aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
authorKeshav Verma <iganschel@gmail.com>2026-06-22 20:44:21 +0530
committerJaegeuk Kim <jaegeuk@kernel.org>2026-06-22 19:55:27 +0000
commit5ef5bc304f23c3fe255d4936472378dcb74d0e94 (patch)
treeb3df8a93ba973ec0b8ebb188c55ed4aee23b2d14 /fs
parent34636c6dcd6f75570c553a4188b5dbe0f758159a (diff)
downloadath-5ef5bc304f23c3fe255d4936472378dcb74d0e94.tar.gz
f2fs: fix listxattr handling of corrupted xattr entries
Validate the xattr entry before reading its fields in f2fs_listxattr(). Return -EFSCORRUPTED when the entry is outside the valid xattr storage area instead of returning a successful partial result. Fixes: 688078e7f36c ("f2fs: fix to avoid memory leakage in f2fs_listxattr") Cc: stable@kernel.org Reviewed-by: Chao Yu <chao@kernel.org> Signed-off-by: Keshav Verma <iganschel@gmail.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/f2fs/xattr.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/fs/f2fs/xattr.c b/fs/f2fs/xattr.c
index 24cef7e1f56a5..ed33e5110f2ab 100644
--- a/fs/f2fs/xattr.c
+++ b/fs/f2fs/xattr.c
@@ -583,8 +583,6 @@ ssize_t f2fs_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
size_t prefix_len;
size_t size;
- prefix = f2fs_xattr_prefix(entry->e_name_index, dentry);
-
if ((void *)(entry) + sizeof(__u32) > last_base_addr ||
(void *)XATTR_NEXT_ENTRY(entry) > last_base_addr) {
f2fs_err(F2FS_I_SB(inode), "list inode (%llu) has corrupted xattr",
@@ -594,9 +592,11 @@ ssize_t f2fs_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
ERROR_CORRUPTED_XATTR);
fserror_report_file_metadata(inode,
-EFSCORRUPTED, GFP_NOFS);
- break;
+ error = -EFSCORRUPTED;
+ goto cleanup;
}
+ prefix = f2fs_xattr_prefix(entry->e_name_index, dentry);
if (!prefix)
continue;