)]}' { "commit": "82c9a927bc5df6e06b72d206d24a9d10cced4eb5", "tree": "0a2faaeebc857d6b5db8d03ea813f6c9bf46657f", "parents": [ "42a0cc3478584d4d63f68f2f5af021ddbea771fa" ], "author": { "name": "Christian Brauner", "email": "christian@brauner.io", "time": "Thu Jun 07 13:43:48 2018 +0200" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu Aug 23 20:42:57 2018 +0200" }, "message": "getxattr: use correct xattr length\n\nWhen running in a container with a user namespace, if you call getxattr\nwith name \u003d \"system.posix_acl_access\" and size % 8 !\u003d 4, then getxattr\nsilently skips the user namespace fixup that it normally does resulting in\nun-fixed-up data being returned.\nThis is caused by posix_acl_fix_xattr_to_user() being passed the total\nbuffer size and not the actual size of the xattr as returned by\nvfs_getxattr().\nThis commit passes the actual length of the xattr as returned by\nvfs_getxattr() down.\n\nA reproducer for the issue is:\n\n touch acl_posix\n\n setfacl -m user:0:rwx acl_posix\n\nand the compile:\n\n #define _GNU_SOURCE\n #include \u003cerrno.h\u003e\n #include \u003cstdio.h\u003e\n #include \u003cstdlib.h\u003e\n #include \u003cstring.h\u003e\n #include \u003csys/types.h\u003e\n #include \u003cunistd.h\u003e\n #include \u003cattr/xattr.h\u003e\n\n /* Run in user namespace with nsuid 0 mapped to uid !\u003d 0 on the host. */\n int main(int argc, void **argv)\n {\n ssize_t ret1, ret2;\n char buf1[128], buf2[132];\n int fret \u003d EXIT_SUCCESS;\n char *file;\n\n if (argc \u003c 2) {\n fprintf(stderr,\n \"Please specify a file with \"\n \"\\\"system.posix_acl_access\\\" permissions set\\n\");\n _exit(EXIT_FAILURE);\n }\n file \u003d argv[1];\n\n ret1 \u003d getxattr(file, \"system.posix_acl_access\",\n buf1, sizeof(buf1));\n if (ret1 \u003c 0) {\n fprintf(stderr, \"%s - Failed to retrieve \"\n \"\\\"system.posix_acl_access\\\" \"\n \"from \\\"%s\\\"\\n\", strerror(errno), file);\n _exit(EXIT_FAILURE);\n }\n\n ret2 \u003d getxattr(file, \"system.posix_acl_access\",\n buf2, sizeof(buf2));\n if (ret2 \u003c 0) {\n fprintf(stderr, \"%s - Failed to retrieve \"\n \"\\\"system.posix_acl_access\\\" \"\n \"from \\\"%s\\\"\\n\", strerror(errno), file);\n _exit(EXIT_FAILURE);\n }\n\n if (ret1 !\u003d ret2) {\n fprintf(stderr, \"The value of \\\"system.posix_acl_\"\n \"access\\\" for file \\\"%s\\\" changed \"\n \"between two successive calls\\n\", file);\n _exit(EXIT_FAILURE);\n }\n\n for (ssize_t i \u003d 0; i \u003c ret2; i++) {\n if (buf1[i] \u003d\u003d buf2[i])\n continue;\n\n fprintf(stderr,\n \"Unexpected different in byte %zd: \"\n \"%02x !\u003d %02x\\n\", i, buf1[i], buf2[i]);\n fret \u003d EXIT_FAILURE;\n }\n\n if (fret \u003d\u003d EXIT_SUCCESS)\n fprintf(stderr, \"Test passed\\n\");\n else\n fprintf(stderr, \"Test failed\\n\");\n\n _exit(fret);\n }\nand run:\n\n ./tester acl_posix\n\nOn a non-fixed up kernel this should return something like:\n\n root@c1:/# ./t\n Unexpected different in byte 16: ffffffa0 !\u003d 00\n Unexpected different in byte 17: ffffff86 !\u003d 00\n Unexpected different in byte 18: 01 !\u003d 00\n\nand on a fixed kernel:\n\n root@c1:~# ./t\n Test passed\n\nCc: stable@vger.kernel.org\nFixes: 2f6f0654ab61 (\"userns: Convert vfs posix_acl support to use kuids and kgids\")\nLink: https://bugzilla.kernel.org/show_bug.cgi?id\u003d199945\nReported-by: Colin Watson \u003ccjwatson@ubuntu.com\u003e\nSigned-off-by: Christian Brauner \u003cchristian@brauner.io\u003e\nAcked-by: Serge Hallyn \u003cserge@hallyn.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "f9cb1db187b740b9b7ef8cd19be9cdb6155d9300", "old_mode": 33188, "old_path": "fs/xattr.c", "new_id": "1bee74682513b77a8b52935c92a3c2627185ae8d", "new_mode": 33188, "new_path": "fs/xattr.c" } ] }