From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5AA5AA95E for ; Fri, 26 Jun 2026 13:11:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.173 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782479490; cv=none; b=kIv6bdtQXP6MA5AfIu+GSH4Hkq0yi2OYwYJzAzqjbkRwbOnqPK/sWOwnDTXT1yRJkNc+ZPbh0/xK01ggyfmGhkeqeRyYCKiMHYgp6thyCHargvQoe923gJ6s/immk9NHAxrFXrV0qekJi+b1rqgQ34icyHaqmRJL0WGu5sq+E5o= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782479490; c=relaxed/simple; bh=lJ+OBwpSmNxu05yOr9PmGJPJWDTMt0GEFw3mqTdUhs8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gXYzCCwh292lsCG9mRZp+3UFf+p+km/y0Ks9fSWb7JCc4c+5Z23O/xClWccXp2QNjeaUBxphFsAphGkRKCOAJ54Br1sYK4xICfA2Jw8pEZ2UXUKX7WWRM6mqKB/0/SeDwTOLXM7ajMB0bVWogJMuBPylIpuQTRSB2dWHaa5yJQU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Km482adA; arc=none smtp.client-ip=209.85.215.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Km482adA" Received: by mail-pg1-f173.google.com with SMTP id 41be03b00d2f7-c8894560c89so341121a12.0 for ; Fri, 26 Jun 2026 06:11:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1782479489; x=1783084289; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KjcfW/YArfhSkjN/lzs+Iq6KU+eSjbr3oJOOoEG0Y+s=; b=Km482adAphl9XixZybzVwwbi4VEZkJdHvv2vZPMZkp2UKL5JEbdig3py55DYJqwZt4 jMVO5wQME256Hu+sFs7Mrz7vETVV8ael9+yXvCugU4A6Bk6v9WCB/hRsdmo1EmYaDt8w waBmGAMzRf3cSviRC5Y1z52Wlbpb2IvwxE1HWI20f+NInaSqXuHFrPNv4ILQ793UW86T bQZ3dwa+uE1D8alaO269id6nCSe4VKkn2AiM3eaCYrND7lJfhAystACrLhgMHUyNAXZC xaByC3e3QxugCK5wzLwgfriSh5mk7g9Mg84fZMdpd+mHJQybr3sJhmFwKB6cOMzpVqrp QSiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782479489; x=1783084289; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=KjcfW/YArfhSkjN/lzs+Iq6KU+eSjbr3oJOOoEG0Y+s=; b=JvUp/DhJ40YwIcd6vwKn/NdXVooTPVcS5kvXm0gm/rn7ty8eCRWo+pETStckUhg7rJ +X3DhcKhhbdpcGGaJnsZbA6X/hV/GTasMscFa3LsoWFgdgjujKibpivixbZAczO8kGjA xl7pJMzmFeXjx/scAKVOV2issBkuvJUC/i/K4SjCl/8CWPQtcMgNaykONGE8mb+q+Spe CZdKaqa8H2Y67RCzP523YNCTZoYFLlNiWoPVsS9s4d5l/Ykc5EFxMmHtXYPVv1pjlN4E XCLRFKu6VKoLdcnhDePPpQ1W4tMZ3GwE1xlaqB4ujudxPJAjxV6elqXfedaXwYD0v68/ ID/g== X-Forwarded-Encrypted: i=1; AFNElJ8S5fa17IUeZrOi5+CWY/Ycdg5cwCK25NuTSbxlLVnpHE0klukUj7EcNLcA0olNAmYHYVHBW+rUnpajZZs=@vger.kernel.org X-Gm-Message-State: AOJu0YyTAevKXyKGOvmaXix41fMqYsg6+sN+R2vMUiZvuY3L0JifdCUc q1u/evIJWQbyh5cnrhPvo9p265m3QkZ1vaS34g5VtCScUUe46BU+eEMb X-Gm-Gg: AfdE7cl0BMNo5K/4BZKyb1Vhy53p0kIIBhxx1FrvP7ACCbDpBPQDfYakqUSgQtpjlPK k5tM0keVkl69FrvScKTmeYIBkvfHiZxc9R4XIj7Dx4ii6CSwKCLgt08e0ApsjvtckrISZziqTxQ 61SusHAb5THask5lxAlBUKe0WKADlkbS6ArSx13t8/a9gjoPWmry6awutUzC6sja1OWpUG6E8OE 1xQxu3C/vXDS1M3mwklCx7BlwMVRzO0980N+4PjxG+PqesrafbzEuez9BiEA1XpoMM93OUG5umd ZonMxXela4KtVaQgyGNVDIcjRbp0V7mNd8P1rV/fq0uoaX6rxTInvLUsRmw9QlNBpg+GhvuBUxg xF3FDaUAnGiGOwTZBrmy+Q88aWYkb1kaKbsbRIMeEFBuVoPCwdLY7o4JIURoJVv8ENzIEgAJL5z FZzM5kJpuhJB8U2gC2nCP/IeQBQ4lXu1xCEruDvWZdniwmCR8hsdB8pb+eeDA3tjhYqaP37kxX X-Received: by 2002:a05:6a00:22d4:b0:845:4679:4a3 with SMTP id d2e1a72fcca58-845b3aed31emr7700824b3a.19.1782479488475; Fri, 26 Jun 2026 06:11:28 -0700 (PDT) Received: from localhost.localdomain (211-20-143-81.hinet-ip.hinet.net. [211.20.143.81]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-845a40d234esm7104461b3a.29.2026.06.26.06.11.26 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Fri, 26 Jun 2026 06:11:28 -0700 (PDT) From: hewei-gikaku To: Weiming Shi Cc: Xiang Mei , Konstantin Komarov , ntfs3@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] fs/ntfs3: fix out-of-bounds write in ni_create_attr_list() Date: Fri, 26 Jun 2026 22:11:22 +0900 Message-ID: <20260626131122.1341-1-skyexpoc@gmail.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260624053008.4885-2-xmei5@asu.edu> References: <20260624053008.4885-2-xmei5@asu.edu> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Hi Weiming, Xiang, I posted a fix for this exact ni_create_attr_list() out-of-bounds write two weeks before this patch, to the same list and CC'ing the same maintainer: v1 (2026-06-10): https://lore.kernel.org/all/20260610002929.51765-1-skyexpoc@gmail.com/ v2 (2026-06-25): https://lore.kernel.org/all/20260625031932.9412-1-skyexpoc@gmail.com/ Same root cause, same Fixes: tag. The two patches differ in how they fix it, and the difference matters: - This patch keeps the fixed al_aligned(record_size) buffer and returns -EINVAL as soon as an entry would cross the buffer end. Because each ATTR_LIST_ENTRY (le_size(0) = 0x20) is larger than the minimum resident attribute it represents (SIZEOF_RESIDENT = 0x18), the list can grow past a single record_size for a sufficiently full base record, so this can fail a normal setxattr/file operation with -EINVAL instead of handling it. - My v2 computes the exact list size from the attributes first and allocates accordingly, closing the overflow without introducing that regression. Given the earlier posting and that v2 fixes the bug without rejecting otherwise-valid records, I'd suggest taking v2. I'm happy to rebase it or adjust to whatever Konstantin prefers. Thanks, HE WEI