This is a note to let you know that I've just added the patch titled
ext4: avoid writing unitialized memory to disk in EA inodes
to the 5.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
ext4-avoid-writing-unitialized-memory-to-disk-in-ea-.patch
and it can be found in the queue-5.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 49e5209545147355d2e9adc9c055873452a15093
Author: Jan Kara <jack@xxxxxxx>
Date: Thu Jun 13 17:02:34 2024 +0200
ext4: avoid writing unitialized memory to disk in EA inodes
[ Upstream commit 65121eff3e4c8c90f8126debf3c369228691c591 ]
If the extended attribute size is not a multiple of block size, the last
block in the EA inode will have uninitialized tail which will get
written to disk. We will never expose the data to userspace but still
this is not a good practice so just zero out the tail of the block as it
isn't going to cause a noticeable performance overhead.
Fixes: e50e5129f384 ("ext4: xattr-in-inode support")
Reported-by: syzbot+9c1fe13fcb51574b249b@xxxxxxxxxxxxxxxxxxxxxxxxx
Reported-by: Hugh Dickins <hughd@xxxxxxxxxx>
Signed-off-by: Jan Kara <jack@xxxxxxx>
Link: https://patch.msgid.link/20240613150234.25176-1-jack@xxxxxxx
Signed-off-by: Theodore Ts'o <tytso@xxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
index cb7faaa935cc6..d65f1eb85a924 100644
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -1396,6 +1396,12 @@ static int ext4_xattr_inode_write(handle_t *handle, struct inode *ea_inode,
goto out;
memcpy(bh->b_data, buf, csize);
+ /*
+ * Zero out block tail to avoid writing uninitialized memory
+ * to disk.
+ */
+ if (csize < blocksize)
+ memset(bh->b_data + csize, 0, blocksize - csize);
set_buffer_uptodate(bh);
ext4_handle_dirty_metadata(handle, ea_inode, bh);
