[PATCH] 9p: Limit xattr size to XATTR_SIZE_MAX

[Leo Stone]

syzbot triggered a warning in kmalloc by trying to mount a v9fs
filesystem from a pipe, after specifying an ACL size of 9TB for the
root inode in the data written to the pipe.

An xattr larger than XATTR_SIZE_MAX is considered invalid by the VFS
layer anyway. See do_getxattr():
>        } else if (error == -ERANGE && ctx->size >= XATTR_SIZE_MAX) {
>                /* The file system tried to returned a value bigger
>                   than XATTR_SIZE_MAX bytes. Not possible. */
>                error = -E2BIG;
>        }

Reported-by: syzbot+03fb58296859d8dbab4d@xxxxxxxxxxxxxxxxxxxxxxxxx
Closes: https://syzkaller.appspot.com/bug?extid=03fb58296859d8dbab4d
Fixes: ebf46264a004 ("fs/9p: Add support user. xattr") 
Signed-off-by: Leo Stone <leocstone@xxxxxxxxx>
---
See: https://lore.kernel.org/all/675963eb.050a0220.17f54a.0038.GAE@xxxxxxxxxx/T/ 
---
 fs/9p/xattr.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/9p/xattr.c b/fs/9p/xattr.c
index 8604e3377ee7..97f60b73bf16 100644
--- a/fs/9p/xattr.c
+++ b/fs/9p/xattr.c
@@ -37,8 +37,8 @@ ssize_t v9fs_fid_xattr_get(struct p9_fid *fid, const char *name,
 	if (attr_size > buffer_size) {
 		if (buffer_size)
 			retval = -ERANGE;
-		else if (attr_size > SSIZE_MAX)
-			retval = -EOVERFLOW;
+		else if (attr_size > XATTR_SIZE_MAX)
+			retval = -E2BIG;
 		else /* request to get the attr_size */
 			retval = attr_size;
 	} else {
-- 
2.43.0