Re: WARNING in vfs_getxattr_alloc

[Dominique Martinet]

Christian Brauner wrote on Mon, Mar 04, 2024 at 12:50:12PM +0100:
> > kernel: lastest linux 6.7.rc8 90d35da658da8cff0d4ecbb5113f5fac9d00eb72
> > kernel config: https://syzkaller.appspot.com/text?tag=KernelConfig&x=4a65fa9f077ead01
> > with KASAN enabled
> > compiler: gcc (GCC) 12.2.0
> > 
> > TITLE: WARNING in vfs_getxattr_alloc------------[ cut here ]------------
> 
> Very likely a bug in 9p. Report it on that mailing list. It seems that
> p9_client_xattrwalk() returns questionable values for attr_size:
> 748310584784038656
> That's obviously a rather problematic allocation request.

That's whatever the server requested -- in 9p we don't have the data at
allocation time (xattrwalk returns the size, then we "read" it out in a
subsequent request), so we cannot double-check that the size makes sense
based on a payload at this point.

We could obviously add a max (the current max of SSIZE_MAX is "a bit"
too generous), but I honestly have no idea what'd make sense for this
without breaking some weird usecase somewhere (given the content is
"read" we're not limited by the size of a single message; I've seen
someone return large content as synthetic xattrs so it's hard to put an
actual number for me).
If the linux VFS has a max hard-wired somewhere plase tell me and I'll
be glad to change the max.

Otherwise then as far as I'm concerned if a server returns a huge value
they'll get allocation failures and that's about as bad as it'll get; a
malicious server could probably do quite a bit of bad if they put their
mind at it (perhaps a neverending directory listing or some other
metadata trickery), I wouldn't advise anyone to mount a storage they
don't trust.

-- 
Dominique