From e8c4fbc1bb00a1710a0d68ed943e30eb1283272c Mon Sep 17 00:00:00 2001
From: Theodore Ts'o <tytso@mit.edu>
Date: Tue, 22 Mar 2016 16:13:15 -0400
Subject: ext4: check if in-inode xattr is corrupted in
 ext4_expand_extra_isize_ea()

We aren't checking to see if the in-inode extended attribute is
corrupted before we try to expand the inode's extra isize fields.

This can lead to potential crashes caused by the BUG_ON() check in
ext4_xattr_shift_entries().

Upstream commit: 9e92f48c34eb2b9af9d12f892e2fe1fce5e8ce35

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Change-Id: Idd5c5eaaaf7e244e3d310fc528840c13ce4c44a4
---
 fs/ext4/ext4.h  | 3 +++
 fs/ext4/xattr.c | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index bed75a1ad..acbf02a74 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -3041,4 +3041,7 @@ extern void ext4_resize_end(struct super_block *sb);
 
 #endif	/* __KERNEL__ */
 
+#define EFSBADCRC	EBADMSG		/* Bad CRC detected */
+#define EFSCORRUPTED	EUCLEAN		/* Filesystem is corrupted */
+
 #endif	/* _EXT4_H */
diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
index c71329f05..9c9e7b82d 100644
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -238,7 +238,7 @@ __xattr_check_inode(struct inode *inode, struct ext4_xattr_ibody_header *header,
 			 void *end, const char *function, unsigned int line)
 {
 	struct ext4_xattr_entry *entry = IFIRST(header);
-	int error = -EIO;
+	int error = -EFSCORRUPTED;
 
 	if (((void *) header >= end) ||
 	    (header->h_magic != le32_to_cpu(EXT4_XATTR_MAGIC)))
-- 
cgit v1.2.3