Message ID | 20240304-xattr_maxsize-v1-1-322357ec6bdf@codewreck.org (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | 9p: cap xattr max size to XATTR_SIZE_MAX | expand |
On Monday, March 4, 2024 1:42:43 PM CET Dominique Martinet wrote: > We probably shouldn't ever get an xattr bigger than that, and the current check > of SSIZE_MAX is a bit too large. Maybe, OTOH e.g. ACLs (dynamic size) are implemented by storing them as xattrs on 9p server as well, and this change somewhat expects server to run Linux as well. So maybe s/XATTR_SIZE_MAX/KMALLOC_MAX_SIZE/ might be more appropriate, considering that this patch is about fixing a potential kmalloc() warning? Worth to mention in the commit log BTW what the issue was. /Christian
On Mon, Mar 04, 2024 at 02:35:07PM +0100, Christian Schoenebeck wrote: > On Monday, March 4, 2024 1:42:43 PM CET Dominique Martinet wrote: > > We probably shouldn't ever get an xattr bigger than that, and the current check > > of SSIZE_MAX is a bit too large. > > Maybe, OTOH e.g. ACLs (dynamic size) are implemented by storing them as xattrs > on 9p server as well, and this change somewhat expects server to run Linux as > well. So maybe s/XATTR_SIZE_MAX/KMALLOC_MAX_SIZE/ might be more appropriate, > considering that this patch is about fixing a potential kmalloc() warning? > > Worth to mention in the commit log BTW what the issue was. > > /Christian So the error is somewhat specific to filesystem capabilities which also live in the xattr apis but Seth is working to get rid of them in there. They currently use a special api vfs_getxattr_alloc() which is an in-kernel api that does a racy query-size+allocate-buffer+retrieve-data dance. That api is used for fscaps, security labels, and other xattrs. And that api doesn't do any size checks which probably should also be fixed now that I write this. @Seth?
On Mon, Mar 04, 2024 at 03:19:58PM +0100, Christian Brauner wrote: > On Mon, Mar 04, 2024 at 02:35:07PM +0100, Christian Schoenebeck wrote: > > On Monday, March 4, 2024 1:42:43 PM CET Dominique Martinet wrote: > > > We probably shouldn't ever get an xattr bigger than that, and the current check > > > of SSIZE_MAX is a bit too large. > > > > Maybe, OTOH e.g. ACLs (dynamic size) are implemented by storing them as xattrs > > on 9p server as well, and this change somewhat expects server to run Linux as > > well. So maybe s/XATTR_SIZE_MAX/KMALLOC_MAX_SIZE/ might be more appropriate, > > considering that this patch is about fixing a potential kmalloc() warning? > > > > Worth to mention in the commit log BTW what the issue was. > > > > /Christian > > So the error is somewhat specific to filesystem capabilities which also > live in the xattr apis but Seth is working to get rid of them in there. > > They currently use a special api vfs_getxattr_alloc() which is an > in-kernel api that does a racy query-size+allocate-buffer+retrieve-data > dance. Yes, the patches I've sent does use vfs_getxattr_alloc() for fscaps anymore. > That api is used for fscaps, security labels, and other xattrs. And that > api doesn't do any size checks which probably should also be fixed now > that I write this. > > @Seth? I agree. I don't see any reason that vfs_getxattr_alloc() shouldn't just bail out with an error if the size of the xattr is >= XATTR_SIZE_MAX.
On Mon, Mar 04, 2024 at 08:35:46AM -0600, Seth Forshee wrote: > On Mon, Mar 04, 2024 at 03:19:58PM +0100, Christian Brauner wrote: > > On Mon, Mar 04, 2024 at 02:35:07PM +0100, Christian Schoenebeck wrote: > > > On Monday, March 4, 2024 1:42:43 PM CET Dominique Martinet wrote: > > > > We probably shouldn't ever get an xattr bigger than that, and the current check > > > > of SSIZE_MAX is a bit too large. > > > > > > Maybe, OTOH e.g. ACLs (dynamic size) are implemented by storing them as xattrs > > > on 9p server as well, and this change somewhat expects server to run Linux as > > > well. So maybe s/XATTR_SIZE_MAX/KMALLOC_MAX_SIZE/ might be more appropriate, > > > considering that this patch is about fixing a potential kmalloc() warning? > > > > > > Worth to mention in the commit log BTW what the issue was. > > > > > > /Christian > > > > So the error is somewhat specific to filesystem capabilities which also > > live in the xattr apis but Seth is working to get rid of them in there. > > > > They currently use a special api vfs_getxattr_alloc() which is an > > in-kernel api that does a racy query-size+allocate-buffer+retrieve-data > > dance. > > Yes, the patches I've sent does use vfs_getxattr_alloc() for fscaps > anymore. Sorry, typo above. My patches do _not_ use vfs_getxattr_alloc() for fscaps anymore. > > > That api is used for fscaps, security labels, and other xattrs. And that > > api doesn't do any size checks which probably should also be fixed now > > that I write this. > > > > @Seth? > > I agree. I don't see any reason that vfs_getxattr_alloc() shouldn't just > bail out with an error if the size of the xattr is >= XATTR_SIZE_MAX.
diff --git a/fs/9p/xattr.c b/fs/9p/xattr.c index 8604e3377ee7..97f60b73bf16 100644 --- a/fs/9p/xattr.c +++ b/fs/9p/xattr.c @@ -37,8 +37,8 @@ ssize_t v9fs_fid_xattr_get(struct p9_fid *fid, const char *name, if (attr_size > buffer_size) { if (buffer_size) retval = -ERANGE; - else if (attr_size > SSIZE_MAX) - retval = -EOVERFLOW; + else if (attr_size > XATTR_SIZE_MAX) + retval = -E2BIG; else /* request to get the attr_size */ retval = attr_size; } else {
We probably shouldn't ever get an xattr bigger than that, and the current check of SSIZE_MAX is a bit too large. Cc: Christian Brauner <brauner@kernel.org> Cc: xingwei lee <xrivendell7@gmail.com> Cc: sam sun <samsun1006219@gmail.com Signed-off-by: Dominique Martinet <asmadeus@codewreck.org> --- fs/9p/xattr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- base-commit: be3193e58ec210b2a72fb1134c2a0695088a911d change-id: 20240304-xattr_maxsize-edf98c1a8c19 Best regards,