If posix_acl_from_xattr() returns an error code, a negative address is dereferenced causing an oops; fix by checking for error code first. Signed-off-by: Daniel J Blueman <daniel.blueman@gmail.com> --- fs/btrfs/acl.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/acl.c b/fs/btrfs/acl.c index 5d505aa..cad6fbb 100644 --- a/fs/btrfs/acl.c +++ b/fs/btrfs/acl.c @@ -178,12 +178,13 @@ static int btrfs_xattr_acl_set(struct dentry *dentry, const char *name, if (value) { acl = posix_acl_from_xattr(value, size); + if (IS_ERR(acl) + return PTR_ERR(acl); + if (acl) { ret = posix_acl_valid(acl); if (ret) goto out; - } else if (IS_ERR(acl)) { - return PTR_ERR(acl); } } -- 1.7.4.1 -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 05/03/2011 12:44 PM, Daniel J Blueman wrote:> If posix_acl_from_xattr() returns an error code, a negative address is > dereferenced causing an oops; fix by checking for error code first. > > Signed-off-by: Daniel J Blueman<daniel.blueman@gmail.com> > --- > fs/btrfs/acl.c | 5 +++-- > 1 files changed, 3 insertions(+), 2 deletions(-) > > diff --git a/fs/btrfs/acl.c b/fs/btrfs/acl.c > index 5d505aa..cad6fbb 100644 > --- a/fs/btrfs/acl.c > +++ b/fs/btrfs/acl.c > @@ -178,12 +178,13 @@ static int btrfs_xattr_acl_set(struct dentry *dentry, const char *name, > > if (value) { > acl = posix_acl_from_xattr(value, size); > + if (IS_ERR(acl) > + return PTR_ERR(acl); > + > if (acl) { > ret = posix_acl_valid(acl); > if (ret) > goto out; > - } else if (IS_ERR(acl)) { > - return PTR_ERR(acl); > } > } >Reviewed-by: Josef Bacik <josef@redhat.com> Thanks, Josef -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
2011/5/3 Josef Bacik <josef@redhat.com>:> On 05/03/2011 12:44 PM, Daniel J Blueman wrote: >> >> If posix_acl_from_xattr() returns an error code, a negative address is >> dereferenced causing an oops; fix by checking for error code first. >> >> Signed-off-by: Daniel J Blueman<daniel.blueman@gmail.com> >> --- >> fs/btrfs/acl.c | 5 +++-- >> 1 files changed, 3 insertions(+), 2 deletions(-) >> >> diff --git a/fs/btrfs/acl.c b/fs/btrfs/acl.c >> index 5d505aa..cad6fbb 100644 >> --- a/fs/btrfs/acl.c >> +++ b/fs/btrfs/acl.c >> @@ -178,12 +178,13 @@ static int btrfs_xattr_acl_set(struct dentry >> *dentry, const char *name, >> >> if (value) { >> acl = posix_acl_from_xattr(value, size); >> + if (IS_ERR(acl)A small typo: The right parenthesis is missing. Christian -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html