On 22/06/16 10:13AM, Baokun Li wrote:
> When adding an xattr to an inode, we must ensure that the inode_size is
> not less than EXT4_GOOD_OLD_INODE_SIZE + extra_isize + pad. Otherwise,
> the end position may be greater than the start position, resulting in UAF.
>
> Signed-off-by: Baokun Li <[email protected]>
> ---
> fs/ext4/xattr.h | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/fs/ext4/xattr.h b/fs/ext4/xattr.h
> index 77efb9a627ad..f885f362add4 100644
> --- a/fs/ext4/xattr.h
> +++ b/fs/ext4/xattr.h
> @@ -95,6 +95,19 @@ struct ext4_xattr_entry {
>
> #define EXT4_ZERO_XATTR_VALUE ((void *)-1)
>
> +/*
> + * If we want to add an xattr to the inode, we should make sure that
> + * i_extra_isize is not 0 and that the inode size is not less than
> + * EXT4_GOOD_OLD_INODE_SIZE + extra_isize + pad.
> + * EXT4_GOOD_OLD_INODE_SIZE extra_isize header entry pad data
> + * |--------------------------|------------|------|---------|---|-------|
> + */
Thanks for adding the visual :)
Looks good to me. Feel free to add -
Reviewed-by: Ritesh Harjani (IBM) <[email protected]>
> +#define EXT4_INODE_HAS_XATTR_SPACE(inode) \
> + ((EXT4_I(inode)->i_extra_isize != 0) && \
> + (EXT4_GOOD_OLD_INODE_SIZE + EXT4_I(inode)->i_extra_isize + \
> + sizeof(struct ext4_xattr_ibody_header) + EXT4_XATTR_PAD <= \
> + EXT4_INODE_SIZE((inode)->i_sb)))
> +
> struct ext4_xattr_info {
> const char *name;
> const void *value;
> --
> 2.31.1
>