From: Jan Kara <jack@suse.cz>
To: Baokun Li <libaokun1@huawei.com>
Cc: linux-ext4@vger.kernel.org, tytso@mit.edu,
adilger.kernel@dilger.ca, jack@suse.cz, ritesh.list@gmail.com,
lczerner@redhat.com, enwlinux@gmail.com,
linux-kernel@vger.kernel.org, yi.zhang@huawei.com,
yebin10@huawei.com, yukuai3@huawei.com
Subject: Re: [PATCH v3 1/4] ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
Date: Thu, 16 Jun 2022 12:06:10 +0200 [thread overview]
Message-ID: <20220616100610.y36iqovyynckhee7@quack3.lan> (raw)
In-Reply-To: <20220616021358.2504451-2-libaokun1@huawei.com>
On Thu 16-06-22 10:13:55, Baokun Li wrote:
> When adding an xattr to an inode, we must ensure that the inode_size is
> not less than EXT4_GOOD_OLD_INODE_SIZE + extra_isize + pad. Otherwise,
> the end position may be greater than the start position, resulting in UAF.
>
> Signed-off-by: Baokun Li <libaokun1@huawei.com>
Looks good. Feel free to add:
Reviewed-by: Jan Kara <jack@suse.cz>
Honza
> ---
> fs/ext4/xattr.h | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/fs/ext4/xattr.h b/fs/ext4/xattr.h
> index 77efb9a627ad..f885f362add4 100644
> --- a/fs/ext4/xattr.h
> +++ b/fs/ext4/xattr.h
> @@ -95,6 +95,19 @@ struct ext4_xattr_entry {
>
> #define EXT4_ZERO_XATTR_VALUE ((void *)-1)
>
> +/*
> + * If we want to add an xattr to the inode, we should make sure that
> + * i_extra_isize is not 0 and that the inode size is not less than
> + * EXT4_GOOD_OLD_INODE_SIZE + extra_isize + pad.
> + * EXT4_GOOD_OLD_INODE_SIZE extra_isize header entry pad data
> + * |--------------------------|------------|------|---------|---|-------|
> + */
> +#define EXT4_INODE_HAS_XATTR_SPACE(inode) \
> + ((EXT4_I(inode)->i_extra_isize != 0) && \
> + (EXT4_GOOD_OLD_INODE_SIZE + EXT4_I(inode)->i_extra_isize + \
> + sizeof(struct ext4_xattr_ibody_header) + EXT4_XATTR_PAD <= \
> + EXT4_INODE_SIZE((inode)->i_sb)))
> +
> struct ext4_xattr_info {
> const char *name;
> const void *value;
> --
> 2.31.1
>
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
next prev parent reply other threads:[~2022-06-16 10:06 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-16 2:13 [PATCH v3 0/4] ext4: fix use-after-free in ext4_xattr_set_entry Baokun Li
2022-06-16 2:13 ` [PATCH v3 1/4] ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h Baokun Li
2022-06-16 4:00 ` Ritesh Harjani
2022-06-16 10:06 ` Jan Kara [this message]
2022-06-16 2:13 ` [PATCH v3 2/4] ext4: fix use-after-free in ext4_xattr_set_entry Baokun Li
2022-06-16 4:02 ` Ritesh Harjani
2022-06-16 10:07 ` Jan Kara
2022-06-16 2:13 ` [PATCH v3 3/4] ext4: correct max_inline_xattr_value_size computing Baokun Li
2022-06-16 4:04 ` Ritesh Harjani
2022-06-16 10:08 ` Jan Kara
2022-06-16 2:13 ` [PATCH v3 4/4] ext4: correct the misjudgment in ext4_iget_extra_inode Baokun Li
2022-06-16 4:08 ` Ritesh Harjani
2022-06-16 10:09 ` Jan Kara
2022-07-14 15:00 ` [PATCH v3 0/4] ext4: fix use-after-free in ext4_xattr_set_entry Theodore Ts'o
2022-07-22 13:58 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220616100610.y36iqovyynckhee7@quack3.lan \
--to=jack@suse.cz \
--cc=adilger.kernel@dilger.ca \
--cc=enwlinux@gmail.com \
--cc=lczerner@redhat.com \
--cc=libaokun1@huawei.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ritesh.list@gmail.com \
--cc=tytso@mit.edu \
--cc=yebin10@huawei.com \
--cc=yi.zhang@huawei.com \
--cc=yukuai3@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox