[PATCH] 9p: Limit xattr size to XATTR_SIZE_MAX
From: Leo Stone
Date: Wed Dec 11 2024 - 19:22:08 EST
syzbot triggered a warning in kmalloc by trying to mount a v9fs
filesystem from a pipe, after specifying an ACL size of 9TB for the
root inode in the data written to the pipe.
An xattr larger than XATTR_SIZE_MAX is considered invalid by the VFS
layer anyway. See do_getxattr():
> } else if (error == -ERANGE && ctx->size >= XATTR_SIZE_MAX) {
> /* The file system tried to returned a value bigger
> than XATTR_SIZE_MAX bytes. Not possible. */
> error = -E2BIG;
> }
Reported-by: syzbot+03fb58296859d8dbab4d@xxxxxxxxxxxxxxxxxxxxxxxxx
Closes: https://syzkaller.appspot.com/bug?extid=03fb58296859d8dbab4d
Fixes: ebf46264a004 ("fs/9p: Add support user. xattr")
Signed-off-by: Leo Stone <leocstone@xxxxxxxxx>
---
See: https://lore.kernel.org/all/675963eb.050a0220.17f54a.0038.GAE@xxxxxxxxxx/T/
---
fs/9p/xattr.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/9p/xattr.c b/fs/9p/xattr.c
index 8604e3377ee7..97f60b73bf16 100644
--- a/fs/9p/xattr.c
+++ b/fs/9p/xattr.c
@@ -37,8 +37,8 @@ ssize_t v9fs_fid_xattr_get(struct p9_fid *fid, const char *name,
if (attr_size > buffer_size) {
if (buffer_size)
retval = -ERANGE;
- else if (attr_size > SSIZE_MAX)
- retval = -EOVERFLOW;
+ else if (attr_size > XATTR_SIZE_MAX)
+ retval = -E2BIG;
else /* request to get the attr_size */
retval = attr_size;
} else {
--
2.43.0