linux/fs
Joel Becker 399ff3a748 ocfs2: Handle errors while setting external xattr values.
ocfs2 can store extended attribute values as large as a single file.  It
does this using a standard ocfs2 btree for the large value.  However,
the previous code did not handle all error cases cleanly.

There are multiple problems to have.

1) We have trouble allocating space for a new xattr.  This leaves us
   with an empty xattr.
2) We overwrote an existing local xattr with a value root, and now we
   have an error allocating the storage.  This leaves us an empty xattr.
   where there used to be a value.  The value is lost.
3) We have trouble truncating a reused value.  This leaves us with the
   original entry pointing to the truncated original value.  The value
   is lost.
4) We have trouble extending the storage on a reused value.  This leaves
   us with the original value safely in place, but with more storage
   allocated when needed.

This doesn't consider storing local xattrs (values that don't require a
btree).  Those only fail when the journal fails.

Case (1) is easy.  We just remove the xattr we added.  We leak the
storage because we can't safely remove it, but otherwise everything is
happy.  We'll print a warning about the leak.

Case (4) is easy.  We still have the original value in place.  We can
just leave the extra storage attached to this xattr.  We return the
error, but the old value is untouched.  We print a warning about the
storage.

Case (2) and (3) are hard because we've lost the original values.  In
the old code, we ended up with values that could be partially read.
That's not good.  Instead, we just wipe the xattr entry and leak the
storage.  It stinks that the original value is lost, but now there isn't
a partial value to be read.  We'll print a big fat warning.

Signed-off-by: Joel Becker <joel.becker@oracle.com>
2010-02-26 15:41:13 -08:00
..
9p fix oops in fs/9p late mount failure 2010-01-26 22:22:27 -05:00
adfs adfs: remove redundant test on unsigned 2009-09-24 07:21:05 -07:00
affs fix affs parse_options() 2010-01-26 22:22:25 -05:00
afs afs: remove manual O_SYNC handling 2009-12-10 15:02:50 +01:00
autofs trivial: remove unnecessary semicolons 2009-09-21 15:14:58 +02:00
autofs4 autofs4: always use lookup for lookup 2009-12-16 07:19:58 -08:00
befs befs: fix leak 2010-02-07 03:06:21 -05:00
bfs Fix failure exits in bfs_fill_super() 2010-01-26 22:22:25 -05:00
btrfs Merge git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable 2010-02-05 07:23:03 -08:00
cachefiles Untangling ima mess, part 2: deal with counters 2009-12-16 12:16:47 -05:00
cifs CIFS shouldn't make mountpoints shrinkable 2010-01-16 13:06:32 -05:00
coda sysctl: Drop & in front of every proc_handler. 2009-11-18 08:37:40 -08:00
configfs Fix configfs leak 2010-01-14 09:05:42 -05:00
cramfs
debugfs get rid of pointless checks after simple_pin_fs() 2010-01-26 22:22:26 -05:00
devpts devpts_get_tty() should validate inode 2009-12-11 15:18:05 -08:00
dlm Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/dlm 2009-12-10 09:33:59 -08:00
ecryptfs ecryptfs: use after free 2010-01-19 22:36:06 -06:00
efs
exofs exofs: simple_write_end does not mark_inode_dirty 2010-01-05 09:14:32 +02:00
exportfs nfs: new subdir Documentation/filesystems/nfs 2009-10-27 19:34:04 -04:00
ext2 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2009-12-16 12:04:02 -08:00
ext3 ext3: Replace lock/unlock_super() with an explicit lock for resizing 2009-12-23 13:44:12 +01:00
ext4 ext4: Fix quota accounting error with fallocate 2010-01-25 04:00:31 -05:00
fat Merge git://git.kernel.org/pub/scm/linux/kernel/git/hirofumi/fatfs-2.6 2009-12-16 10:29:26 -08:00
freevxfs headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
fscache FS-Cache: Avoid maybe-used-uninitialised warning on variable 2009-12-16 07:20:13 -08:00
fuse mm: flush dcache before writing into page to avoid alias 2010-02-02 18:11:21 -08:00
gfs2 GFS2: Extend umount wait coverage to full glock lifetime 2010-02-03 09:56:21 +00:00
hfs hfs: fix a potential buffer overflow 2009-12-15 08:53:10 -08:00
hfsplus hfsplus: refuse to mount volumes larger than 2TB 2009-10-29 07:39:27 -07:00
hostfs hostfs: set maximum filesize in superblock for proper LFS support 2009-06-30 18:56:03 -07:00
hpfs hpfs: use bitmap_weight() 2009-12-16 07:20:06 -08:00
hppfs hppfs: handle ->put_link() 2010-01-14 09:05:25 -05:00
hugetlbfs Untangling ima mess, part 1: alloc_file() 2009-12-16 12:16:47 -05:00
isofs Merge branch 'for-2.6.33' of git://linux-nfs.org/~bfields/linux 2009-12-16 10:43:34 -08:00
jbd jbd: jbd-debug and jbd2-debug should be writable 2009-12-23 13:44:13 +01:00
jbd2 jbd2: don't use __GFP_NOFAIL in journal_init_common() 2009-12-23 08:05:15 -05:00
jffs2 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2009-12-16 12:04:02 -08:00
jfs jfs: Fix 32bit build warning 2009-12-22 12:27:35 -05:00
lockd Merge branch 'for-2.6.33' of git://linux-nfs.org/~bfields/linux 2009-12-16 10:43:34 -08:00
minix V3 minixfs: add missing directory type checking 2009-09-23 07:39:57 -07:00
ncpfs tree-wide: fix assorted typos all over the place 2009-12-04 15:39:55 +01:00
nfs NFS: Don't clobber the attribute type in nfs_update_inode() 2010-02-03 08:27:35 -05:00
nfs_common
nfsd ima: rename ima_path_check to ima_file_check 2010-02-07 03:06:22 -05:00
nilfs2 nilfs2: fix potential leak of dirty data on umount 2010-01-31 14:57:31 +09:00
nls Merge git://git.kernel.org/pub/scm/linux/kernel/git/hirofumi/fatfs-2.6 2009-09-30 09:31:14 -07:00
notify inotify: only warn once for inotify problems 2010-01-15 14:49:23 -08:00
ntfs kill I_LOCK 2009-12-17 11:03:25 -05:00
ocfs2 ocfs2: Handle errors while setting external xattr values. 2010-02-26 15:41:13 -08:00
omfs tree-wide: fix assorted typos all over the place 2009-12-04 15:39:55 +01:00
openpromfs
partitions partitions: read whole sector with EFI GPT header 2009-11-23 09:29:58 +01:00
proc fix autofs/afs/etc. magic mountpoint breakage 2010-01-14 09:05:25 -05:00
qnx4 qnx4: use hweight8 2009-12-16 07:20:18 -08:00
quota quota: Fix dquot_transfer for filesystems different from ext4 2010-01-11 13:06:41 +01:00
ramfs nommu: fix shared mmap after truncate shrinkage problems 2010-01-16 12:15:40 -08:00
reiserfs reiserfs: Fix vmalloc call under reiserfs lock 2010-01-28 13:43:50 +01:00
romfs fix leak in romfs_fill_super() 2010-01-26 22:22:26 -05:00
smbfs fs: Make unload_nls() NULL pointer safe 2009-09-24 07:47:42 -04:00
squashfs const: mark remaining super_operations const 2009-09-22 07:17:24 -07:00
sysfs sysfs: Add lockdep annotations for the sysfs active reference 2010-01-04 12:34:46 -08:00
sysv
ubifs lib: Introduce generic list_sort function 2010-01-12 21:02:00 -08:00
udf udf: Avoid IO in udf_clear_inode 2009-12-14 21:40:04 +01:00
ufs ufs: NFS support 2009-12-16 07:20:06 -08:00
xfs xfs: xfs_swap_extents needs to handle dynamic fork offsets 2010-01-15 13:49:07 -06:00
aio.c aio: remove unused field 2009-12-16 07:20:13 -08:00
anon_inodes.c Sanitize f_flags helpers 2009-12-22 12:27:34 -05:00
attr.c truncate: new helpers 2009-09-24 08:41:47 -04:00
bad_inode.c
binfmt_aout.c Split 'flush_old_exec' into two functions 2010-01-29 08:22:01 -08:00
binfmt_elf_fdpic.c Split 'flush_old_exec' into two functions 2010-01-29 08:22:01 -08:00
binfmt_elf.c Split 'flush_old_exec' into two functions 2010-01-29 08:22:01 -08:00
binfmt_em86.c
binfmt_flat.c Split 'flush_old_exec' into two functions 2010-01-29 08:22:01 -08:00
binfmt_misc.c
binfmt_script.c
binfmt_som.c Split 'flush_old_exec' into two functions 2010-01-29 08:22:01 -08:00
bio-integrity.c block: fix bugs in bio-integrity mempool usage 2010-01-30 20:28:19 +01:00
bio.c block: fix bio_add_page for non trivial merge_bvec_fn case 2010-01-28 15:08:29 +01:00
block_dev.c freeze_bdev: don't deactivate successfully frozen MS_RDONLY sb 2010-02-07 03:06:21 -05:00
buffer.c Merge branch 'writeback' of git://git.kernel.dk/linux-2.6-block 2009-09-25 09:27:30 -07:00
char_dev.c fs/char_dev.c: remove useless loop 2009-09-24 07:21:03 -07:00
compat_binfmt_elf.c
compat_ioctl.c compat_ioctl: Supress "unknown cmd" message on serial /dev/console 2010-01-20 15:03:26 -08:00
compat.c compat.c: Remove dependence on nfsd private headers 2009-12-14 18:12:10 -05:00
dcache.c libfs: move EXPORT_SYMBOL for d_alloc_name 2009-12-16 12:16:48 -05:00
dcookies.c
direct-io.c dio: fix use-after-free 2009-12-17 04:52:13 -05:00
drop_caches.c sysctl: remove "struct file *" argument of ->proc_handler 2009-09-24 07:21:04 -07:00
eventfd.c eventfd - allow atomic read and waitqueue remove 2010-01-25 12:26:38 -02:00
eventpoll.c anonfd: Allow making anon files read-only 2009-12-22 12:27:34 -05:00
exec.c Fix 'flush_old_exec()/setup_new_exec()' split 2010-02-02 12:37:44 -08:00
fcntl.c Fix race in tty_fasync() properly 2010-02-07 10:26:01 -08:00
fifo.c
file_table.c Take ima_file_free() to proper place. 2010-02-07 03:07:29 -05:00
file.c headers: remove sched.h from interrupt.h 2009-10-11 11:20:58 -07:00
filesystems.c
fs_struct.c
fs-writeback.c writeback: add missing kernel-doc notation 2010-01-02 10:09:44 -08:00
generic_acl.c make generic_acl slightly more generic 2009-12-16 12:16:49 -05:00
inode.c kill I_LOCK 2009-12-17 11:03:25 -05:00
internal.h Fix f_flags/f_mode in case of lookup_instantiate_filp() from open(pathname, 3) 2009-12-22 12:27:34 -05:00
ioctl.c __generic_block_fiemap(): fix for files bigger than 4GB 2009-11-12 07:26:01 -08:00
ioprio.c
Kconfig Revert "task_struct: make journal_info conditional" 2009-12-17 13:23:24 -08:00
Kconfig.binfmt
libfs.c libfs: move EXPORT_SYMBOL for d_alloc_name 2009-12-16 12:16:48 -05:00
locks.c const: make lock_manager_operations const 2009-09-22 07:17:25 -07:00
Makefile
mbcache.c
mpage.c
namei.c ima: rename ima_path_check to ima_file_check 2010-02-07 03:06:22 -05:00
namespace.c do_add_mount() should sanitize mnt_flags 2010-01-16 13:07:36 -05:00
nfsctl.c vfs: nfsctl.c un-used nfsd #includes 2009-12-14 18:12:11 -05:00
no-block.c
open.c Sanitize f_flags helpers 2009-12-22 12:27:34 -05:00
pipe.c fs: no games with DCACHE_UNHASHED 2009-12-17 10:51:40 -05:00
pnode.c
pnode.h
posix_acl.c
read_write.c sendfile(): check f_op.splice_write() rather than f_op.sendpage() 2009-11-04 09:09:52 +01:00
read_write.h
readdir.c
select.c headers: remove sched.h from poll.h 2009-10-04 15:05:10 -07:00
seq_file.c vfs: seq_file: add helpers for data filling 2009-09-24 07:47:35 -04:00
signalfd.c anonfd: Allow making anon files read-only 2009-12-22 12:27:34 -05:00
splice.c sendfile(): check f_op.splice_write() rather than f_op.sendpage() 2009-11-04 09:09:52 +01:00
stack.c VFS/fsstack: handle 32-bit smp + preempt + large files in fsstack_copy_inode_size 2009-12-17 10:58:17 -05:00
stat.c Add unlocked version of inode_add_bytes() function 2009-12-23 13:33:54 +01:00
super.c vfs: get_sb_single() - do not pass options twice 2009-12-23 11:23:43 -08:00
sync.c fold do_sync_file_range into sys_sync_file_range 2009-12-17 11:03:25 -05:00
timerfd.c anonfd: Allow making anon files read-only 2009-12-22 12:27:34 -05:00
utimes.c
xattr_acl.c VFS: Use GFP_NOFS in posix_acl_from_xattr() 2009-12-03 11:48:07 +00:00
xattr.c sanitize xattr handler prototypes 2009-12-16 12:16:49 -05:00