From: Greg KH on
2.6.33-stable review patch. If anyone has any objections, please let us know.

------------------

From: Jeff Mahoney <jeffm(a)suse.com>

commit fb2162df74bb19552db3d988fd11c787cf5fad56 upstream.

Commit 48b32a3553a54740d236b79a90f20147a25875e3 ("reiserfs: use generic
xattr handlers") introduced a problem that causes corruption when extended
attributes are replaced with a smaller value.

The issue is that the reiserfs_setattr to shrink the xattr file was moved
from before the write to after the write.

The root issue has always been in the reiserfs xattr code, but was papered
over by the fact that in the shrink case, the file would just be expanded
again while the xattr was written.

The end result is that the last 8 bytes of xattr data are lost.

This patch fixes it to use new_size.

Addresses https://bugzilla.kernel.org/show_bug.cgi?id=14826

Signed-off-by: Jeff Mahoney <jeffm(a)suse.com>
Reported-by: Christian Kujau <lists(a)nerdbynature.de>
Tested-by: Christian Kujau <lists(a)nerdbynature.de>
Cc: Edward Shishkin <edward.shishkin(a)gmail.com>
Cc: Jethro Beekman <kernel(a)jbeekman.nl>
Cc: Greg Surbey <gregsurbey(a)hotmail.com>
Cc: Marco Gatti <marco.gatti(a)gmail.com>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)suse.de>

---
fs/reiserfs/xattr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/reiserfs/xattr.c
+++ b/fs/reiserfs/xattr.c
@@ -557,7 +557,7 @@ reiserfs_xattr_set_handle(struct reiserf
if (!err && new_size < i_size_read(dentry->d_inode)) {
struct iattr newattrs = {
.ia_ctime = current_fs_time(inode->i_sb),
- .ia_size = buffer_size,
+ .ia_size = new_size,
.ia_valid = ATTR_SIZE | ATTR_CTIME,
};



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/