Received: by 2002:ab2:3141:0:b0:1ed:23cc:44d1 with SMTP id i1csp1905426lqg; Mon, 4 Mar 2024 07:18:14 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXTjxHd1cIP601BjCNLRYq8VAR1t4QDfiOvVZh4BdpGGf+/h417WppgqPblmWpDQq2FC65guyuX+gkCTfqNiG56nJRwGMPdX9C3sJ+5Gw== X-Google-Smtp-Source: AGHT+IFZ99SPcmYvksi/Tkd66J0Q87iX61HMOGqnF6qiR5ZLuvD9tmu3Nqk6XUSV1tBVIFnM3omd X-Received: by 2002:a17:90a:440d:b0:29a:f6d3:6860 with SMTP id s13-20020a17090a440d00b0029af6d36860mr11924673pjg.23.1709565494520; Mon, 04 Mar 2024 07:18:14 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709565494; cv=pass; d=google.com; s=arc-20160816; b=zMcsR9N7ykejS9vPmEyqohYuGJJwfjri7DxTmmGeBCTm18qt3o8VZJCf/7RN6UJLos zglTp9GyQBwVagZ543WT1PjgXFo/O+QxDUd14MwhKSGN4MLvoo/L0F7HaoBD8lk6hWnp 3ym6pMU3XM4c3+bq5CUQ/ot/pPqTGUSxr0E4H4GldYWiQIJvULR+izcFuH5I3Y0dwAtJ tlhOS7VQgE6cAI+gMXxeDnMG7YozQWlZfq2wj803VietBWRz4U+/li8JYUOinuvhmy1p 0WfCJSsPmU0kfLRGblbmH0pYIybrHHzrxyCuvKrjjWymJV2jCFDNwaVJKBjpvBfwdafY lmGw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=LEDJwrnfrEsPSAYxc3CvRSZGBXZmdWD+KaffBI/Bxs0=; fh=JwnHOgoPLV3FzzG6MtCD7/eQPPP3DmKK9l6NDnSGi5c=; b=j6tygUHV+5iL6fuLPunLNyHE52MNaVVKkY1kw05l/9LZcBszvZ5oXFZ8vc0djfKBuX 2ysNj3CSQg3S9k3DgSPrJEMlrOnArIyYWnBY+nsdbAoNiYuq7Lb+4aIYxgXvL+YaN0dK fTbh36VwcRjpH5IK6oY2nlgOPKezX8xpsjW8bSy0RE4CIkkc1D2Fp8xzaU3c3fs28VXY 9BxHQUwcT0ipNZUeEkpHPOS6kU6Zh0lV8vh9fPUTBfBh0nlbMg9CcPT0a5lrBRoQz4nM XMIIcgcd0VHoek7KjtaOcsPnLsenkIOpiALX7AfZuM0CEndXTcoSvoFlhvlTHp5VQkH6 cQPQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=oaYX0rd2; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-90755-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-90755-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id u12-20020a17090ac88c00b0029b5d3f3120si332767pjt.161.2024.03.04.07.18.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 07:18:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-90755-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=oaYX0rd2; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-90755-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-90755-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 1BB6AB22338 for ; Mon, 4 Mar 2024 14:44:33 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2406541C72; Mon, 4 Mar 2024 14:44:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="oaYX0rd2" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3BACA3FB02; Mon, 4 Mar 2024 14:44:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709563465; cv=none; b=UBI23rgCvJachXhrsrgcyNyfMP0sYqoDNrp8kuibOidHsGXId2WATxd+ssXIG8TkiYsXCrXghQDNRCdwfdwBIOo30UuoxFEVbIv2LoSUyoyvJDR0hG7vuONpAUKaLmFY56LFpzvK8p93/p3xI4QY337g5AN63yEUttal6pGsO34= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709563465; c=relaxed/simple; bh=CIWlzzc56P2a2Q8cEBY3mQwiAhICjTm2fIKGkNrlf+4=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=p9TpbKFWqWKIBZeLnvqg7MYIscG8md4hD+u3ob9gsoaFzWXaA8t9zZ1NrHTGLYIUYEdU1Iy0JbtMkCCp0FlzcJIhl0cTX7WiPJxZL5FW7Kl7PFBA3i+estS1/pkA7eQx+dFmX4QNFQAeI4xHfyYrgEzr9w7nmbFoSdvwnqR82FI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=oaYX0rd2; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id BD834C433C7; Mon, 4 Mar 2024 14:44:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1709563464; bh=CIWlzzc56P2a2Q8cEBY3mQwiAhICjTm2fIKGkNrlf+4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=oaYX0rd2KQHS+m+uJGLZDqBX9AA781YzMFOBRtB2WMhbKdZumhhNjk3W40fZKclBK tKW7W8HIDG3Hn5h3wJqxUqhl63BoV1E637nsx3iYars/M+6XxCHUXjBP0fiVGAgciW GlZk1YWNzX96kEVtFWUwP7+nHMvBSWbCLlMueGnM4cN/UNdMLcEVg5NHkHZRxIxgf5 ynJVBl+YXjn7OZDj64V2aGz288m8ZHx+PkfIMPRhUE+az/mwFwO2LDNaLDjRx+tZDd Dv8+BIClKI6d40BrhiTo0x+BuNigSTEPziH8k6ETdnQFJV3ZsJQiT8q/hO7gjqxDO1 fjgoRJVpI8NUw== Date: Mon, 4 Mar 2024 08:44:23 -0600 From: Seth Forshee To: Christian Brauner Cc: Christian Schoenebeck , Eric Van Hensbergen , Latchesar Ionkov , Dominique Martinet , v9fs@lists.linux.dev, linux-kernel@vger.kernel.org, xingwei lee , sam sun Subject: Re: [PATCH] 9p: cap xattr max size to XATTR_SIZE_MAX Message-ID: References: <20240304-xattr_maxsize-v1-1-322357ec6bdf@codewreck.org> <4091309.WcpKHNDlqE@silver> <20240304-zeitschrift-tagung-6f2a28e781bc@brauner> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Mon, Mar 04, 2024 at 08:35:46AM -0600, Seth Forshee wrote: > On Mon, Mar 04, 2024 at 03:19:58PM +0100, Christian Brauner wrote: > > On Mon, Mar 04, 2024 at 02:35:07PM +0100, Christian Schoenebeck wrote: > > > On Monday, March 4, 2024 1:42:43 PM CET Dominique Martinet wrote: > > > > We probably shouldn't ever get an xattr bigger than that, and the current check > > > > of SSIZE_MAX is a bit too large. > > > > > > Maybe, OTOH e.g. ACLs (dynamic size) are implemented by storing them as xattrs > > > on 9p server as well, and this change somewhat expects server to run Linux as > > > well. So maybe s/XATTR_SIZE_MAX/KMALLOC_MAX_SIZE/ might be more appropriate, > > > considering that this patch is about fixing a potential kmalloc() warning? > > > > > > Worth to mention in the commit log BTW what the issue was. > > > > > > /Christian > > > > So the error is somewhat specific to filesystem capabilities which also > > live in the xattr apis but Seth is working to get rid of them in there. > > > > They currently use a special api vfs_getxattr_alloc() which is an > > in-kernel api that does a racy query-size+allocate-buffer+retrieve-data > > dance. > > Yes, the patches I've sent does use vfs_getxattr_alloc() for fscaps > anymore. Sorry, typo above. My patches do _not_ use vfs_getxattr_alloc() for fscaps anymore. > > > That api is used for fscaps, security labels, and other xattrs. And that > > api doesn't do any size checks which probably should also be fixed now > > that I write this. > > > > @Seth? > > I agree. I don't see any reason that vfs_getxattr_alloc() shouldn't just > bail out with an error if the size of the xattr is >= XATTR_SIZE_MAX.