Patch "ext4: avoid writing unitialized memory to disk in EA inodes" has been added to the 6.1-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    ext4: avoid writing unitialized memory to disk in EA inodes

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ext4-avoid-writing-unitialized-memory-to-disk-in-ea-.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 909b58075dac61adf0d00994d4214d1338929a2d
Author: Jan Kara <jack@xxxxxxx>
Date:   Thu Jun 13 17:02:34 2024 +0200

    ext4: avoid writing unitialized memory to disk in EA inodes
    
    [ Upstream commit 65121eff3e4c8c90f8126debf3c369228691c591 ]
    
    If the extended attribute size is not a multiple of block size, the last
    block in the EA inode will have uninitialized tail which will get
    written to disk. We will never expose the data to userspace but still
    this is not a good practice so just zero out the tail of the block as it
    isn't going to cause a noticeable performance overhead.
    
    Fixes: e50e5129f384 ("ext4: xattr-in-inode support")
    Reported-by: syzbot+9c1fe13fcb51574b249b@xxxxxxxxxxxxxxxxxxxxxxxxx
    Reported-by: Hugh Dickins <hughd@xxxxxxxxxx>
    Signed-off-by: Jan Kara <jack@xxxxxxx>
    Link: https://patch.msgid.link/20240613150234.25176-1-jack@xxxxxxx
    Signed-off-by: Theodore Ts'o <tytso@xxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
index 28d00ed833db4..f0a45d3ec4ebb 100644
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -1384,6 +1384,12 @@ static int ext4_xattr_inode_write(handle_t *handle, struct inode *ea_inode,
 			goto out;
 
 		memcpy(bh->b_data, buf, csize);
+		/*
+		 * Zero out block tail to avoid writing uninitialized memory
+		 * to disk.
+		 */
+		if (csize < blocksize)
+			memset(bh->b_data + csize, 0, blocksize - csize);
 		set_buffer_uptodate(bh);
 		ext4_handle_dirty_metadata(handle, ea_inode, bh);
 




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux