diff options
author | Theodore Ts'o <tytso@mit.edu> | 2018-06-17 05:41:59 +0200 |
---|---|---|
committer | Theodore Ts'o <tytso@mit.edu> | 2018-06-17 05:41:59 +0200 |
commit | 8bc1379b82b8e809eef77a9fedbb75c6c297be19 (patch) | |
tree | 621b4e6f36dae1bf770c8bb9309028e80ece02c2 /fs/ext4/xattr.c | |
parent | jbd2: don't mark block as modified if the handle is out of credits (diff) | |
download | linux-8bc1379b82b8e809eef77a9fedbb75c6c297be19.tar.xz linux-8bc1379b82b8e809eef77a9fedbb75c6c297be19.zip |
ext4: avoid running out of journal credits when appending to an inline file
Use a separate journal transaction if it turns out that we need to
convert an inline file to use an data block. Otherwise we could end
up failing due to not having journal credits.
This addresses CVE-2018-10883.
https://bugzilla.kernel.org/show_bug.cgi?id=200071
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Diffstat (limited to 'fs/ext4/xattr.c')
-rw-r--r-- | fs/ext4/xattr.c | 19 |
1 files changed, 2 insertions, 17 deletions
diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c index 72377b77fbd7..723df14f4084 100644 --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -2212,23 +2212,8 @@ int ext4_xattr_ibody_inline_set(handle_t *handle, struct inode *inode, if (EXT4_I(inode)->i_extra_isize == 0) return -ENOSPC; error = ext4_xattr_set_entry(i, s, handle, inode, false /* is_block */); - if (error) { - if (error == -ENOSPC && - ext4_has_inline_data(inode)) { - error = ext4_try_to_evict_inline_data(handle, inode, - EXT4_XATTR_LEN(strlen(i->name) + - EXT4_XATTR_SIZE(i->value_len))); - if (error) - return error; - error = ext4_xattr_ibody_find(inode, i, is); - if (error) - return error; - error = ext4_xattr_set_entry(i, s, handle, inode, - false /* is_block */); - } - if (error) - return error; - } + if (error) + return error; header = IHDR(inode, ext4_raw_inode(&is->iloc)); if (!IS_LAST_ENTRY(s->first)) { header->h_magic = cpu_to_le32(EXT4_XATTR_MAGIC); |