1 ext4: remove ext4_xattr_check_entry()
3 From: Eric Biggers <ebiggers@google.com>
5 ext4_xattr_check_entry() was redundant with validation of the full xattr
6 entries list in ext4_xattr_check_entries(), which all callers also did.
7 ext4_xattr_check_entry() also didn't actually do correct validation;
8 specifically, it never checked that the value doesn't overlap the xattr
9 names, nor did it account for padding when checking whether the xattr
10 value overflows the available space. So remove it to eliminate any
13 Signed-off-by: Eric Biggers <ebiggers@google.com>
14 Reviewed-by: Jan Kara <jack@suse.cz>
15 Signed-off-by: Theodore Ts'o <tytso@mit.edu>
18 fs/ext4/xattr.c | 30 ++++++------------------------
19 1 file changed, 6 insertions(+), 24 deletions(-)
21 diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
22 index 71bf40933bbb..b4364612a66f 100644
25 @@ -249,20 +249,9 @@ __xattr_check_inode(struct inode *inode, struct ext4_xattr_ibody_header *header,
26 #define xattr_check_inode(inode, header, end) \
27 __xattr_check_inode((inode), (header), (end), __func__, __LINE__)
30 -ext4_xattr_check_entry(struct ext4_xattr_entry *entry, size_t size)
32 - size_t value_size = le32_to_cpu(entry->e_value_size);
34 - if (entry->e_value_block != 0 || value_size > size ||
35 - le16_to_cpu(entry->e_value_offs) + value_size > size)
36 - return -EFSCORRUPTED;
41 ext4_xattr_find_entry(struct ext4_xattr_entry **pentry, int name_index,
42 - const char *name, size_t size, int sorted)
43 + const char *name, int sorted)
45 struct ext4_xattr_entry *entry;
47 @@ -282,8 +271,6 @@ ext4_xattr_find_entry(struct ext4_xattr_entry **pentry, int name_index,
51 - if (!cmp && ext4_xattr_check_entry(entry, size))
52 - return -EFSCORRUPTED;
53 return cmp ? -ENODATA : 0;
56 @@ -311,7 +298,6 @@ ext4_xattr_block_get(struct inode *inode, int name_index, const char *name,
57 ea_bdebug(bh, "b_count=%d, refcount=%d",
58 atomic_read(&(bh->b_count)), le32_to_cpu(BHDR(bh)->h_refcount));
59 if (ext4_xattr_check_block(inode, bh)) {
61 EXT4_ERROR_INODE(inode, "bad block %llu",
62 EXT4_I(inode)->i_file_acl);
63 error = -EFSCORRUPTED;
64 @@ -319,9 +305,7 @@ ext4_xattr_block_get(struct inode *inode, int name_index, const char *name,
66 ext4_xattr_cache_insert(ext4_mb_cache, bh);
68 - error = ext4_xattr_find_entry(&entry, name_index, name, bh->b_size, 1);
69 - if (error == -EFSCORRUPTED)
71 + error = ext4_xattr_find_entry(&entry, name_index, name, 1);
74 size = le32_to_cpu(entry->e_value_size);
75 @@ -358,13 +342,12 @@ ext4_xattr_ibody_get(struct inode *inode, int name_index, const char *name,
77 raw_inode = ext4_raw_inode(&iloc);
78 header = IHDR(inode, raw_inode);
79 - entry = IFIRST(header);
80 end = (void *)raw_inode + EXT4_SB(inode->i_sb)->s_inode_size;
81 error = xattr_check_inode(inode, header, end);
84 - error = ext4_xattr_find_entry(&entry, name_index, name,
85 - end - (void *)entry, 0);
86 + entry = IFIRST(header);
87 + error = ext4_xattr_find_entry(&entry, name_index, name, 0);
90 size = le32_to_cpu(entry->e_value_size);
91 @@ -799,7 +782,7 @@ ext4_xattr_block_find(struct inode *inode, struct ext4_xattr_info *i,
92 bs->s.end = bs->bh->b_data + bs->bh->b_size;
93 bs->s.here = bs->s.first;
94 error = ext4_xattr_find_entry(&bs->s.here, i->name_index,
95 - i->name, bs->bh->b_size, 1);
97 if (error && error != -ENODATA)
99 bs->s.not_found = error;
100 @@ -1068,8 +1051,7 @@ int ext4_xattr_ibody_find(struct inode *inode, struct ext4_xattr_info *i,
102 /* Find the named attribute. */
103 error = ext4_xattr_find_entry(&is->s.here, i->name_index,
104 - i->name, is->s.end -
105 - (void *)is->s.base, 0);
107 if (error && error != -ENODATA)
109 is->s.not_found = error;