ntfs: reject non-resident records for resident-only attributes

The shared lookup-time attribute validator rejects non-resident
$FILE_NAME and $VOLUME_NAME records because their formats require
resident values and callers handle returned records as resident
attributes. Other resident-only attribute types still pass through the
generic non-resident mapping-pairs checks.

That leaves real resident/non-resident union confusion paths. Inode load
looks up $STANDARD_INFORMATION and then reads data.resident.value_offset
without checking a->non_resident. ntfs_inode_sync_standard_information()
does the same when updating the standard information value.
ntfs_write_volume_flags() also looks up $VOLUME_INFORMATION and reads
data.resident.value_offset directly. $INDEX_ROOT callers in dir.c and
index.c depend on the same lookup contract before consuming the resident
index root value.

Reject non-resident records for all resident-only attribute types in the
shared validator. Keep the existing $FILE_NAME and $VOLUME_NAME behavior,
but factor it through a helper and extend it to
$STANDARD_INFORMATION, $OBJECT_ID, $VOLUME_INFORMATION, $INDEX_ROOT, and
$EA_INFORMATION. For $OBJECT_ID and $EA_INFORMATION this is contract
hardening for resident-only formats; this patch only rejects the
non-resident form and does not add new resident value validation for
those types.

Cc: stable@vger.kernel.org # v7.1
Signed-off-by: DaeMyung Kang <charsyam@gmail.com>
Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>

diff --git a/fs/ntfs/attrib.c b/fs/ntfs/attrib.c
index 1e0076ef81efcc220efa88f400f106cbbaf04277..1cd6664567ceb0231a7935856c21562af923eabc 100644 (file)
--- a/fs/ntfs/attrib.c
+++ b/fs/ntfs/attrib.c
@@ -596,6 +596,22 @@ static u32 ntfs_resident_attr_min_value_length(const __le32 type)
        }
 }
 
+static bool ntfs_attr_type_is_resident_only(const __le32 type)
+{
+       switch (type) {
+       case AT_STANDARD_INFORMATION:
+       case AT_FILE_NAME:
+       case AT_OBJECT_ID:
+       case AT_VOLUME_NAME:
+       case AT_VOLUME_INFORMATION:
+       case AT_INDEX_ROOT:
+       case AT_EA_INFORMATION:
+               return true;
+       default:
+               return false;
+       }
+}
+
 static bool ntfs_file_name_attr_value_is_valid(const u8 *value, const u32 value_length)
 {
        const struct file_name_attr *fn;
@@ -666,7 +682,7 @@ static bool ntfs_attr_value_is_valid(struct ntfs_volume *vol,
        u32 min_len;
 
        if (a->non_resident) {
-               if (a->type == AT_FILE_NAME || a->type == AT_VOLUME_NAME)
+               if (ntfs_attr_type_is_resident_only(a->type))
                        goto corrupt;
                if (!ntfs_non_resident_attr_value_is_valid(a))
                        goto corrupt;