git.baikalelectronics.ru Git - kernel.git/commit

author	Filipe Manana <fdmanana@suse.com>
	Sun, 9 Nov 2014 08:38:39 +0000 (08:38 +0000)
committer	Chris Mason <clm@fb.com>
	Fri, 21 Nov 2014 01:20:07 +0000 (17:20 -0800)
commit	de9e96e77b93a135a04230bd05614030fbc64b96
tree	d17afbf1a528b003f34d43cf557d2da62a7a6b1b	tree \| snapshot
parent	481deb7bcdf1791a8cb0f0510aae8dcc30563430	commit \| diff

Btrfs: make xattr replace operations atomic

Replacing a xattr consists of doing a lookup for its existing value, delete
the current value from the respective leaf, release the search path and then
finally insert the new value. This leaves a time window where readers (getxattr,
listxattrs) won't see any value for the xattr. Xattrs are used to store ACLs,
so this has security implications.

This change also fixes 2 other existing issues which were:

*) Deleting the old xattr value without verifying first if the new xattr will
   fit in the existing leaf item (in case multiple xattrs are packed in the
   same item due to name hash collision);

*) Returning -EEXIST when the flag XATTR_CREATE is given and the xattr doesn't
   exist but we have have an existing item that packs muliple xattrs with
   the same name hash as the input xattr. In this case we should return ENOSPC.

A test case for xfstests follows soon.

Thanks to Alexandre Oliva for reporting the non-atomicity of the xattr replace
implementation.

Reported-by: Alexandre Oliva <oliva@gnu.org>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Chris Mason <clm@fb.com>

fs/btrfs/ctree.c		diff \| blob \| history
fs/btrfs/ctree.h		diff \| blob \| history
fs/btrfs/dir-item.c		diff \| blob \| history
fs/btrfs/xattr.c		diff \| blob \| history