB