Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp640838ybi; Wed, 19 Jun 2019 05:33:20 -0700 (PDT) X-Google-Smtp-Source: APXvYqz4b8lI8cjUt3VoCJr7gk1gtJFrcLkDmhX7p0l5ckkgpaYxNC5G/koz0X0jK12gdzWkRbqc X-Received: by 2002:a17:90a:601:: with SMTP id j1mr10762341pjj.96.1560947600244; Wed, 19 Jun 2019 05:33:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560947600; cv=none; d=google.com; s=arc-20160816; b=s88MVnRzRvNdvNjfESWu4M+JrouR/6/F9X23GGcxd2b5WNoDqERkUj1W5hKSaEmqBa iPgQRcnpVOlfMjxpeg0gyLK0FOZQmSGHfbUfOxton/kwChcRRCgsJCpAcM3GM7kFO12I OCkNP7LuvGxN01ee/J1d6pAoWJY4glqd3p4c/m3SitjUd/QhpID6togs3Tx/lxSct9JL FKV4BXKhW9tCYqHM6v0/iWfKtDx8L+Reg/7XwNI5mvKTrW1S07JuT+MxoNJpXPzKqHe6 kggAxu6cCiuAS/WY1eOmD1jBXDKAa79hznfw/AFLjXQwvPMUPzG0K9RPnORiZ+Aq8Bmi rQ4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=Q9nhBmwrwHfOoOerDeiKRQeirD3gwygUcMsbcKSHFlg=; b=RDfx8tppX//G/FYXC/Ikt6sEQWOkVawTbBweapdwOVXRQrvBcNyNFhGXaYMpbwJq5z 5soYvHNWb+qJyCkoQU/YkgZk9bPBinBdwFUnksAIt3db3Lwz46epGx+lU4A5L2o9TJUG iiKpJ8l+rFVhq+DLH2ZPG5+Vl3/5TkSKkMq8rqNE4BT2u/KT0QytI/QtLCtuNIq0I62J EJCjGrWvPoLMHKQaHGPELTZxiuTNUk4mH4KvCxMGX7wSiUohPOwmoVvGZd5qWW56fLPI FIdTInge9G1yEkPw6YGTbOAGNqSkhAkBQOKCu8/08DMz0IOPURI7xslgCooilL5oYsOq 5ePQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v184si3184065pgv.566.2019.06.19.05.33.04; Wed, 19 Jun 2019 05:33:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731876AbfFSMcR (ORCPT + 99 others); Wed, 19 Jun 2019 08:32:17 -0400 Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:60531 "EHLO atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731755AbfFSMcQ (ORCPT ); Wed, 19 Jun 2019 08:32:16 -0400 Received: by atrey.karlin.mff.cuni.cz (Postfix, from userid 512) id 9B7458046F; Wed, 19 Jun 2019 14:32:03 +0200 (CEST) Date: Wed, 19 Jun 2019 14:32:10 +0200 From: Pavel Machek To: pavel@ucw.cz Cc: linux-kernel@vger.kernel.org, Randall Huang , Chao Yu , Jaegeuk Kim , Sasha Levin Subject: Re: [PATCH 4.19 33/75] f2fs: fix to avoid accessing xattr across the boundary Message-ID: <20190619123210.GA14477@xo-6d-61-c0.localdomain> References: <20190617210752.799453599@linuxfoundation.org> <20190617210754.076823433@linuxfoundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190617210754.076823433@linuxfoundation.org> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi! > When we traverse xattr entries via __find_xattr(), > if the raw filesystem content is faked or any hardware failure occurs, > out-of-bound error can be detected by KASAN. > Fix the issue by introducing boundary check. Ok, so this prevents fs corruption from causing problems, > @@ -340,7 +347,11 @@ static int lookup_all_xattrs(struct inode *inode, struct page *ipage, > else > cur_addr = txattr_addr; > > - *xe = __find_xattr(cur_addr, index, len, name); > + *xe = __find_xattr(cur_addr, last_txattr_addr, index, len, name); > + if (!*xe) { > + err = -EFAULT; > + goto out; > + } Is -EFAULT suitable here? We do not have userspace passing pointers to us, we have fs corruption. -EUNCLEAN? Should it do some kind of printk to let the user know fs is corrupted, and mark it as needing fsck? Thanks, Pavel