From: Darrick J. Wong <djwong@xxxxxxxxxx> Make sure we screen the op flags field of recovered xattr intent log items to reject flag bits that we don't know about. Signed-off-by: Darrick J. Wong <djwong@xxxxxxxxxx> --- fs/xfs/xfs_attr_item.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index 687cf517841a..459b6c93b40b 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -349,7 +349,8 @@ xfs_attr_log_item( */ attrp = &attrip->attri_format; attrp->alfi_ino = attr->xattri_da_args->dp->i_ino; - attrp->alfi_op_flags = attr->xattri_op_flags; + attrp->alfi_op_flags = attr->xattri_op_flags & + XFS_ATTR_OP_FLAGS_TYPE_MASK; attrp->alfi_value_len = attr->xattri_da_args->valuelen; attrp->alfi_name_len = attr->xattri_da_args->namelen; attrp->alfi_attr_flags = attr->xattri_da_args->attr_filter; @@ -496,6 +497,9 @@ xfs_attri_validate( if (attrp->__pad != 0) return false; + if (attrp->alfi_op_flags & ~XFS_ATTR_OP_FLAGS_TYPE_MASK) + return false; + /* alfi_op_flags should be either a set or remove */ switch (op) { case XFS_ATTR_OP_FLAGS_SET: @@ -556,7 +560,8 @@ xfs_attri_item_recover( args = (struct xfs_da_args *)(attr + 1); attr->xattri_da_args = args; - attr->xattri_op_flags = attrp->alfi_op_flags; + attr->xattri_op_flags = attrp->alfi_op_flags & + XFS_ATTR_OP_FLAGS_TYPE_MASK; args->dp = ip; args->geo = mp->m_attr_geo; @@ -567,7 +572,7 @@ xfs_attri_item_recover( args->attr_filter = attrp->alfi_attr_flags; args->op_flags = XFS_DA_OP_RECOVERY | XFS_DA_OP_OKNOENT; - switch (attrp->alfi_op_flags & XFS_ATTR_OP_FLAGS_TYPE_MASK) { + switch (attr->xattri_op_flags) { case XFS_ATTR_OP_FLAGS_SET: case XFS_ATTR_OP_FLAGS_REPLACE: args->value = attrip->attri_value;