On May 23, 2018, at 9:37 AM, Theodore Ts'o <tytso@xxxxxxx> wrote: > > The inline data feature was implemented before we added support for > external inodes for xattrs. It makes no sense to support that > combination, but the problem is that there are a number of extended > attribute checks that are skipped if e_value_inum is non-zero. > > Unfortunately, the inline data code is completely e_value_inum > unaware, and attempts to interpret the xattr fields as if it were an > inline xattr --- at which point, Hilarty Ensues. > > https://bugzilla.kernel.org/show_bug.cgi?id=199803 > > Reported-by: Jann Horn <jannh@xxxxxxxxxx> > Signed-off-by: Theodore Ts'o <tytso@xxxxxxx> Reviewed-by: Andreas Dilger <adilger@xxxxxxxxx> > Fixes: e50e5129f384 ("ext4: xattr-in-inode support") > Cc: stable@xxxxxxxxxx > --- > fs/ext4/inline.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c > index 70cf4c7b268a..44b4fcdc3755 100644 > --- a/fs/ext4/inline.c > +++ b/fs/ext4/inline.c > @@ -144,6 +144,12 @@ int ext4_find_inline_data_nolock(struct inode *inode) > goto out; > > if (!is.s.not_found) { > + if (is.s.here->e_value_inum) { > + EXT4_ERROR_INODE(inode, "inline data xattr refers " > + "to an external xattr inode"); > + error = -EFSCORRUPTED; > + goto out; > + } > EXT4_I(inode)->i_inline_off = (u16)((void *)is.s.here - > (void *)ext4_raw_inode(&is.iloc)); > EXT4_I(inode)->i_inline_size = EXT4_MIN_INLINE_DATA_SIZE + > -- > 2.16.1.72.g5be1f00a9a > Cheers, Andreas
Attachment:
signature.asc
Description: Message signed with OpenPGP
