Merge tag 'jfs-3.14' of git://github.com/kleikamp/linux-shaggy

Pull jfs fix from David Kleikamp:
 "Minor bug fix for linux-3.14"

* tag 'jfs-3.14' of git://github.com/kleikamp/linux-shaggy:
  jfs: fix xattr value size overflow in __jfs_setxattr

diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c
index 5324e4e2b9924babb2675451ed074f4a279d2ad4..3bd5ee45f7b3a13cf3dcc65f824fd8dad5ac6960 100644 (file)
--- a/fs/jfs/xattr.c
+++ b/fs/jfs/xattr.c
@@ -791,6 +791,19 @@ int __jfs_setxattr(tid_t tid, struct inode *inode, const char *name,
                        /* Completely new ea list */
                        xattr_size = sizeof (struct jfs_ea_list);
 
+               /*
+                * The size of EA value is limitted by on-disk format up to
+                *  __le16, there would be an overflow if the size is equal
+                * to XATTR_SIZE_MAX (65536).  In order to avoid this issue,
+                * we can pre-checkup the value size against USHRT_MAX, and
+                * return -E2BIG in this case, which is consistent with the
+                * VFS setxattr interface.
+                */
+               if (value_len >= USHRT_MAX) {
+                       rc = -E2BIG;
+                       goto release;
+               }
+
                ea = (struct jfs_ea *) ((char *) ealist + xattr_size);
                ea->flag = 0;
                ea->namelen = namelen;
@@ -805,7 +818,7 @@ int __jfs_setxattr(tid_t tid, struct inode *inode, const char *name,
        /* DEBUG - If we did this right, these number match */
        if (xattr_size != new_size) {
                printk(KERN_ERR
-                      "jfs_xsetattr: xattr_size = %d, new_size = %d\n",
+                      "__jfs_setxattr: xattr_size = %d, new_size = %d\n",
                       xattr_size, new_size);
 
                rc = -EINVAL;