Received: by 2002:ab2:3141:0:b0:1ed:23cc:44d1 with SMTP id i1csp1797090lqg; Mon, 4 Mar 2024 04:19:25 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWZ5sTLdx31oiDINkwpMaUSFor8wGxy/3VhdeN5ERXIH4zqI8mOxBGtfqr8IzUZZ9sqV9Hf+MpjmVtlcrtpaStoh0+BqlyOalXAG2tg2g== X-Google-Smtp-Source: AGHT+IHiokyTmftqI7Akev1XH1tiS5Ny0/zWEtzFTQt5kvJu4KPsjsK+cDQGiL69/us1JjGdqcRs X-Received: by 2002:a17:902:f707:b0:1dd:803:978e with SMTP id h7-20020a170902f70700b001dd0803978emr4097435plo.24.1709554764989; Mon, 04 Mar 2024 04:19:24 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709554764; cv=pass; d=google.com; s=arc-20160816; b=tIAp9PPAiIadPPVfgEQYeXojGi/wgjxFPGKkzFaeO+xX720QUUCSB4qJNdSUWQeMxJ 4Mc2mzsOWW98e9A2qKKFlwiwml79UvTFFsvpkv+C0iplMkGDwQQcEBPY9Vx58jas6EK1 IQIBw1Y4CjVTN5CckifXPwntsRjHxo/zYleXwnCWJvlDxA0NPQnRy3koTEGO6toMVQ07 PPr7aE7mVRiCUs079SltC8E1Zf9/FuKPf/8AIrb7qOcGdJT5kVL1TVpOq2qI98EF70OV cyLrvZvjRznuRBdaGMGUZ7JpLgIdiTKZ6GzFhUE6TB4eSPk/h/X/7Y+8eDzN1pGGhWFF fUrg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=tiauvv28y0ucyceYfk3U2TA4Sm99qZ8jWAqMl0YDdps=; fh=d4CzPUawWAIPgcjts4/mVFrMHLBf/1oq9IcTkvm69BQ=; b=q97pZBkwNfKEIDnzhEXcxyeKS7Za8qvKMPqwnb+JNrxmgx2V2mY5gHLe3EqL5+U9fo ElIXGz3uWLQjAXJ14+mMyQtPcm8Xug8bHzKCgHJG0aD6xXbRxFSlnC9SiROkEVKzCPgq W/qBeyQ6/y4CX9UNw5Xw+aXR3cmF865ysJMnvA/DxapSv7m5VVqx8/Lk0b5PQS6WrPM4 Ui/W4LksHjAOk+gprBCm03DmKYtYoq0szLhTaQayPfW+NQ1/TvM8AZq0pMFSgY9GLsLd xJm34Qr2Ze8ZmSasj3nQgajdq7sevx5IAhbvLliewmpfAbmhY93ziS/4DEsCQlbl4gEW tyrA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ZUI2hZ4O; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-90560-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-90560-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id m4-20020a170902f64400b001dc8571a8dbsi8491994plg.47.2024.03.04.04.19.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 04:19:24 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-90560-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ZUI2hZ4O; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-90560-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-90560-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id DB9C5B2104B for ; Mon, 4 Mar 2024 12:19:17 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id AB7353BBF8; Mon, 4 Mar 2024 12:19:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ZUI2hZ4O" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CD53F224DF; Mon, 4 Mar 2024 12:19:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709554747; cv=none; b=K8mHw0/FufPHHSbg78UdXjGzYtRWcnxAW287/WOaRtDrDHGK/P6fqxwVwWZf3OfHjYNyDgbeN39kVWHGG7WfYpQKnKz8pdYNQhv3N5dL9TDZAUcFZxKXWaWqJ6UPb3R0gSO9qmqCHjW2m2H2wNayrOTcPlQaHEtzmebGNnUOw0o= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709554747; c=relaxed/simple; bh=+Xw4yL/juL36M9CS5u3iiQJvhPaohn+valC9SCU0ybc=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=bCZjtbWkOfc08ddXx1otLXlvXvfeICVX4DZHCEcNETCWzUzG9iunftGbZ4oFmS8vq/KxosoIB948OcuN/4zStKcsSR0jiOzyzKz5pSE8MymXzqGKISiB7FyUnMzggvnol3n2TGwElX0X/8E1UmNoqtJ/g+FClHFwzV03tKYdTyQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ZUI2hZ4O; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id D36F2C433F1; Mon, 4 Mar 2024 12:19:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1709554747; bh=+Xw4yL/juL36M9CS5u3iiQJvhPaohn+valC9SCU0ybc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=ZUI2hZ4OWyfYui0MJR/fJWyPYofxYOcvEJ5DI5z16+KtH7rdtSfHUvftD8pxYv3OS Jc7qJDmbS15d8t3ugJKe1V7YtWvL/oFLbb4Eqzu9vrZUmiuKwoJRwMdYkzT+pqv8xO h3lrVQ8b6Jm+hEQAHgS2R5Kgvody6lBsg1TewvwUIZ+HgyTSeOc6gyJkfLVwKfDxWF oW3YBP15Z1GMWhXHEecrhhiPIasG6UweQmh7JdpKv2x0EAdvAMLY5S4wy25I+nSG9+ QOkTl8utddU4tV378UMm9IVrEcP9A7KhccuWtuPVxeUxs3WaRTAMwmLU14vshiHLGS +4IV2oFFV3X8A== Date: Mon, 4 Mar 2024 13:19:02 +0100 From: Christian Brauner To: Dominique Martinet Cc: xingwei lee , linux-kernel@vger.kernel.org, samsun1006219@gmail.com, linux-fsdevel@vger.kernel.org, syzkaller@googlegroups.com, jack@suse.cz, viro@zeniv.linux.org.uk, Eric Van Hensbergen , v9fs@lists.linux.dev Subject: Re: WARNING in vfs_getxattr_alloc Message-ID: <20240304-essverhalten-wortlaut-d4cc40939a3c@brauner> References: <20240304-stuhl-appetit-656a443d78a5@brauner> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: On Mon, Mar 04, 2024 at 09:11:23PM +0900, Dominique Martinet wrote: > Christian Brauner wrote on Mon, Mar 04, 2024 at 12:50:12PM +0100: > > > kernel: lastest linux 6.7.rc8 90d35da658da8cff0d4ecbb5113f5fac9d00eb72 > > > kernel config: https://syzkaller.appspot.com/text?tag=KernelConfig&x=4a65fa9f077ead01 > > > with KASAN enabled > > > compiler: gcc (GCC) 12.2.0 > > > > > > TITLE: WARNING in vfs_getxattr_alloc------------[ cut here ]------------ > > > > Very likely a bug in 9p. Report it on that mailing list. It seems that > > p9_client_xattrwalk() returns questionable values for attr_size: > > 748310584784038656 > > That's obviously a rather problematic allocation request. > > That's whatever the server requested -- in 9p we don't have the data at > allocation time (xattrwalk returns the size, then we "read" it out in a > subsequent request), so we cannot double-check that the size makes sense > based on a payload at this point. > > We could obviously add a max (the current max of SSIZE_MAX is "a bit" > too generous), but I honestly have no idea what'd make sense for this > without breaking some weird usecase somewhere (given the content is > "read" we're not limited by the size of a single message; I've seen > someone return large content as synthetic xattrs so it's hard to put an > actual number for me). > If the linux VFS has a max hard-wired somewhere plase tell me and I'll > be glad to change the max. Surprisingly we have a max limit that exists in a way because the whole xattr uapi is somewhat broken. So best to limit it at XATTR_SIZE_MAX. See fs/xattr.c for how it's used.