From 0b79de3299079e4132972ab5e04136c770e38038 Mon Sep 17 00:00:00 2001
From: Hyunchul Lee <hyc.lee@gmail.com>
Date: Fri, 3 Apr 2026 10:10:39 +0900
Subject: [PATCH] ntfs: limit memory allocation in ntfs_attr_readall

check an attribute size before memory allocation, and reject if the size
is over the maximum size.

Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
---
 fs/ntfs/attrib.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/fs/ntfs/attrib.c b/fs/ntfs/attrib.c
index 78915c1d5128..e8cc74c9c9a7 100644
--- a/fs/ntfs/attrib.c
+++ b/fs/ntfs/attrib.c
@@ -29,6 +29,13 @@
 
 __le16 AT_UNNAMED[] = { cpu_to_le16('\0') };
 
+/*
+ * Maximum size allowed for reading attributes by ntfs_attr_readall().
+ * Extended attribute, reparse point are not expected to be larger than this size.
+ */
+
+#define NTFS_ATTR_READALL_MAX_SIZE	(64 * 1024)
+
 /*
  * ntfs_map_runlist_nolock - map (a part of) a runlist of an ntfs inode
  * @ni:		ntfs inode for which to map (part of) a runlist
@@ -5117,6 +5124,13 @@ void *ntfs_attr_readall(struct ntfs_inode *ni, const __le32 type,
 	}
 	bmp_ni = NTFS_I(bmp_vi);
 
+	if (bmp_ni->data_size > NTFS_ATTR_READALL_MAX_SIZE &&
+		(bmp_ni->type != AT_BITMAP ||
+		bmp_ni->data_size > ((ni->vol->nr_clusters + 7) >> 3))) {
+		ntfs_error(sb, "Invalid attribute data size");
+		goto out;
+	}
+
 	data = kvmalloc(bmp_ni->data_size, GFP_NOFS);
 	if (!data)
 		goto out;