author: Jie Liu <jeff.liu@oracle.com> 2014-01-02 11:30:42 -0600
committer: Dave Kleikamp <dave.kleikamp@oracle.com> 2014-01-02 11:36:56 -0600
commit: 0439e091e3b1fe41a350540c84857a573fde3d72
parent: 9a0bb2966efbf30a71c128c3af63307d8b5f5fc0
Commit Summary:
Diffstat:
1 file changed, 14 insertions, 1 deletion
diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c
index d3472f4cd530..9c6904eee0c6 100644
--- a/fs/jfs/xattr.c
+++ b/fs/jfs/xattr.c
@@ -860,6 +860,19 @@ int __jfs_setxattr(tid_t tid, struct inode *inode, const char *name,
/* Completely new ea list */
xattr_size = sizeof (struct jfs_ea_list);
+ /*
+ * The size of EA value is limitted by on-disk format up to
+ * __le16, there would be an overflow if the size is equal
+ * to XATTR_SIZE_MAX (65536). In order to avoid this issue,
+ * we can pre-checkup the value size against USHRT_MAX, and
+ * return -E2BIG in this case, which is consistent with the
+ * VFS setxattr interface.
+ */
+ if (value_len >= USHRT_MAX) {
+ rc = -E2BIG;
+ goto release;
+ }
+
ea = (struct jfs_ea *) ((char *) ealist + xattr_size);
ea->flag = 0;
ea->namelen = namelen;
@@ -874,7 +887,7 @@ int __jfs_setxattr(tid_t tid, struct inode *inode, const char *name,
/* DEBUG - If we did this right, these number match */
if (xattr_size != new_size) {
printk(KERN_ERR
- "jfs_xsetattr: xattr_size = %d, new_size = %d\n",
+ "__jfs_setxattr: xattr_size = %d, new_size = %d\n",
xattr_size, new_size);
rc = -EINVAL;