diff mbox series

[v1] exfat: fix the infinite loop in __exfat_free_cluster()

Message ID PUZPR04MB631652FD1320924CD92D5ABF813B2@PUZPR04MB6316.apcprd04.prod.outlook.com (mailing list archive)
State New
Headers show
Series [v1] exfat: fix the infinite loop in __exfat_free_cluster() | expand

Commit Message

Yuezhang.Mo@sony.com Dec. 16, 2024, 6:49 a.m. UTC 
In __exfat_free_cluster(), the cluster chain is traversed until the
EOF cluster. If the cluster chain includes a loop due to file system
corruption, the EOF cluster cannot be traversed, resulting in an
infinite loop.

To avoid this infinite loop, this commit changes to only traverse and
free the number of clusters indicated by the file size.

Reported-by: syzbot+1de5a37cb85a2d536330@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=1de5a37cb85a2d536330
Tested-by: syzbot+1de5a37cb85a2d536330@syzkaller.appspotmail.com
Fixes: 31023864e67a ("exfat: add fat entry operations")
Signed-off-by: Yuezhang Mo <Yuezhang.Mo@sony.com>
Suggested-by: Namjae Jeon <linkinjeon@kernel.org>
---
 fs/exfat/fatent.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Namjae Jeon Dec. 18, 2024, 4:21 a.m. UTC | #1 
On Mon, Dec 16, 2024 at 3:50 PM Yuezhang.Mo@sony.com
<Yuezhang.Mo@sony.com> wrote:
>
> In __exfat_free_cluster(), the cluster chain is traversed until the
> EOF cluster. If the cluster chain includes a loop due to file system
> corruption, the EOF cluster cannot be traversed, resulting in an
> infinite loop.
>
> To avoid this infinite loop, this commit changes to only traverse and
> free the number of clusters indicated by the file size.
>
> Reported-by: syzbot+1de5a37cb85a2d536330@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=1de5a37cb85a2d536330
> Tested-by: syzbot+1de5a37cb85a2d536330@syzkaller.appspotmail.com
> Fixes: 31023864e67a ("exfat: add fat entry operations")
> Signed-off-by: Yuezhang Mo <Yuezhang.Mo@sony.com>
> Suggested-by: Namjae Jeon <linkinjeon@kernel.org>
Applied it to #dev.
Thanks!
diff mbox series

Patch

From a8c5502e729ad2c5f8bd2f30aeab787aca1eef06 Mon Sep 17 00:00:00 2001
From: Yuezhang Mo <Yuezhang.Mo@sony.com>
Date: Mon, 16 Dec 2024 13:39:42 +0800
Subject: [PATCH v1] exfat: fix the infinite loop in __exfat_free_cluster()

In __exfat_free_cluster(), the cluster chain is traversed until the
EOF cluster. If the cluster chain includes a loop due to file system
corruption, the EOF cluster cannot be traversed, resulting in an
infinite loop.

To avoid this infinite loop, this commit changes to only traverse and
free the number of clusters indicated by the file size.

Reported-by: syzbot+1de5a37cb85a2d536330@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=1de5a37cb85a2d536330
Tested-by: syzbot+1de5a37cb85a2d536330@syzkaller.appspotmail.com
Fixes: 31023864e67a ("exfat: add fat entry operations")
Signed-off-by: Yuezhang Mo <Yuezhang.Mo@sony.com>
Suggested-by: Namjae Jeon <linkinjeon@kernel.org>
---
 fs/exfat/fatent.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/exfat/fatent.c b/fs/exfat/fatent.c
index 773c320d68f3..ab29c30ebaab 100644
--- a/fs/exfat/fatent.c
+++ b/fs/exfat/fatent.c
@@ -201,6 +201,8 @@  static int __exfat_free_cluster(struct inode *inode, struct exfat_chain *p_chain
 
 			if (err || n_clu == EXFAT_EOF_CLUSTER)
 				sync = true;
+			else if (num_clusters >= p_chain->size)
+				break;
 			else
 				next_cmap_i =
 				  BITMAP_OFFSET_SECTOR_INDEX(sb, CLUSTER_TO_BITMAP_ENT(n_clu));
-- 
2.43.0