[PATCH 5.4 55/60] ext4: do not try to set xattr into ea_inode if value is empty

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org,
	syzbot+98b881fdd8ebf45ab4ae@syzkaller.appspotmail.com,
	stable@kernel.org, "zhangyi (F)" <yi.zhang@huawei.com>,
	Theodore Tso <tytso@mit.edu>
Subject: [PATCH 5.4 55/60] ext4: do not try to set xattr into ea_inode if value is empty
Date: Mon, 22 Mar 2021 13:28:43 +0100	[thread overview]
Message-ID: <20210322121924.192489561@linuxfoundation.org> (raw)
In-Reply-To: <20210322121922.372583154@linuxfoundation.org>

From: zhangyi (F) <yi.zhang@huawei.com>

commit 6b22489911b726eebbf169caee52fea52013fbdd upstream.

Syzbot report a warning that ext4 may create an empty ea_inode if set
an empty extent attribute to a file on the file system which is no free
blocks left.

  WARNING: CPU: 6 PID: 10667 at fs/ext4/xattr.c:1640 ext4_xattr_set_entry+0x10f8/0x1114 fs/ext4/xattr.c:1640
  ...
  Call trace:
   ext4_xattr_set_entry+0x10f8/0x1114 fs/ext4/xattr.c:1640
   ext4_xattr_block_set+0x1d0/0x1b1c fs/ext4/xattr.c:1942
   ext4_xattr_set_handle+0x8a0/0xf1c fs/ext4/xattr.c:2390
   ext4_xattr_set+0x120/0x1f0 fs/ext4/xattr.c:2491
   ext4_xattr_trusted_set+0x48/0x5c fs/ext4/xattr_trusted.c:37
   __vfs_setxattr+0x208/0x23c fs/xattr.c:177
  ...

Now, ext4 try to store extent attribute into an external inode if
ext4_xattr_block_set() return -ENOSPC, but for the case of store an
empty extent attribute, store the extent entry into the extent
attribute block is enough. A simple reproduce below.

  fallocate test.img -l 1M
  mkfs.ext4 -F -b 2048 -O ea_inode test.img
  mount test.img /mnt
  dd if=/dev/zero of=/mnt/foo bs=2048 count=500
  setfattr -n "user.test" /mnt/foo

Reported-by: syzbot+98b881fdd8ebf45ab4ae@syzkaller.appspotmail.com
Fixes: 9c6e7853c531 ("ext4: reserve space for xattr entries/names")
Cc: stable@kernel.org
Signed-off-by: zhangyi (F) <yi.zhang@huawei.com>
Link: https://lore.kernel.org/r/20210305120508.298465-1-yi.zhang@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/ext4/xattr.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -2415,7 +2415,7 @@ retry_inode:
 				 * external inode if possible.
 				 */
 				if (ext4_has_feature_ea_inode(inode->i_sb) &&
-				    !i.in_inode) {
+				    i.value_len && !i.in_inode) {
 					i.in_inode = 1;
 					goto retry_inode;
 				}

next prev parent reply	other threads:[~2021-03-22 12:59 UTC|newest]

Thread overview: 66+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-22 12:27 [PATCH 5.4 00/60] 5.4.108-rc1 review Greg Kroah-Hartman
2021-03-22 12:27 ` [PATCH 5.4 01/60] ASoC: ak4458: Add MODULE_DEVICE_TABLE Greg Kroah-Hartman
2021-03-22 12:27 ` [PATCH 5.4 02/60] ASoC: ak5558: " Greg Kroah-Hartman
2021-03-22 12:27 ` [PATCH 5.4 03/60] ALSA: dice: fix null pointer dereference when node is disconnected Greg Kroah-Hartman
2021-03-22 12:27 ` [PATCH 5.4 04/60] ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro Greg Kroah-Hartman
2021-03-22 12:27 ` [PATCH 5.4 05/60] ALSA: hda: generic: Fix the micmute led init state Greg Kroah-Hartman
2021-03-22 12:27 ` [PATCH 5.4 06/60] ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air Greg Kroah-Hartman
2021-03-22 12:27 ` [PATCH 5.4 07/60] Revert "PM: runtime: Update device status before letting suppliers suspend" Greg Kroah-Hartman
2021-03-22 12:27 ` [PATCH 5.4 08/60] s390/vtime: fix increased steal time accounting Greg Kroah-Hartman
2021-03-22 12:27 ` [PATCH 5.4 09/60] ARM: 9030/1: entry: omit FP emulation for UND exceptions taken in kernel mode Greg Kroah-Hartman
2021-03-22 12:27 ` [PATCH 5.4 10/60] ARM: 9044/1: vfp: use undef hook for VFP support detection Greg Kroah-Hartman
2021-03-22 12:27 ` [PATCH 5.4 11/60] btrfs: fix race when cloning extent buffer during rewind of an old root Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 12/60] btrfs: fix slab cache flags for free space tree bitmap Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 13/60] ASoC: fsl_ssi: Fix TDM slot setup for I2S mode Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 14/60] ASoC: SOF: Intel: unregister DMIC device on probe error Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 15/60] ASoC: SOF: intel: fix wrong poll bits in dsp power down Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 16/60] ASoC: simple-card-utils: Do not handle device clock Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 17/60] afs: Stop listxattr() from listing "afs.*" attributes Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 18/60] nvme: fix Write Zeroes limitations Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 19/60] nvme-tcp: fix possible hang when failing to set io queues Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 20/60] nvme-tcp: fix a NULL deref when receiving a 0-length r2t PDU Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 21/60] nvmet: dont check iosqes,iocqes for discovery controllers Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 22/60] nfsd: Dont keep looking up unhashed files in the nfsd file cache Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 23/60] NFSD: Repair misuse of sv_lock in 5.10.16-rt30 Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 24/60] svcrdma: disable timeouts on rdma backchannel Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 25/60] vfio: IOMMU_API should be selected Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 26/60] sunrpc: fix refcount leak for rpc auth modules Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 27/60] net/qrtr: fix __netdev_alloc_skb call Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 28/60] kbuild: Fix <linux/version.h> for empty SUBLEVEL or PATCHLEVEL again Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 29/60] riscv: Correct SPARSEMEM configuration Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 30/60] scsi: lpfc: Fix some error codes in debugfs Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 31/60] scsi: myrs: Fix a double free in myrs_cleanup() Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 32/60] counter: stm32-timer-cnt: Report count function when SLAVE_MODE_DISABLED Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 33/60] nvme-rdma: fix possible hang when failing to set io queues Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 34/60] usb-storage: Add quirk to defeat Kindles automatic unload Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 35/60] usbip: Fix incorrect double assignment to udc->ud.tcp_rx Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 36/60] USB: replace hardcode maximum usb string length by definition Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 37/60] usb: gadget: configfs: Fix KASAN use-after-free Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 38/60] usb: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 39/60] iio:adc:stm32-adc: Add HAS_IOMEM dependency Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 40/60] iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 41/60] iio: adis16400: Fix an error code in adis16400_initial_setup() Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 42/60] iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 43/60] iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 44/60] iio: hid-sensor-humidity: Fix alignment issue of timestamp channel Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 45/60] iio: hid-sensor-prox: Fix scale not correct issue Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 46/60] iio: hid-sensor-temperature: Fix issues of timestamp channel Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 47/60] counter: stm32-timer-cnt: fix ceiling write max value Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 48/60] PCI: rpadlpar: Fix potential drc_name corruption in store functions Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 49/60] perf/x86/intel: Fix a crash caused by zero PEBS status Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 50/60] x86/ioapic: Ignore IRQ2 again Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 51/60] kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 52/60] x86: Move TS_COMPAT back to asm/thread_info.h Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 53/60] x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 54/60] ext4: find old entry again if failed to rename whiteout Greg Kroah-Hartman
2021-03-22 12:28 ` Greg Kroah-Hartman [this message]
2021-03-22 12:28 ` [PATCH 5.4 56/60] ext4: fix potential error in ext4_do_update_inode Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 57/60] efi: use 32-bit alignment for efi_guid_t literals Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 58/60] firmware/efi: Fix a use after bug in efi_mem_reserve_persistent Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 59/60] genirq: Disable interrupts for force threaded handlers Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 60/60] x86/apic/of: Fix CPU devicetree-node lookups Greg Kroah-Hartman
2021-03-22 14:35 ` [PATCH 5.4 00/60] 5.4.108-rc1 review Jon Hunter
2021-03-22 18:01 ` Florian Fainelli
2021-03-22 21:53 ` Guenter Roeck
2021-03-23  0:51 ` Samuel Zou
2021-03-23 10:20 ` Naresh Kamboju

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210322121924.192489561@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=syzbot+98b881fdd8ebf45ab4ae@syzkaller.appspotmail.com \
    --cc=tytso@mit.edu \
    --cc=yi.zhang@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.