This is a note to let you know that I've just added the patch titled
ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
to the 5.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
ext4-add-ext4_inode_has_xattr_space-macro-in-xattr.h.patch
and it can be found in the queue-5.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 179b14152dcb6a24c3415200603aebca70ff13af Mon Sep 17 00:00:00 2001
From: Baokun Li <libaokun1@xxxxxxxxxx>
Date: Thu, 16 Jun 2022 10:13:55 +0800
Subject: ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
From: Baokun Li <libaokun1@xxxxxxxxxx>
commit 179b14152dcb6a24c3415200603aebca70ff13af upstream.
When adding an xattr to an inode, we must ensure that the inode_size is
not less than EXT4_GOOD_OLD_INODE_SIZE + extra_isize + pad. Otherwise,
the end position may be greater than the start position, resulting in UAF.
Signed-off-by: Baokun Li <libaokun1@xxxxxxxxxx>
Reviewed-by: Jan Kara <jack@xxxxxxx>
Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@xxxxxxxxx>
Link: https://lore.kernel.org/r/20220616021358.2504451-2-libaokun1@xxxxxxxxxx
Signed-off-by: Theodore Ts'o <tytso@xxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/ext4/xattr.h | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- a/fs/ext4/xattr.h
+++ b/fs/ext4/xattr.h
@@ -95,6 +95,19 @@ struct ext4_xattr_entry {
#define EXT4_ZERO_XATTR_VALUE ((void *)-1)
+/*
+ * If we want to add an xattr to the inode, we should make sure that
+ * i_extra_isize is not 0 and that the inode size is not less than
+ * EXT4_GOOD_OLD_INODE_SIZE + extra_isize + pad.
+ * EXT4_GOOD_OLD_INODE_SIZE extra_isize header entry pad data
+ * |--------------------------|------------|------|---------|---|-------|
+ */
+#define EXT4_INODE_HAS_XATTR_SPACE(inode) \
+ ((EXT4_I(inode)->i_extra_isize != 0) && \
+ (EXT4_GOOD_OLD_INODE_SIZE + EXT4_I(inode)->i_extra_isize + \
+ sizeof(struct ext4_xattr_ibody_header) + EXT4_XATTR_PAD <= \
+ EXT4_INODE_SIZE((inode)->i_sb)))
+
struct ext4_xattr_info {
const char *name;
const void *value;
Patches currently in stable-queue which might be from libaokun1@xxxxxxxxxx are
queue-5.10/ext4-correct-max_inline_xattr_value_size-computing.patch
queue-5.10/ext4-fix-use-after-free-in-ext4_xattr_set_entry.patch
queue-5.10/ext4-correct-the-misjudgment-in-ext4_iget_extra_inode.patch
queue-5.10/ext4-add-ext4_inode_has_xattr_space-macro-in-xattr.h.patch
