From: Greg KH on
2.6.32-stable review patch. If anyone has any objections, please let us know.


From: Jeff Mahoney <jeffm(a)>

commit 6cb4aff0a77cc0e6bae9475d62205319e3ebbf3f upstream.

Commit 57fe60df ("reiserfs: add atomic addition of selinux attributes
during inode creation") contains a bug that will cause it to oops when
mounting a file system that didn't previously contain extended attributes
on a system using security.* xattrs.

The issue is that while creating the privroot during mount
reiserfs_security_init calls reiserfs_xattr_jcreate_nblocks which
dereferences the xattr root. The xattr root doesn't exist, so we get an


Signed-off-by: Jeff Mahoney <jeffm(a)>
Signed-off-by: Andrew Morton <akpm(a)>
Signed-off-by: Linus Torvalds <torvalds(a)>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)>

fs/reiserfs/xattr_security.c | 2 +-
include/linux/reiserfs_xattr.h | 5 +++++
2 files changed, 6 insertions(+), 1 deletion(-)

--- a/fs/reiserfs/xattr_security.c
+++ b/fs/reiserfs/xattr_security.c
@@ -75,7 +75,7 @@ int reiserfs_security_init(struct inode
return error;

- if (sec->length) {
+ if (sec->length && reiserfs_xattrs_initialized(inode->i_sb)) {
blocks = reiserfs_xattr_jcreate_nblocks(inode) +
reiserfs_xattr_nblocks(inode, sec->length);
/* We don't want to count the directories twice if we have
--- a/include/linux/reiserfs_xattr.h
+++ b/include/linux/reiserfs_xattr.h
@@ -70,6 +70,11 @@ int reiserfs_security_write(struct reise
void reiserfs_security_free(struct reiserfs_security_handle *sec);

+static inline int reiserfs_xattrs_initialized(struct super_block *sb)
+ return REISERFS_SB(sb)->priv_root != NULL;
#define xattr_size(size) ((size) + sizeof(struct reiserfs_xattr_header))
static inline loff_t reiserfs_xattr_nblocks(struct inode *inode, loff_t size)

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)
More majordomo info at
Please read the FAQ at