On Wed, 2026-06-10 at 10:09 +0100, David Laight wrote: > On Tue, 09 Jun 2026 18:04:46 -0700 > Viacheslav Dubeyko <[email protected]> wrote: > > > On Mon, 2026-06-08 at 10:55 +0100, > > [email protected] wrote: > > > From: David Laight <[email protected]> > > > > > > xattr_name is kmalloc()ed at the (assumed) maximal size and then > > > the > > > prefix > > > and name concatenated together. > > > Use memcpy() for the prefix - its length is passed and strscpy() > > > for > > > the > > > name to ensure it really doesnt overflow. > > > > > > Prior to bf29e886b242c the buffers were smaller and on-stack. > > > (But I cant see the copy in the old code.) > > > I am also not sure why the buffer isnt created "just long > > > enough". > > > > What do you mean by "the buffer isn't created just long enough"? > > And > > what is your vision of correct implementation of the logic? > > The old code is: > > xattr_name = kmalloc(xattr_name_len, GFP_KERNEL); > > if (!xattr_name) > > return -ENOMEM; > > strcpy(xattr_name, prefix); > > strcpy(xattr_name + prefixlen, name); > > It would be more usual to do: > size_t name_len = strlen(name) + 1; > xattr_name = kmalloc(prefixlen + name_len); > memcpy(xattr_name, prefix, prefixlen) > memcpy(xattr_name + prefixlen, name, name_len); > So that the buffer is allocated the correct size for the strings. > > (Not that it really makes much difference whether you do kmalloc(32) > or > kmalloc(1024) for a temporary buffer - both come of a per-cpu list.)
The xattr name cannot contain more than 127 symbols [1]. So, the buffer of fixed size is allocated to keep any potential string inside of this limit no matter of size of the prefix and name. This is because we must have string that not longer that 127 symbols. If it is longer than that, then something is going wrong. Following to your logic, there is no big difference to allocate the buffer for 127 symbols or for precise length of the name. So, your suggestion doesn't make sense to me. > > What I couldn't decide, but seems to be inferred from some of fixes, > was whether a double-terminator was needed. > (That might just be the attribute value.) > One of the related functions got fixed to zero fill a buffer in a > loop > because (AFICT) something was reading beyond a '\0' terminator. The rest is dedicated to Unicode peculiarities, as far as I can see. > > This code does seem strange though. > It seems to add a text prefix here and then the called function does > string compares to find out which prefix has added and than act > differently based on the prefix. > I didn't try to follow things any further. There is no strange thing here. Different prefixes are processed by different logic. > > I also don't know if 'name' itself can be 127 wide characters (before > the > prefix is added)? > The fixed length buffer isn't long enough if all 127 characters > require > 6 bytes to encode. The whole string cannot be bigger than 127 symbols. Thanks, Slava. [1] https://elixir.bootlin.com/linux/v7.1-rc6/source/include/linux/hfs_common.h#L78
