From cb92e705d3d252f6d2d615a8b579906c7b7a8102 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sun, 23 Jul 2023 22:42:33 +0200 Subject: [PATCH] 4.19-stable patches added patches: ext4-correct-inline-offset-when-handling-xattrs-in-inode-body.patch --- ...t-when-handling-xattrs-in-inode-body.patch | 54 +++++++++++++++++++ queue-4.19/series | 1 + 2 files changed, 55 insertions(+) create mode 100644 queue-4.19/ext4-correct-inline-offset-when-handling-xattrs-in-inode-body.patch diff --git a/queue-4.19/ext4-correct-inline-offset-when-handling-xattrs-in-inode-body.patch b/queue-4.19/ext4-correct-inline-offset-when-handling-xattrs-in-inode-body.patch new file mode 100644 index 00000000000..a63fa3f78be --- /dev/null +++ b/queue-4.19/ext4-correct-inline-offset-when-handling-xattrs-in-inode-body.patch @@ -0,0 +1,54 @@ +From 6909cf5c4101214f4305a62d582a5b93c7e1eb9a Mon Sep 17 00:00:00 2001 +From: Eric Whitney +Date: Mon, 22 May 2023 14:15:20 -0400 +Subject: ext4: correct inline offset when handling xattrs in inode body + +From: Eric Whitney + +commit 6909cf5c4101214f4305a62d582a5b93c7e1eb9a upstream. + +When run on a file system where the inline_data feature has been +enabled, xfstests generic/269, generic/270, and generic/476 cause ext4 +to emit error messages indicating that inline directory entries are +corrupted. This occurs because the inline offset used to locate +inline directory entries in the inode body is not updated when an +xattr in that shared region is deleted and the region is shifted in +memory to recover the space it occupied. If the deleted xattr precedes +the system.data attribute, which points to the inline directory entries, +that attribute will be moved further up in the region. The inline +offset continues to point to whatever is located in system.data's former +location, with unfortunate effects when used to access directory entries +or (presumably) inline data in the inode body. + +Cc: stable@kernel.org +Signed-off-by: Eric Whitney +Link: https://lore.kernel.org/r/20230522181520.1570360-1-enwlinux@gmail.com +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman +--- + fs/ext4/xattr.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +--- a/fs/ext4/xattr.c ++++ b/fs/ext4/xattr.c +@@ -1767,6 +1767,20 @@ static int ext4_xattr_set_entry(struct e + memmove(here, (void *)here + size, + (void *)last - (void *)here + sizeof(__u32)); + memset(last, 0, size); ++ ++ /* ++ * Update i_inline_off - moved ibody region might contain ++ * system.data attribute. Handling a failure here won't ++ * cause other complications for setting an xattr. ++ */ ++ if (!is_block && ext4_has_inline_data(inode)) { ++ ret = ext4_find_inline_data_nolock(inode); ++ if (ret) { ++ ext4_warning_inode(inode, ++ "unable to update i_inline_off"); ++ goto out; ++ } ++ } + } else if (s->not_found) { + /* Insert new name. */ + size_t size = EXT4_XATTR_LEN(name_len); diff --git a/queue-4.19/series b/queue-4.19/series index 101b1bb64aa..4fdd3db05ba 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -189,3 +189,4 @@ tracing-histograms-add-histograms-to-hist_vars-if-they-have-referenced-variables perf-probe-add-test-for-regression-introduced-by-switch-to-die_get_decl_file.patch fuse-revalidate-don-t-invalidate-if-interrupted.patch can-bcm-fix-uaf-in-bcm_proc_show.patch +ext4-correct-inline-offset-when-handling-xattrs-in-inode-body.patch -- 2.47.3