queue-5.0/ext4-ignore-e_value_offs-for-xattrs-with-value-in-ea-inode.patch

   1 From e5d01196c0428a206f307e9ee5f6842964098ff0 Mon Sep 17 00:00:00 2001
   2 From: Theodore Ts'o <tytso@mit.edu>
   3 Date: Wed, 10 Apr 2019 00:37:36 -0400
   4 Subject: ext4: ignore e_value_offs for xattrs with value-in-ea-inode
   5
   6 From: Theodore Ts'o <tytso@mit.edu>
   7
   8 commit e5d01196c0428a206f307e9ee5f6842964098ff0 upstream.
   9
  10 In other places in fs/ext4/xattr.c, if e_value_inum is non-zero, the
  11 code ignores the value in e_value_offs.  The e_value_offs *should* be
  12 zero, but we shouldn't depend upon it, since it might not be true in a
  13 corrupted/fuzzed file system.
  14
  15 Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=202897
  16 Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=202877
  17 Signed-off-by: Theodore Ts'o <tytso@mit.edu>
  18 Cc: stable@kernel.org
  19 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  20
  21 ---
  22  fs/ext4/xattr.c |    2 +-
  23  1 file changed, 1 insertion(+), 1 deletion(-)
  24
  25 --- a/fs/ext4/xattr.c
  26 +++ b/fs/ext4/xattr.c
  27 @@ -1696,7 +1696,7 @@ static int ext4_xattr_set_entry(struct e
  28
  29         /* No failures allowed past this point. */
  30
  31 -       if (!s->not_found && here->e_value_size && here->e_value_offs) {
  32 +       if (!s->not_found && here->e_value_size && !here->e_value_inum) {
  33                 /* Remove the old value. */
  34                 void *first_val = s->base + min_offs;
  35                 size_t offs = le16_to_cpu(here->e_value_offs);