Thanks for the patch Richard, it looks good to me. Reviewed-by: Harshad Shirwadkar <harshadshirwadkar@xxxxxxxxx> On Tue, Dec 1, 2020 at 7:29 AM Richard Weinberger <richard@xxxxxx> wrote: > > As soon the first file is opened, ext4 samples the mountpoint > of the filesystem in 64 bytes of the super block. > It does so using strlcpy(), this means that the remaining bytes > in the super block string buffer are untouched. > If the mount point before had a longer path than the current one, > it can be reconstructed. > > Consider the case where the fs was mounted to "/media/johnjdeveloper" > and later to "/". > The the super block buffer then contains "/\x00edia/johnjdeveloper". > > This case was seen in the wild and caused confusion how the name > of a developer ands up on the super block of a filesystem used > in production... > > Fix this by clearing the string buffer before writing to it, > > Signed-off-by: Richard Weinberger <richard@xxxxxx> > --- > fs/ext4/file.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/fs/ext4/file.c b/fs/ext4/file.c > index 3ed8c048fb12..dba521250d01 100644 > --- a/fs/ext4/file.c > +++ b/fs/ext4/file.c > @@ -809,6 +809,7 @@ static int ext4_sample_last_mounted(struct super_block *sb, > err = ext4_journal_get_write_access(handle, sbi->s_sbh); > if (err) > goto out_journal; > + memset(sbi->s_es->s_last_mounted, 0x00, sizeof(sbi->s_es->s_last_mounted)); > strlcpy(sbi->s_es->s_last_mounted, cp, > sizeof(sbi->s_es->s_last_mounted)); > ext4_handle_dirty_super(handle, sb); > -- > 2.26.2 >
