ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h

When adding an xattr to an inode, we must ensure that the inode_size is
not less than EXT4_GOOD_OLD_INODE_SIZE + extra_isize + pad. Otherwise,
the end position may be greater than the start position, resulting in UAF.

Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Link: https://lore.kernel.org/r/20220616021358.2504451-2-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

diff --git a/fs/ext4/xattr.h b/fs/ext4/xattr.h
index 77efb9a..f885f36 100644 (file)
--- a/fs/ext4/xattr.h
+++ b/fs/ext4/xattr.h
@@ -95,6 +95,19 @@ struct ext4_xattr_entry {
 
 #define EXT4_ZERO_XATTR_VALUE ((void *)-1)
 
+/*
+ * If we want to add an xattr to the inode, we should make sure that
+ * i_extra_isize is not 0 and that the inode size is not less than
+ * EXT4_GOOD_OLD_INODE_SIZE + extra_isize + pad.
+ *   EXT4_GOOD_OLD_INODE_SIZE   extra_isize header   entry   pad  data
+ * |--------------------------|------------|------|---------|---|-------|
+ */
+#define EXT4_INODE_HAS_XATTR_SPACE(inode)                              \
+       ((EXT4_I(inode)->i_extra_isize != 0) &&                         \
+        (EXT4_GOOD_OLD_INODE_SIZE + EXT4_I(inode)->i_extra_isize +     \
+         sizeof(struct ext4_xattr_ibody_header) + EXT4_XATTR_PAD <=    \
+         EXT4_INODE_SIZE((inode)->i_sb)))
+
 struct ext4_xattr_info {
        const char *name;
        const void *value;