903513 – sys-kernel/gentoo-sources-6.1.21: user.* xattr namespace on tmpfs not restricted properly

Bug 903513 - sys-kernel/gentoo-sources-6.1.21: user.* xattr namespace on tmpfs not restricted properly

Summary: sys-kernel/gentoo-sources-6.1.21: user.* xattr namespace on tmpfs not restric...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Kernel Bug Wranglers and Kernel Maintainers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2023-03-29 02:30 UTC by Alexander Miller
Modified:	2023-03-30 22:45 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Miller 2023-03-29 02:30:00 UTC

An error was introduced while porting genpatches's 1500_XATTR_USER_PREFIX.patch to the 6.1 branch. This results in the following issue:

$ touch /tmp/testfile
$ setfattr -n user.foo -v bar /tmp/testfile #succeeds when it shouldn't
$ setfattr -n user.user.foo -v bar /tmp/testfile
setfattr: /tmp/testfile: Operation not supported

So the restrictions apply to user.user.* instead of user.*

The problem is in the following hunk:

+--- a/mm/shmem.c	2022-11-22 05:57:29.011626215 -0500
++++ b/mm/shmem.c	2022-11-22 06:03:33.165939400 -0500
+@@ -3297,6 +3297,14 @@ static int shmem_xattr_handler_set(const
+ 	struct shmem_inode_info *info = SHMEM_I(inode);
+ 	int err;
+ 
++
++	if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
++		if (strcmp(name, XATTR_NAME_PAX_FLAGS))
++			return -EOPNOTSUPP;
++		if (size > 8)
++			return -EINVAL;
++	}
++
+ 	name = xattr_full_name(handler, name);
+ 	err = simple_xattr_set(&info->xattrs, name, value, size, flags, NULL);
+ 	if (!err) {

To fix the issue, the inserted if statement must be moved after the "name = xattr_full_name(handler, name);" line.

As noted above, the error was introduced in the 6.1 branch of genpatches; 6.2 and 6.3 are affected, too.

Comment 1 Larry the Git Cow gentoo-dev

2023-03-30 22:30:04 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c8d3a651f11c19b45de3b09699bf21443e8be71d

commit c8d3a651f11c19b45de3b09699bf21443e8be71d
Author:     Mike Pagano <mpagano@gentoo.org>
AuthorDate: 2023-03-30 22:28:46 +0000
Commit:     Mike Pagano <mpagano@gentoo.org>
CommitDate: 2023-03-30 22:28:46 +0000

    sys-kernel/gentoo-sources: add 6.2.9 and additional gp changes
    
    Remove redundant patch:
    2400_WiFi-mac80211-serialize-ieee80211-handle-wake-tx-queue.patch
    
    Update namespace user.pax.* on tmpfs patch
    Bug: https://bugs.gentoo.org/903513
    
    Signed-off-by: Mike Pagano <mpagano@gentoo.org>

 sys-kernel/gentoo-sources/Manifest                 |  3 +++
 .../gentoo-sources/gentoo-sources-6.2.9.ebuild     | 28 ++++++++++++++++++++++
 2 files changed, 31 insertions(+)

Comment 2 Larry the Git Cow gentoo-dev

2023-03-30 22:45:53 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=32da10d0f3ee034530a1d8314ed8c8a30de95f6a

commit 32da10d0f3ee034530a1d8314ed8c8a30de95f6a
Author:     Mike Pagano <mpagano@gentoo.org>
AuthorDate: 2023-03-30 22:45:24 +0000
Commit:     Mike Pagano <mpagano@gentoo.org>
CommitDate: 2023-03-30 22:45:24 +0000

    sys-kernel/gentoo-sources: add 6.1.22
    
    Update namespace user.pax.* on tmpfs patch
    Closes: https://bugs.gentoo.org/903513
    
    Signed-off-by: Mike Pagano <mpagano@gentoo.org>

 sys-kernel/gentoo-sources/Manifest                 |  3 +++
 .../gentoo-sources/gentoo-sources-6.1.22.ebuild    | 28 ++++++++++++++++++++++
 2 files changed, 31 insertions(+)