Received: by 2002:a05:6358:53a8:b0:117:f937:c515 with SMTP id z40csp120750rwe;
        Thu, 13 Apr 2023 23:29:33 -0700 (PDT)
X-Google-Smtp-Source: AKy350Y04SVlCE+gaoCBe7ESC+1hybDHS1QFyawtNhjBUGeP/k+oeHTC8pNOBWmOb397v4hZDEnK
X-Received: by 2002:a17:90b:384a:b0:246:9a4f:8b2e with SMTP id nl10-20020a17090b384a00b002469a4f8b2emr4406309pjb.1.1681453773412;
        Thu, 13 Apr 2023 23:29:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1681453773; cv=none;
        d=google.com; s=arc-20160816;
        b=QblWgwgqGtNwogk7DccBqwq7Th6xT/bNPVFzNFehevl0OeP7cE4niJjubV6QH29Sfk
         y7ZCtRZAJ8ajh6/gvBxbVLmy6qGcRnCEIL+5CUubTOdZeAZhXr5wmBAH6k0B7k9scqEF
         aL/IpVg/a9TlsfjtXfujSbFXkH0awd3b0m2LfkoVNHs0orCn8ST5lB++rUtrJOZjU2h+
         YbrgVru1v+hh/drL2bGLmLte7loor7HT9GlVZQ3SeGNePWZBgs/WcEfnCFIc+egN85Vi
         //ybo7UaSEgyDR+s9TmCr21Y/5EQiYwwgzHSHuwDuZrlIXyKmiWCFhn/GfBWHlU56T+g
         qc7g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:from
         :references:cc:to:subject:user-agent:mime-version:date:message-id;
        bh=q2OkY/zU+Ygg28oAfvaTkhBtutx3RM+hghfLjp+zt48=;
        b=xpW9MHYonMuS3SuN511eTYqBfl/OxWWHJX74V7NptMTpa2oaKWApbfzsA8i7ypFUf4
         SEyseLJA6Luj+D1cLGVI9x5g6hIQghLc82HCSzyoJBOUqub6cQCiVUb3vBtCAbdl82pl
         9h4WPPtBCqwlVHMLg4rtKoux+Z8UMH7TU2rV7fz+LqSMYHqts7o803ujkNTLdD14HPr/
         VD6mEHKWpCPyG6ckI99Q0DW0KFstjK0vSHygWQ0eMbNvxEoXvkp29yck74lTgO4n1Rpz
         FTj0UB/PemDtoqWVnLfvFc3WKwuGRUOuCKZT53/yGzdApthF/p6Z5OGMcCCBiEXeN8P/
         O/UA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id lx9-20020a17090b4b0900b002465d1de874si4150515pjb.130.2023.04.13.23.29.22;
        Thu, 13 Apr 2023 23:29:33 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229733AbjDNG3B (ORCPT <rfc822;arya.hemanshu@gmail.com>
        + 99 others); Fri, 14 Apr 2023 02:29:01 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58056 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229469AbjDNG3A (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 14 Apr 2023 02:29:00 -0400
Received: from out30-112.freemail.mail.aliyun.com (out30-112.freemail.mail.aliyun.com [115.124.30.112])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 291341FE7
        for <linux-kernel@vger.kernel.org>; Thu, 13 Apr 2023 23:28:32 -0700 (PDT)
X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R461e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018046049;MF=hsiangkao@linux.alibaba.com;NM=1;PH=DS;RN=6;SR=0;TI=SMTPD_---0Vg2TGjn_1681453692;
Received: from 30.97.49.1(mailfrom:hsiangkao@linux.alibaba.com fp:SMTPD_---0Vg2TGjn_1681453692)
          by smtp.aliyun-inc.com;
          Fri, 14 Apr 2023 14:28:13 +0800
Message-ID: <f2cbd4dc-5e24-9d09-4c8c-96d2dc4b2958@linux.alibaba.com>
Date:   Fri, 14 Apr 2023 14:28:11 +0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0)
 Gecko/20100101 Thunderbird/102.9.1
Subject: Re: [PATCH] erofs: fix potential overflow calculating xattr_isize
To:     Jingbo Xu <jefflexu@linux.alibaba.com>, xiang@kernel.org,
        chao@kernel.org, huyue2@coolpad.com, linux-erofs@lists.ozlabs.org
Cc:     linux-kernel@vger.kernel.org
References: <20230414061810.6479-1-jefflexu@linux.alibaba.com>
From:   Gao Xiang <hsiangkao@linux.alibaba.com>
In-Reply-To: <20230414061810.6479-1-jefflexu@linux.alibaba.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-11.0 required=5.0 tests=BAYES_00,
        ENV_AND_HDR_SPF_MATCH,NICE_REPLY_A,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,
        SPF_PASS,UNPARSEABLE_RELAY,USER_IN_DEF_SPF_WL autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



On 2023/4/14 14:18, Jingbo Xu wrote:
> Given on-disk i_xattr_icount is 16 bits and xattr_isize is calculated
> from i_xattr_icount multiplying 4, xattr_isize has a theoretical maximum
> of 256K (64K * 4).
> 
> Thus declare xattr_isize as unsigned int to avoid the potential overflow.
> 
> Fixes: bfb8674dc044 ("staging: erofs: add erofs in-memory stuffs")
> Signed-off-by: Jingbo Xu <jefflexu@linux.alibaba.com>

Thanks for catching this!
Reviewed-by: Gao Xiang <hsiangkao@linux.alibaba.com>

Thanks,
Gao Xiang

> ---
>   fs/erofs/internal.h | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/erofs/internal.h b/fs/erofs/internal.h
> index 8a563374b518..c86241a32ab3 100644
> --- a/fs/erofs/internal.h
> +++ b/fs/erofs/internal.h
> @@ -306,7 +306,7 @@ struct erofs_inode {
>   
>   	unsigned char datalayout;
>   	unsigned char inode_isize;
> -	unsigned short xattr_isize;
> +	unsigned int xattr_isize;
>   
>   	unsigned int xattr_shared_count;
>   	unsigned int *xattr_shared_xattrs;