reiserfs: fix oops while creating privroot with selinux enabled
authorJeff Mahoney <jeffm@suse.com>
Tue, 23 Mar 2010 20:35:38 +0000 (13:35 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Wed, 24 Mar 2010 23:31:21 +0000 (16:31 -0700)
Commit 57fe60df ("reiserfs: add atomic addition of selinux attributes
during inode creation") contains a bug that will cause it to oops when
mounting a file system that didn't previously contain extended attributes
on a system using security.* xattrs.

The issue is that while creating the privroot during mount
reiserfs_security_init calls reiserfs_xattr_jcreate_nblocks which
dereferences the xattr root.  The xattr root doesn't exist, so we get an
oops.

Addresses http://bugzilla.kernel.org/show_bug.cgi?id=15309

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
fs/reiserfs/xattr_security.c
include/linux/reiserfs_xattr.h

index d8b5bfcbdd30b027aae6c9eae937b566b7b2043d..de1fcffd906bc70ef94586ac951169ad376179ec 100644 (file)
@@ -76,7 +76,7 @@ int reiserfs_security_init(struct inode *dir, struct inode *inode,
                return error;
        }
 
-       if (sec->length) {
+       if (sec->length && reiserfs_xattrs_initialized(inode->i_sb)) {
                blocks = reiserfs_xattr_jcreate_nblocks(inode) +
                         reiserfs_xattr_nblocks(inode, sec->length);
                /* We don't want to count the directories twice if we have
index 99928dce37ea927bde2f515df93ad9a2bab2a239..7fa02b4af838513b9a609122db0772654cdc2f91 100644 (file)
@@ -70,6 +70,11 @@ int reiserfs_security_write(struct reiserfs_transaction_handle *th,
 void reiserfs_security_free(struct reiserfs_security_handle *sec);
 #endif
 
+static inline int reiserfs_xattrs_initialized(struct super_block *sb)
+{
+       return REISERFS_SB(sb)->priv_root != NULL;
+}
+
 #define xattr_size(size) ((size) + sizeof(struct reiserfs_xattr_header))
 static inline loff_t reiserfs_xattr_nblocks(struct inode *inode, loff_t size)
 {