Re: [PATCH v2] ext4: validate ea_ino and size in check_xattrs

["Theodore Ts'o" <tytso@mit.edu>]

On Fri, Sep 26, 2025 at 01:47:14PM -0600, Andreas Dilger wrote:
> 
> *NOTE* I haven't tested whether e2fsck already handles this scenario
> correctly, but it is definitely worthwhile to test this with your
> reproducer image to see if e2fsck already fixes the issue. If that is
> already the case, then there is nothing more to be done.

It doesn't.  But see the patch that I sent to fix this.

> If e2fsck does *not* repair this error, then the right workflow is to
> make a *minimal* filesystem image with this corruption and use it for
> a new test case.

I aready sent a patch on this thread, and it includes a minimal file
sytem image.  Unfortunately, we don't have easy way to create
corrupted extended attributre entries using the debugfs tool.  This is
why I decided to just create the patch and test case, instead of
asking Deepanshu to try to create it, since creating the test case
requires using a hex editor and understanding of the extended
attribute layout.  One of these days we really should add the ability
to easily edit extended attribute blocks to corrupt them, but to date
it's been easier for me to just use emacs hexl-mode to edit the image.

The good news is that there are tools to examine extended attributes.
For example:

% debugfs /tmp/f_ea_zero_size.img
debugfs 1.47.3-rc2 (12-Jun-2025)
debugfs:  stat lustre
Inode: 12   Type: regular    Mode:  0644   Flags: 0x80000
Generation: 1631366467    Version: 0x00000000:00000001
User:     0   Group:     0   Project:     0   Size: 0
File ACL: 13
Links: 1   Blockcount: 8
Fragment:  Address: 0    Number: 0    Size: 0
 ctime: 0x594f621c:5143fea0 -- Sun Jun 25 03:11:24 2017
 atime: 0x594f621c:396c7aa4 -- Sun Jun 25 03:11:24 2017
 mtime: 0x594f621c:396c7aa4 -- Sun Jun 25 03:11:24 2017
crtime: 0x594f621c:396c7aa4 -- Sun Jun 25 03:11:24 2017
Size of extra inode fields: 32
EXTENTS:
debugfs:  block_dump -x 13
magic = ea020000, length = 4096
refcount = 1, blocks = 1
hash = 767a7676, checksum = 00000000
reserved: 00000000 00000000 00000000

offset = 32 (0040), hash = 3109, name_len = 2, name_index = 1
value_offset = 0 (0000), value_inum = 14, value_size = 0
name = be

offset = 52 (0064), hash = 2053076598, name_len = 2, name_index = 1
value_offset = 3996 (7634), value_inum = 0, value_size = 100
name = bi
value = vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv

last entry found at offset 72 (0110)

There are also debugfs commands "ea_get, ea_set, and ea_list", which
is good for edit valid extended attribute blocks.  So what I tend to
do is to use these tools to create a valid extended attribute block
--- and then I'll corrupt it using emacs hexl-mode.

    	     	  	     	   	 - Ted