From: "yebin (H)" <yebin10@huawei.com>
To: Jan Kara <jack@suse.cz>, Ye Bin <yebin@huaweicloud.com>
Cc: <tytso@mit.edu>, <adilger.kernel@dilger.ca>,
<linux-ext4@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2 2/6] ext4: add primary check extended attribute inode in ext4_xattr_check_entries()
Date: Wed, 7 Dec 2022 19:39:54 +0800 [thread overview]
Message-ID: <63907B8A.9030800@huawei.com> (raw)
In-Reply-To: <20221207111437.birh6zujw4wauvhu@quack3>
On 2022/12/7 19:14, Jan Kara wrote:
> On Wed 07-12-22 15:40:39, Ye Bin wrote:
>> From: Ye Bin <yebin10@huawei.com>
>>
>> Add primary check for extended attribute inode, only do hash check when read
>> ea_inode's data in ext4_xattr_inode_get().
>>
>> Signed-off-by: Ye Bin <yebin10@huawei.com>
> ...
>
>> +static inline int ext4_xattr_check_extra_inode(struct inode *inode,
>> + struct ext4_xattr_entry *entry)
>> +{
>> + int err;
>> + struct inode *ea_inode;
>> +
>> + err = ext4_xattr_inode_iget(inode, le32_to_cpu(entry->e_value_inum),
>> + le32_to_cpu(entry->e_hash), &ea_inode);
>> + if (err)
>> + return err;
>> +
>> + if (i_size_read(ea_inode) != le32_to_cpu(entry->e_value_size)) {
>> + ext4_warning_inode(ea_inode,
>> + "ea_inode file size=%llu entry size=%u",
>> + i_size_read(ea_inode),
>> + le32_to_cpu(entry->e_value_size));
>> + err = -EFSCORRUPTED;
>> + }
>> + iput(ea_inode);
>> +
>> + return err;
>> +}
>> +
>> static int
>> -ext4_xattr_check_entries(struct ext4_xattr_entry *entry, void *end,
>> - void *value_start)
>> +ext4_xattr_check_entries(struct inode *inode, struct ext4_xattr_entry *entry,
>> + void *end, void *value_start)
>> {
>> struct ext4_xattr_entry *e = entry;
>>
>> @@ -221,6 +247,10 @@ ext4_xattr_check_entries(struct ext4_xattr_entry *entry, void *end,
>> size > end - value ||
>> EXT4_XATTR_SIZE(size) > end - value)
>> return -EFSCORRUPTED;
>> + } else if (entry->e_value_inum) {
>> + int err = ext4_xattr_check_extra_inode(inode, entry);
>> + if (err)
>> + return err;
>> }
>> entry = EXT4_XATTR_NEXT(entry);
>> }
> So I was thinking about this. It is nice to have the inode references
> checked but OTOH this is rather expensive for a filesystem with EA inodes -
> we have to lookup and possibly load EA inodes from the disk although they
> won't be needed for anything else than the check. Also as you have noticed
> we do check whether i_size and xattr size as recorded in xattr entry match
> in ext4_xattr_inode_iget() which gets called once we need to do anything
> with the EA inode.
>
> Also I've checked and we do call ext4_xattr_check_block() and
> xattr_check_inode() in ext4_expand_extra_isize_ea() so Ted's suspicion that
> the problem comes from not checking the xattr entries before moving them
> from the inode was not correct.
>
> So to summarize, I don't think this and the following patch is actually
> needed and brings benefit that would outweight the performance cost.
>
> Honza
Yes, I agree with you.
In ext4_ xattr_ check_ Entries () simply verifies the length of the
extended attribute with
ea_inode. If the previous patch is not merged, EXT4_ XATTR_ SIZE_ MAX is
much larger
than the actual constraint value. Data verification can only be
postponed until the ea_inode
is read.
So your suggestion is to modify EXT4_ XATTR_ SIZE_ MAX Or defer data
verification until
the ea_inode is read?
next prev parent reply other threads:[~2022-12-07 11:40 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-07 7:40 [PATCH v2 0/6] Fix two issue about ext4 extended attribute Ye Bin
2022-12-07 7:40 ` [PATCH v2 1/6] ext4: fix WARNING in ext4_expand_extra_isize_ea Ye Bin
2022-12-07 7:51 ` Bagas Sanjaya
2022-12-07 7:40 ` [PATCH v2 2/6] ext4: add primary check extended attribute inode in ext4_xattr_check_entries() Ye Bin
2022-12-07 7:37 ` Bagas Sanjaya
2022-12-07 11:14 ` Jan Kara
2022-12-07 11:39 ` yebin (H) [this message]
2022-12-07 12:03 ` Jan Kara
2022-12-07 7:40 ` [PATCH v2 3/6] ext4: remove unnessary size check in ext4_xattr_inode_get() Ye Bin
2022-12-07 7:40 ` [PATCH v2 4/6] ext4: allocate extended attribute value in vmalloc area Ye Bin
2022-12-07 10:58 ` Jan Kara
2022-12-07 7:40 ` [PATCH v2 5/6] ext4: rename xattr_find_entry() and __xattr_check_inode() Ye Bin
2022-12-07 7:35 ` Bagas Sanjaya
2022-12-07 7:41 ` Bagas Sanjaya
2022-12-07 10:58 ` Jan Kara
2022-12-07 7:40 ` [PATCH v2 6/6] ext4: fix inode leak in 'ext4_xattr_inode_create()' Ye Bin
2022-12-07 7:44 ` Bagas Sanjaya
2022-12-07 11:00 ` Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=63907B8A.9030800@huawei.com \
--to=yebin10@huawei.com \
--cc=adilger.kernel@dilger.ca \
--cc=jack@suse.cz \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tytso@mit.edu \
--cc=yebin@huaweicloud.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.