Merge tag 'jfs-3.14' of git://github.com/kleikamp/linux-shaggy

Pull jfs fix from David Kleikamp:
 "Minor bug fix for linux-3.14"

* tag 'jfs-3.14' of git://github.com/kleikamp/linux-shaggy:
  jfs: fix xattr value size overflow in __jfs_setxattr

1 files changed, 14 insertions, 1 deletions

diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c
index 5324e4e2b992..3bd5ee45f7b3 100644
--- a/fs/jfs/xattr.c
+++ b/fs/jfs/xattr.c
@@ -791,6 +791,19 @@ int __jfs_setxattr(tid_t tid, struct inode *inode, const char *name,
                         /* Completely new ea list */
                         xattr_size = sizeof (struct jfs_ea_list);
 
+                /*
+                 * The size of EA value is limitted by on-disk format up to
+                 *  __le16, there would be an overflow if the size is equal
+                 * to XATTR_SIZE_MAX (65536).  In order to avoid this issue,
+                 * we can pre-checkup the value size against USHRT_MAX, and
+                 * return -E2BIG in this case, which is consistent with the
+                 * VFS setxattr interface.
+                 */
+                if (value_len >= USHRT_MAX) {
+                        rc = -E2BIG;
+                        goto release;
+                }
+
                 ea = (struct jfs_ea *) ((char *) ealist + xattr_size);
                 ea->flag = 0;
                 ea->namelen = namelen;
@@ -805,7 +818,7 @@ int __jfs_setxattr(tid_t tid, struct inode *inode, const char *name,
         /* DEBUG - If we did this right, these number match */
         if (xattr_size != new_size) {
                 printk(KERN_ERR
-                       "jfs_xsetattr: xattr_size = %d, new_size = %d\n",
+                       "__jfs_setxattr: xattr_size = %d, new_size = %d\n",
                        xattr_size, new_size);
 
                 rc = -EINVAL;