From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Eric Biggers <ebiggers@google.com>,
Chao Yu <chao@kernel.org>, Jaegeuk Kim <jaegeuk@kernel.org>
Subject: [PATCH 6.7 01/28] f2fs: explicitly null-terminate the xattr list
Date: Thu, 18 Jan 2024 11:48:51 +0100 [thread overview]
Message-ID: <20240118104301.297099258@linuxfoundation.org> (raw)
In-Reply-To: <20240118104301.249503558@linuxfoundation.org>
6.7-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Biggers <ebiggers@google.com>
commit e26b6d39270f5eab0087453d9b544189a38c8564 upstream.
When setting an xattr, explicitly null-terminate the xattr list. This
eliminates the fragile assumption that the unused xattr space is always
zeroed.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/xattr.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/fs/f2fs/xattr.c
+++ b/fs/f2fs/xattr.c
@@ -754,6 +754,12 @@ retry:
memcpy(pval, value, size);
last->e_value_size = cpu_to_le16(size);
new_hsize += newsize;
+ /*
+ * Explicitly add the null terminator. The unused xattr space
+ * is supposed to always be zeroed, which would make this
+ * unnecessary, but don't depend on that.
+ */
+ *(u32 *)((u8 *)last + newsize) = 0;
}
error = write_all_xattrs(inode, new_hsize, base_addr, ipage);
next prev parent reply other threads:[~2024-01-18 10:50 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-18 10:48 [PATCH 6.7 00/28] 6.7.1-rc1 review Greg Kroah-Hartman
2024-01-18 10:48 ` Greg Kroah-Hartman [this message]
2024-01-18 10:48 ` [PATCH 6.7 02/28] ALSA: hda/realtek: Add quirks for Dell models Greg Kroah-Hartman
2024-01-18 10:48 ` [PATCH 6.7 03/28] ALSA: hda: cs35l41: Support additional Dell models without _DSD Greg Kroah-Hartman
2024-01-18 10:48 ` [PATCH 6.7 04/28] ALSA: hda: cs35l41: Prevent firmware load if SPI speed too low Greg Kroah-Hartman
2024-01-18 10:48 ` [PATCH 6.7 05/28] ALSA: hda: Add driver properties for cs35l41 for Lenovo Legion Slim 7 Gen 8 serie Greg Kroah-Hartman
2024-01-18 10:48 ` [PATCH 6.7 06/28] ALSA: hda/realtek: enable SND_PCI_QUIRK for Lenovo Legion Slim 7 Gen 8 (2023) serie Greg Kroah-Hartman
2024-01-18 10:48 ` [PATCH 6.7 07/28] ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP Envy X360 13-ay0xxx Greg Kroah-Hartman
2024-01-18 10:48 ` [PATCH 6.7 08/28] ALSA: hda: cs35l41: Support more HP models without _DSD Greg Kroah-Hartman
2024-01-18 10:48 ` [PATCH 6.7 09/28] ACPI: resource: Add another DMI match for the TongFang GMxXGxx Greg Kroah-Hartman
2024-01-18 10:49 ` [PATCH 6.7 10/28] bus: moxtet: Mark the irq as shared Greg Kroah-Hartman
2024-01-18 10:49 ` [PATCH 6.7 11/28] bus: moxtet: Add spi device table Greg Kroah-Hartman
2024-01-18 10:49 ` [PATCH 6.7 12/28] drm/amd/display: Pass pwrseq inst for backlight and ABM Greg Kroah-Hartman
2024-01-18 10:49 ` [PATCH 6.7 13/28] ksmbd: dont allow O_TRUNC open on read-only share Greg Kroah-Hartman
2024-01-18 10:49 ` [PATCH 6.7 14/28] ksmbd: free ppace array on error in parse_dacl Greg Kroah-Hartman
2024-01-18 10:49 ` [PATCH 6.7 15/28] Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" Greg Kroah-Hartman
2024-01-18 10:49 ` [PATCH 6.7 16/28] binder: use EPOLLERR from eventpoll.h Greg Kroah-Hartman
2024-01-18 10:49 ` [PATCH 6.7 17/28] binder: fix use-after-free in shinkers callback Greg Kroah-Hartman
2024-01-18 10:49 ` [PATCH 6.7 18/28] binder: fix trivial typo of binder_free_buf_locked() Greg Kroah-Hartman
2024-01-18 10:49 ` [PATCH 6.7 19/28] binder: fix comment on binder_alloc_new_buf() return value Greg Kroah-Hartman
2024-01-18 10:49 ` [PATCH 6.7 20/28] uio: Fix use-after-free in uio_open Greg Kroah-Hartman
2024-01-18 10:49 ` [PATCH 6.7 21/28] parport: parport_serial: Add Brainboxes BAR details Greg Kroah-Hartman
2024-01-18 10:49 ` [PATCH 6.7 22/28] parport: parport_serial: Add Brainboxes device IDs and geometry Greg Kroah-Hartman
2024-01-18 10:49 ` [PATCH 6.7 23/28] leds: ledtrig-tty: Free allocated ttyname buffer on deactivate Greg Kroah-Hartman
2024-01-18 10:49 ` [PATCH 6.7 24/28] PCI: Add ACS quirk for more Zhaoxin Root Ports Greg Kroah-Hartman
2024-01-18 10:49 ` [PATCH 6.7 25/28] coresight: etm4x: Fix width of CCITMIN field Greg Kroah-Hartman
2024-01-18 10:49 ` [PATCH 6.7 26/28] scripts/decode_stacktrace.sh: optionally use LLVM utilities Greg Kroah-Hartman
2024-01-18 10:49 ` [PATCH 6.7 27/28] docs: kernel_feat.py: fix potential command injection Greg Kroah-Hartman
2024-01-18 10:49 ` [PATCH 6.7 28/28] mm/memory_hotplug: fix memmap_on_memory sysfs value retrieval Greg Kroah-Hartman
2024-01-18 16:35 ` [PATCH 6.7 00/28] 6.7.1-rc1 review Allen
2024-01-18 19:51 ` Florian Fainelli
2024-01-18 20:17 ` SeongJae Park
2024-01-19 0:43 ` Shuah Khan
2024-01-19 4:30 ` Ron Economos
2024-01-19 6:45 ` Bagas Sanjaya
2024-01-19 13:49 ` Ricardo B. Marliere
2024-01-19 14:14 ` Jon Hunter
2024-01-19 15:48 ` Naresh Kamboju
2024-01-19 16:01 ` Greg Kroah-Hartman
2024-01-19 17:35 ` Naresh Kamboju
2024-01-19 17:53 ` Luna Jernberg
2024-01-20 3:31 ` Justin Forbes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240118104301.297099258@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=chao@kernel.org \
--cc=ebiggers@google.com \
--cc=jaegeuk@kernel.org \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).