Commit 894ec870 authored by Daniel Drake's avatar Daniel Drake Committed by Linus Torvalds
Browse files

[PATCH] Fix listxattr() for generic security attributes

Commit f549d6c1 introduced a generic
fallback for security xattrs, but appears to include a subtle bug.

Gentoo users with kernels with selinux compiled in, and coreutils compiled
with acl support, noticed that they could not copy files on tmpfs using

cp (compiled with acl support) copies the file, lists the extended
attributes on the old file, copies them all to the new file, and then
exits.  However the listxattr() calls were failing with this odd behaviour:

llistxattr("a.out", (nil), 0)           = 17
llistxattr("a.out", 0x7fffff8c6cb0, 17) = -1 ERANGE (Numerical result out of

I believe this is a simple problem in the logic used to check the buffer
sizes; if the user sends a buffer the exact size of the data, then its ok

This change solves the problem.
More info can be found at

Signed-off-by: default avatarDaniel Drake <>
Acked-by: default avatarJames Morris <>
Acked-by: default avatarStephen Smalley <>
Signed-off-by: default avatarAndrew Morton <>
Signed-off-by: default avatarLinus Torvalds <>
parent c3f59023
......@@ -245,7 +245,7 @@ listxattr(struct dentry *d, char __user *list, size_t size)
error = d->d_inode->i_op->listxattr(d, klist, size);
} else {
error = security_inode_listsecurity(d->d_inode, klist, size);
if (size && error >= size)
if (size && error > size)
error = -ERANGE;
if (error > 0) {
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment